Hi
We have CrawlProtect on our site and it has blocked 36 hack attempts during July. Most of these I can see are genuine and need the IP blocking, however there is also a number of which that seem to originate from Google IP's the following few are eg:
NetRange: 66.249.64.0 - 66.249.95.255
CIDR: 66.249.64.0/19
OriginAS:
NetName: GOOGLE
NetHandle: NET-66-249-64-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
RegDate: 2004-03-05
Updated: 2012-02-24
Ref: http://whois.arin.net/rest/net/NET-66-249-64-0-1
OrgName: Google Inc.
OrgId: GOGL
Address: 1600 Amphitheatre Parkway
City: Mountain View
StateProv: CA
PostalCode: 94043
Country: US
RegDate: 2000-03-30
Updated: 2013-08-07
Ref: http://whois.arin.net/rest/org/GOGL
OrgTechHandle: ZG39-ARIN
OrgTechName: Google Inc
OrgTechPhone: +1-650-253-0000
OrgTechEmail: arin-contact@google.com
OrgTechRef: http://whois.arin.net/rest/poc/ZG39-ARIN
OrgAbuseHandle: ZG39-ARIN
OrgAbuseName: Google Inc
OrgAbusePhone: +1-650-253-0000
OrgAbuseEmail: arin-contact@google.com
OrgAbuseRef: http://whois.arin.net/rest/poc/ZG39-ARIN
This is the code used:
Xss: /index.php?_route_=http://www.aislings.co.uk/dreamgirl-int ... %5BR=301,L%
5D
AND:
NetRange: 66.249.64.0 - 66.249.95.255
CIDR: 66.249.64.0/19
OriginAS:
NetName: GOOGLE
NetHandle: NET-66-249-64-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
RegDate: 2004-03-05
Updated: 2012-02-24
Ref: http://whois.arin.net/rest/net/NET-66-249-64-0-1
OrgName: Google Inc.
OrgId: GOGL
Address: 1600 Amphitheatre Parkway
City: Mountain View
StateProv: CA
PostalCode: 94043
Country: US
RegDate: 2000-03-30
Updated: 2013-08-07
Ref: http://whois.arin.net/rest/org/GOGL
OrgTechHandle: ZG39-ARIN
OrgTechName: Google Inc
OrgTechPhone: +1-650-253-0000
OrgTechEmail: arin-contact@google.com
OrgTechRef: http://whois.arin.net/rest/poc/ZG39-ARIN
OrgAbuseHandle: ZG39-ARIN
OrgAbuseName: Google Inc
OrgAbusePhone: +1-650-253-0000
OrgAbuseEmail: arin-contact@google.com
OrgAbuseRef: http://whois.arin.net/rest/poc/ZG39-ARIN
This is the code they used:
Xss: /index.php?_route_=http://www.aislings.co.uk/dreamgirl-kit ... plus-size/
%5BR=301,L%5D
Is this a kind of hack attempt Google would try? and Why?
is it safe to block the IP's used or should I just let CP block the attempt each time?
Running OC 1.5.5.1 with vqmods.
http://www.aislings.co.uk
http://www.lovers-paradise-toys.co.uk
Coincidentally there was a news article today on The Register, which is probably related. According to the article it's malicious bots marquerading as Google.
http://www.theregister.co.uk/2014/07/25 ... every_day/
http://www.theregister.co.uk/2014/07/25 ... every_day/
Who is online
Users browsing this forum: No registered users and 26 guests
