How to block Spam Bot (Spider) from PSI (Performance Systems International)
(5 votes, average: 4 out of 5)
Loading ...Who is Performance Systems International?
OrgName: Performance Systems International Inc.
OrgID: PSI
Address: 1015 31st St NW
City: Washington
StateProv: DC
PostalCode: 20007
Country: USNetRange: 38.0.0.0 - 38.255.255.255
CIDR: 38.0.0.0/8
NetName: PSINETA
NetHandle: NET-38-0-0-0-1
Parent:
NetType: Direct Allocation
NameServer: NS.PSI.NET
NameServer: NS2.PSI.NET
Comment: Reassignment information for this block can be found at
Comment: rwhois.cogentco.com 4321
RegDate: 1991-04-16Updated: 2005-10-05
According to a post (Panscient Data Services - Stealing Your Data?) on http://randominternet.blogspot.com, Performance Systems International Inc is stealing everybody’s data. It’s notorious ShopWiki spider is probably crawling your e-commerce web site 10,000 times everyday. Read this article for more information:
http://randominternet.blogspot.com/2006_12_01_archive.html
Many people believe a bad guy, who wrote a few notorious bots while serving his jail time, is now doing whatever it takes to steal your data, and jam your web sites. Consult your web master or ISP on how to block Performance Systems International’s spiders:
voyagerShopWiki
Snapbot
Or you can do it by yourself by putting this into your root .htaccess file (if the bot is from IP address 38.99.203.110).
deny from 38.99.203.110
deny from 38.98.120.71
If you are using WordPress, you may want to install bad-behavior or Akismet plugin.
Popularity: 17%
Shumey said,
September 19, 2007 @ 12:29 am
The same one also left me wondering for a long time until I made further research. With the following IPs
38.98.120.83
38.100.41.112
This started to happen after I tried to contract some one supposedly from India to work on my site who mentioned an affiliate company in the US. Interestingly enough the person who signed on to my site also belonged to the same strings of IPs which is 38.98.120..83. I fired the group and kicked them out from from my site. After further investigation to my files, I found out a suspicious program called CERBERUS installed on my site. I confronted the person who pretentiously claimed to be working on my site. He dodged the questions.
Does any one have any advice for me where to check for site integrity and security vulnerability and how to take care of it?
Thank you for the info.
JP said,
January 3, 2008 @ 6:01 am
These strings of IP, 38.0.0.0 - 38.255.255.255, as detailed in the first post above, belongs to Performance Systems International. As I got plenty of of these IP, I dug a bit, and found their web-site: http://www.psi-cu-software.com/ A web solution company, based in USA. So I would guess that there’s nothing particularly wrong with them. But being a web company, they are used as proxy by many, absolutely normal. Using a proxy to access the web can be convenient for many reasons, but I guess that it also allows you to “hide” a bit, which is an advantage if your activities are not okay.
I suppose also that the IP address used for the proxy will change everytime the client access the web. So blocking one or a string of IP addresses from this PSI will not help a lot, and may block communication between you and other perfectly respectable contacts.
Cindy said,
January 4, 2008 @ 9:38 pm
Found this on the link http://www.psi-cu-software.com:
Please Note: We are not an Internet Service Provider (ISP). We are not affiliated with the ISP Cogent Communications, formerly known as “Performance Systems International”. If you would like to contact the ISP formerly known as “Performance Systems International”, please visit their WHOIS entry.
On the whois search - looks like it’s this company:
http://www.cogentco.com/htdocs/index.php
Noel said,
January 30, 2008 @ 5:05 pm
Symantec Endpoint block all efforts by these bots to access the net rendering them useless.So invest in it
zack said,
March 3, 2008 @ 12:49 pm
hi
today there was a visit by the IP 38.98.19.67. i found the following details from whois
IP Whois Results:
Connecting to whois.arin.net…
OrgName: Performance Systems International Inc.
