Mobile app version of vmapp.org
Login or Join
Mendez628

: What is savetheworldheritage.org? I hope I am not that wrong at webmasters. Recently I'm seeing something like this in my logs: 146.0.32.XXX - - [07/Jun/2015:18:38:32 +0200] "GET / HTTP/1.1"

@Mendez628

Posted in: #ApacheLogFiles

I hope I am not that wrong at webmasters.

Recently I'm seeing something like this in my logs:


146.0.32.XXX - - [07/Jun/2015:18:38:32 +0200] "GET / HTTP/1.1" 200 8330 "-" "Mozilla/5.0 (compatible; savetheworldheritage.org/1.1; +crawl@savetheworldheritage.org)"


I think it's a crawler but what is it crawling for? I mean I can't find anything on the internet about it and it's clearly not a search engine.

It wouldn't bother me but it's completely ignoring nofollow links which is annoying.

So what is it? Hope you can help!

10.02% popularity Vote Up Vote Down


Login to follow query

More posts by @Mendez628

2 Comments

Sorted by latest first Latest Oldest Best

 

@LarsenBagley505

The most important thing that identifies the source of the request is the IP address. The savetheworldheritage.org part is a user-agent string that anyone can manipulate if they have the correct tools. In fact, on www.webpagetest.org/, one can change the user agent in the "chrome" tab.

Just make sure you check the IP address by searching for it on whois.com and if it seems like a source you don't trust then block the IP for a definite period of time then unblock. I say definite because an IP address could be temporary hijacked. For example, an innocent computer could suddenly catch a nasty virus which causes it to send spam. and if that IP address is blocked forever, and that computer with a virus has been cleaned, then the poor innocent user won't have access to your site because of the permanent block you made.

10% popularity Vote Up Vote Down


 

@Ann8826881

This site is hosted on GoDaddy and is parked for the moment.

The IP address for savetheworldheritage.org is 50.63.202.37. There is no specific information about this host that can be relied upon at this point.

I have these similar IP address in my database:

AS Number AS47147 - VisNetwork Media SRL
146.0.32.13
146.0.32.144


Of these, I have several domain names as well as these IP address which have indications of spam:

146.0.32.144
RBL: bl.csma.biz
Visit bl.csma.biz/ for more information.

b02.a01.ca
RBL: - clear

epow0.org
RBL: rhsbl.ahbl.org
Visit www.ahbl.org/documents/rhsbl for more information.

tor.epow0.org
RBL: rhsbl.ahbl.org
Visit www.ahbl.org/documents/rhsbl for more information.

146.0.32.13
RBL: bl.csma.biz
Visit bl.csma.biz/ for more information.

tecnobilisim.com
RBL: rhsbl.ahbl.org
Visit www.ahbl.org/documents/rhsbl for more information.

ca012.calcit.fastwebserver.de
RBL: rhsbl.ahbl.org
Visit www.ahbl.org/documents/rhsbl for more information.


I am not sure if these IP addresses apply to your situation, however, I thought I would at least report on them anyway.

Here is the IP address block info:

IP Address Range:

146.0.32.0 - 146.0.63.255


NetMask:

Block: 146.0.32.0/19
Base Address: 146.0.32.0
Broadcast Address: 146.0.63.255
Net Mask: 255.255.224.0
Host Mask: 0.0.31.255
Bits: 19
Size: 8192
2nd Element: 146.0.32.2
Block by IP Address Block


Apache .htaccess File

RewriteCond %{REMOTE_ADDR} ^146.0.(0*[3-6]+[2-3]+).([0-2]+[0-5]+[0-5]+)$ [NC]
RewriteRule .* - [F,L]


Cisco Firewall

access-list deny-146-0-32-0-19 deny ip 146.0.32.0 0.0.31.255 any
permit ip any any


Nginx

Edit nginx.conf and insert include blockips.conf; if it does not exist. Edit blockips.conf and add the following:

deny 146.0.32.0/19;


How to block by IP address block using Linux IPTables Firewall.
**Note: Use with caution.

/sbin/iptables -A INPUT -s 146.0.32.0/19 -j DROP


Microsoft IIS Web Server

<rule name="abort ip address block 146.0.32.0/19" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{REMOTE_ADDR}" pattern="^146.0.63..*$" />
</conditions>
<action type="AbortRequest" />
</rule>


Windows netsh ADVFirewall Firewall

netsh advfirewall firewall add rule name="block-ip-block-146-0-32-0-19" dir=in interface=any action=block remoteip=146.0.32.0/19


Or you can use the following code as an example to block the specific IP address:

Apache .htaccess File

RewriteCond %{REMOTE_ADDR} ^146.0.32.1$ [NC]
RewriteRule .* - [F,L]


Cisco Firewall

access-list deny-146-0-32-1-32 deny ip 146.0.32.1 any
permit ip any any


Nginx

Edit nginx.conf and insert include blockips.conf; if it does not exist. Edit blockips.conf and add the following:

deny 146.0.32.1;


Microsoft IIS Web Server

<rule name="abort ip address 146.0.32.1/32" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{REMOTE_ADDR}" pattern="^146.0.32.1$" />
</conditions>
<action type="AbortRequest" />
</rule>


Windows netsh ADVFirewall Firewall

netsh advfirewall firewall add rule name="block-ip-146-0-32-1-32" dir=in interface=any action=block remoteip=146.0.32.1/32


You will need to change the IP address where you see it.

It is not clear if these are tied together. It is not uncommon that a website exists on one host and a bot used on another. I would at least block the specific IP address or the entire block. This is not a subscriber block so you will not be blocking any users.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme