It was about time for another Petcord release and really high time for the first release not by Giorgos or me (Petcord goes public, widening its scope – giving in to peer pressure ;-)). Steven Deacid from Cologne performs as Night Drone his Drifts 1-4 series. Apart from doing the cover artwork, I also contributed a reconstruction of Drift 2, which does not exactly sound like the rest of the tunes and is therefore easy to spot ;-).

Perhaps a few words about what can be expected:

Drifts 1-4 marks the beginning of a series of pieces that focus on deep saturated timbres and sustained tones blending into another. Sparsely arranged and yet successfully managing to escape monotony by constantly changing sound characteristics, an approach well known from Minimalist music. Drifts 1-4 prioritises the creation of a cinematic vision, a constant stream of floating association freely defined by the listener.

And more specifically:

[Drifts 1-4] takes analogue synth sounds characteristic of 90ies IDM electronica, but uses it within a Dark Ambient inspired context without any percussive elements. Because of this crossover, floating tones see constant modulation, addition and subtraction of overtones, as well as more distinct thematic progression. Due to sparse arrangements, Night Drone is capable of reaching clarity in blending tones and approaches sci-fi soundtrack quality, where others get lost in mushy reverberation and awkward sound clusters

source: Petcord liner notes

The release has a bit of a longer history, too: Originally planned for October, we had the idea of adding “demix” versions. One by me and another by Giorgos. Giorgos’ however was not able to complete the tune in time, so it was omitted. As a result of some discussions, the project name and the entire scope of the music changed and so did the cover artwork. But nothing that prevented the release from finally happening ;-)

An exceptionally dumb spambot from China visited my blog and tried to run several Wordpress vulnerabilities that might have worked once with ancient versions. Let me split its traces into several parts:

1. Checking for a no longer existing article and not quite understanding the difference between mod-rewrite fake directories and actual directories. Maybe this script was optimised for blogs who run Wordpress in its stock query string mode (which is brief but not really the most you can get from your blog search engine wise):

58.241.255.38 – - [13/Nov/2008:21:28:15 +0100] “HEAD /using-bbclone-with-wordpress-232-the-almost-easy-way/wp-admin/index.php HTTP/1.1″ 404 – “-” “Mozilla/4.0 (k1b compatible; rss 6.0; Windows Sot 5.1 Security Kol)”
58.241.255.38 – - [13/Nov/2008:21:28:16 +0100] “GET /using-bbclone-with-wordpress-232-the-almost-easy-way/ HTTP/1.1″ 404 6045 “-” “Mozilla/4.0 (k1b compatible; rss 6.0; Windows Sot 5.1 Security Kol)”

I’m seeing this quite often and usually this is all that will happen. But not at this time…

2. Trying to mess around in the admin section and not figuring out that I restricted access to my own ip address ranges. Obviously the script has no handler for 403 responses and thus keeps on trying something which isn’t going to work…

58.241.255.38 – - [13/Nov/2008:21:28:18 +0100] “HEAD /wp-login.php?action=logout HTTP/1.1″ 302 – “-” “Mozilla/4.0 (k1b compatible; rss 6.0; Windows Sot 5.1 Security Kol)”
58.241.255.38 – - [13/Nov/2008:21:28:19 +0100] “HEAD /wp-admin/theme-editor.php HTTP/1.1″ 403 – “-” “Mozilla/4.0 (k1b compatible; rss 6.0; Windows Sot 5.1 Security Kol)”
58.241.255.38 – - [13/Nov/2008:21:28:20 +0100] “HEAD /wp-login.php?action=logout HTTP/1.1″ 302 – “-” “Mozilla/4.0 (k1b compatible; rss 6.0; Windows Sot 5.1 Security Kol)”
58.241.255.38 – - [13/Nov/2008:21:28:21 +0100] “HEAD /wp-admin/theme-editor.php HTTP/1.1″ 403 – “-” “Mozilla/4.0 (k1b compatible; rss 6.0; Windows Sot 5.1 Security Kol)”
58.241.255.38 – - [13/Nov/2008:21:28:22 +0100] “HEAD /wp-login.php?action=logout HTTP/1.1″ 302 – “-” “Mozilla/4.0 (k1b compatible; rss 6.0; Windows Sot 5.1 Security Kol)”
58.241.255.38 – - [13/Nov/2008:21:28:23 +0100] “HEAD /wp-admin/theme-editor.php HTTP/1.1″ 403 – “-” “Mozilla/4.0 (k1b compatible; rss 6.0; Windows Sot 5.1 Security Kol)”
58.241.255.38 – - [13/Nov/2008:21:28:24 +0100] “HEAD /wp-login.php?action=logout HTTP/1.1″ 302 – “-” “Mozilla/4.0 (k1b compatible; rss 6.0; Windows Sot 5.1 Security Kol)”
58.241.255.38 – - [13/Nov/2008:21:28:25 +0100] “HEAD /wp-admin/theme-editor.php HTTP/1.1″ 403 – “-” “Mozilla/4.0 (k1b compatible; rss 6.0; Windows Sot 5.1 Security Kol)”

This silliness went on for a minute like this, apparently trying to exploit a long fixed vulnerability in Wordpress’ admin section.

3. It follows another try at exploiting an old security hole in the admin section (still not getting that access if forbidden….) before the script finally resorts to plugging trackback spam, which isn’t working either :-). Most people have turned off this feature in the interim, because spammers rendered this feature entirely useless and there are alternative means to learn about one’s backlinks.

