UBB.threads PHP Forum Software Community Forums UBB.threads 7 Version 7 Support Is this a bot? Referred from ubbcentral.com

I keep getting hit by this. The IP is China but every time it says that the referrer is UBBCentral. The site displayed, fiherhome.com does not exist.

That is odd since fiherhome.com isn't even registered. Google has only 5 results for fiherhome, one of which is this page referencing a FiherHome Telecommunication Technologies Co., Ltd., Wuhan 430074, China

The "Agent" line it's appearing in leads me to believe it may be a manual entry into some browser program, but I may be wrong.

Woah, funny you just mentioned this because I just checked Who's Online on my site and fiherhome is there, too!

I've just checked my server log and it's at the top of the list with 900+ page views. That's 500 more that anything or anyone else so I've blocked it in my .htaccess file.

Woah! Thanks for the heads-up

Anyone ever figure out what this fiherhome.com business is, and why it is ALWAYS being referred from ubbcentral.com? Bizarre...!

Fiherhome.com still isn't registered - someone could probably make a lot of money from it

Someone "could" make a lot of money from it.

OTOH, someone "could" be accused of lots of malicious acts and spend a lot of money defending themselves.

You won't catch me registering it.

Is it possible that it is the real deal in China and has no English equivalent and through translation of the Chineese stick figure writing, it comes out with that name?

Its a Spam but searching message boards looking for links to other sites. Once it finds a site with open registration it may try to register and then post spam on your board once. If it gets a post it may then try to spam the crap outta your board.

I have seen this activity in other forums all over and they are usually from China. The funny thing is that they usually use a proxy of some sort.

It most likely found this site by way of the UBB.Threads link at the bottom of someone's board in the "Powered by" copyright.

Good enough for me - I'm blocking it

I'd block the entire range associated with it.

You know, whereas blocking the range in a lot of cases will hit sites hosted on the same server; it won't ALWAYS do that... You could actually block legit users (assuming that the block is actually used by other users and not just a server farm).

For example, I own IP's .15x, but I don't own anything other than that, they're owned by other users in my datacenter; now if i where to just block the whole class C, that'd hit a load of users who wouldn't be ones even associated with the org...

I've only ever seen that fiherhome bot use that exact same IP seen in the initial post...

China Telecom, Beijing Province.. Good luck any further than that.

http://samspade.org/whois/219.142.50.253