2016-04-12: Difference between revisions

From Public wiki of Kevin P. Inscoe
Jump to navigation Jump to search
(Created page with "I have been using Web of Trust also known as "WoT" (https://www.mywot.com/) as a plugin for first Firefox and then 8 years ago when I switch to Chrome. Recently I noticed some...")
 
No edit summary
Line 2: Line 2:


<pre>
<pre>
dig +noall +answer -x 52.71.155.178
$ dig +noall +answer -x 52.71.155.178
178.155.71.52.in-addr.arpa. 300 IN      PTR    nat-service.aws.kontera.com.
178.155.71.52.in-addr.arpa. 300 IN      PTR    nat-service.aws.kontera.com.
</pre>
</pre>

Revision as of 21:23, 12 April 2016

I have been using Web of Trust also known as "WoT" (https://www.mywot.com/) as a plugin for first Firefox and then 8 years ago when I switch to Chrome. Recently I noticed something I have been able to correlate back to WoT. I began noticing login failures to certain private web sites I administer that are sufficiently off the radar or in other words not indexed by means of robots.txt file. This particular IP kept showing up in the web server logs shortly after I visited the sites which require authentication to access. The IP which I recognized as an Amazon Web Services owned IP block is 52.71.155.178. In short it looks like an Elastic IP or an external IP for an AWS instance. If you reverse DNS lookup the IP address it belongs to Kontera ad crawler service. In June 2014 Kontera was acquired by Amobee.

$ dig +noall +answer -x 52.71.155.178
178.155.71.52.in-addr.arpa. 300 IN      PTR     nat-service.aws.kontera.com.

What is interesting is for a while I could not figure where these requests were coming from. They clearly ignore indexing rules and my robots.txt settings. I was concerned was I compromise in some way? Was it just my desktop? Thorough the process of elimination I noticed they stopped completely after I disabled the WoT plugin in ALL my computers. My Macbook, desktop and laptops. Even my wife's computer. Only after I did all of that did the requests completely disappear. This just started in March 2016.

So beware if you use WoT it is feeding Kontera in some way.