OrgID: PSI
Address: 1015 31st St NW
City: Washington
StateProv: DC
PostalCode: 20007
Country: US
NetRange: 38.0.0.0 - 38.255.255.255
CIDR: 38.0.0.0/8
NetName: PSINETA
NetHandle: NET-38-0-0-0-1
Parent:
NetType: Direct Allocation
NameServer: NS.PSI.NET
NameServer: NS2.PSI.NET
Comment: Reassignment information for this block can be found at
Comment: rwhois.cogentco.com 4321
RegDate: 1991-04-16
Updated: 2005-10-05
RTechHandle: PSI-NISC-ARIN
RTechName: IP Allocation
RTechPhone: 1-877-875-4311
RTechEmail: ipalloc@cogentco.com
OrgAbuseHandle: COGEN-ARIN
OrgAbuseName: Cogent Abuse
OrgAbusePhone: 1-877-875-4311
OrgAbuseEmail: abuse@cogentco.com
OrgNOCHandle: ZC108-ARIN
OrgNOCName: Cogent Communications
OrgNOCPhone: 1-877-875-4311
OrgNOCEmail: noc@cogentco.com
OrgTechHandle: IPALL-ARIN
OrgTechName: IP Allocation
OrgTechPhone: 1-877-875-4311
OrgTechEmail: ipalloc@cogentco.com
# ARIN WHOIS database, last updated 2008-03-02 19:10
# Enter ? for additional hints on searching ARIN’s WHOIS database.
some one let us know what is the purpose of their visit to our sites, are they trying to steal something, put some spyware in our webserver etc..
denis long said,
March 22, 2008 @ 7:25 pm
sirs
i play poker at pokerstars for over a year now.
two weeks ago, i started to have big problems,
getting to the tables to play.
the program would hang.
while doing a network status report,
i discovered one of the hops was losing
30% of the packages.
the hop’s address–38.99.220.153 i.e PSI
are they trying to stop gambling?
denis
1-gb.net said,
March 24, 2008 @ 12:16 pm
I’m thinking of blocking the whole IP range from my servers.. it seems they also ‘host’ cuill a ’stealth’ search group.. not sure what’s up with these PSI folks, but there a a LOT of bad log entries from their IP’s and well its better to be safer then sorry..
anyone else?
spat said,
March 25, 2008 @ 5:36 pm
Hi,folks!
I recently installed PeerGuardian2 and was noticing a few IP no’s in that range being blocked. PeerGuardian informs me they are being initiated by StarDock which is a desktop customizing tool. My weather tool was not updating with them blocked but works fine when unblocked. Not sure what to do now. I mean I have seen many negative or concerned comments from the formentioned IP range but no one in the StarDock community has mentioned any complaints that I know of.
Sietse Logger said,
April 5, 2008 @ 5:28 am
I have blocked the entire IP range yesterday, and suddenly my Snap plugin shows the message “IP banned” when I browse over links to entries I posted today. Does anyone else who posted here before me have a Snap plugin?
Helen Davies said,
April 10, 2008 @ 1:04 pm
This has got me worried folks! I am affraid to go out at night! Who are these PSI people and I feel like they are watching me from accross the street! I want to know how to protect myself?
Sietse Logger said,
April 11, 2008 @ 6:44 am
I have contacted snap.com over this, and they confirmed to me that the 38.98.x.y. range is their “Cogent pipe”, which they use for “crawling, and some serving”. Since I don’t mind the snap plugin working properly, I feel no need to maintain the block for my own pages. Snap is a site preview plugin that requires screenshots to be made for each page they crawl. So, that’s mostly what they are doing. I have even noticed they go back to old pages, to take new snapshots.
Jeff said,
April 22, 2008 @ 1:34 pm
Yep, I to use it and just noticed these log entries since I re-enabled the snap plugin. I was also concerned, but thanks to this post, mystery solved!
Thanks Sietse Logger!
D.F. Duck said,
May 1, 2008 @ 4:46 pm
Do a google on “Performance Systems International” and you will learn they have a long history of web site abuse and mass content theft. Notice in your httpd logs that most of the search spiders in this Class A IP range don’t honor robots.txt, even ones that do indentify themselves like Gigablast. I deny the entire IP range from all my web sites and could care less about the few “good” search spiders that get blocked in the process. The benefits of not having my sites raped an pillaged far outweighs the benefits of allowing them.
Deny from 38.0.0.0/8
Pat said,
June 3, 2008 @ 6:13 pm
I sent a note to someone who has Aol. It came back read by Performance Systems International, Washington DC what does that mean?
Thanks
Heather said,
June 13, 2008 @ 2:56 pm
I’ve been trying to sort out a mess with e-newletter company Constant Contact. They are based in Waltham, MA, but lately I’ve received several emails from someone claiming to work there but the IP address of the emails is in Washington, DC not Waltham, MA. Yep, the imposter IP is registered to Performance Systems International. The emails asked me to call an 800 number that is not affiliated with Constant Constant. Of course, I did NOT call. I reported all of this to CC and they are looking into it.