58.241.255.38 – - [13/Nov/2008:21:29:11 +0100] “POST /wp-admin/admin-ajax.php HTTP/1.1″ 403 225 “-” “Mozilla/4.0 (k1b compatible; rss 6.0; Windows Sot 5.1 Security Kol)”
58.241.255.38 – - [13/Nov/2008:21:29:12 +0100] “GET /xmlrpc.php HTTP/1.1″ 200 42 “-” “Mozilla/4.0 (k1b compatible; rss 6.0; Windows Sot 5.1 Security Kol)”
58.241.255.38 – - [13/Nov/2008:21:29:13 +0100] “POST /xmlrpc.php HTTP/1.1″ 200 774 “-” “Mozilla/4.0 (k1b compatible; rss 6.0; Windows Sot 5.1 Security Kol)”
58.241.255.38 – - [13/Nov/2008:21:29:14 +0100] “POST /wp-trackback.php?tb_id=1 HTTP/1.1″ 200 135 “-” “Mozilla/4.0 (k1b compatible; rss 6.0; Windows Sot 5.1 Security Kol)”

4. Attempts at an SQL injection

58.241.255.38 – - [13/Nov/2008:21:29:16 +0100] “GET /index.php?cat=%2527+UNION+SELECT+CONCAT(666,CHAR(58),user_pass,CHAR(58),666,CHAR(58))+FROM+
wp_users+where+id=1/* HTTP/1.1″ 301 – “-” “Mozilla/4.0 (k1b compatible; rss 6.0; Windows Sot 5.1 Security Kol)”
58.241.255.38 – - [13/Nov/2008:21:29:17 +0100] “GET /index.php?cat=999+UNION+SELECT+null,CONCAT(666,CHAR(58),user_pass,CHAR(58),666,CHAR(58)),null,null,null+
FROM+wp_users+where+id=1/* HTTP/1.1″ 301 – “-” “Mozilla/4.0 (k1b compatible; rss 6.0; Windows Sot 5.1 Security Kol)”

This has already been fixed for a while and is designed to compromise the admin account (user id=1). Spammers use this for adding or modifying content on a compromised site which then will be spamvertised via blogspam or, if the site attracts enough traffic, for running exploits via inserted iframes.

5. Looking for non-existing trackbacks

58.241.255.38 – - [13/Nov/2008:21:29:18 +0100] “GET /wp-trackback.php?p=1 HTTP/1.1″ 200 135 “-” “Mozilla/4.0 (k1b compatible; rss 6.0; Windows Sot 5.1 Security Kol)”
58.241.255.38 – - [13/Nov/2008:21:29:19 +0100] “GET /wp-trackback.php?p=2 HTTP/1.1″ 200 135 “-” “Mozilla/4.0 (k1b compatible; rss 6.0; Windows Sot 5.1 Security Kol)”
58.241.255.38 – - [13/Nov/2008:21:29:20 +0100] “GET /wp-trackback.php?p=3 HTTP/1.1″ 200 135 “-” “Mozilla/4.0 (k1b compatible; rss 6.0; Windows Sot 5.1 Security Kol)”
58.241.255.38 – - [13/Nov/2008:21:29:21 +0100] “GET /wp-trackback.php?p=4 HTTP/1.1″ 200 135 “-” “Mozilla/4.0 (k1b compatible; rss 6.0; Windows Sot 5.1 Security Kol)”
58.241.255.38 – - [13/Nov/2008:21:29:23 +0100] “GET /wp-trackback.php?p=5 HTTP/1.1″ 200 135 “-” “Mozilla/4.0 (k1b compatible; rss 6.0; Windows Sot 5.1 Security Kol)”

This went on till “p” reached the value 25 and was entirely useless because even if trackbacks were enabled, the request was malformed (lacking an id).

6. Repeating trackback spam attempts that didn’t work out before…

58.241.255.38 – - [13/Nov/2008:21:29:48 +0100] “GET /xmlrpc.php HTTP/1.1″ 200 42 “-” “Mozilla/4.0 (k1b compatible; rss 6.0; Windows Sot 5.1 Security Kol)”
58.241.255.38 – - [13/Nov/2008:21:29:50 +0100] “POST /xmlrpc.php HTTP/1.1″ 200 473 “-” “Mozilla/4.0 (k1b compatible; rss 6.0; Windows Sot 5.1 Security Kol)”

The host 58.241.255.38 is located in China and looks like a compromised machine nobody bothers to fix:
http://www.google.com/search?q=58.241.255.38

route:        58.240.0.0/15
origin:       AS4837
descr:        CHINA169-BACKBONE CNCGROUP China169 Backbone
lastupd-frst: 2008-05-19 12:06Z  202.249.2.169@rrc06
lastupd-last: 2008-11-13 13:38Z  193.232.244.111@rrc13
seen-at:      rrc00,rrc01,rrc03,rrc04,rrc05,rrc06,rrc07,rrc10,rrc11,rrc12,rrc13,
              rrc14,rrc15,rrc16
num-rispeers: 113
source:       RISWHOIS

The script itself, as indicated by its user agent and modus operandi, has been seen for a while at different occasions:
http://www.google.com/search?q=k1b+compatible%3B+rss+6.0%3B+Windows+Sot+5.1+Security+Kol

Blocking the user agent via SetEnvIf/Rewrite rules should already take care of the problem. Additionally firewalling or denying access for this unmaintained machine may be a good idea, too.

I’m lagging behind with my photo posts, so here comes the photographic retrospect for the second quarter of the year:

Bogdan Dullsky, a Russian artist born in a remote part of Siberia near Lake Baikal and currently living in Moldova, is better known under his moniker Quest.Room.Project. His mixture of improvised abrasiveness and conscious construction has garnered some attention. Especially his releases on Entity and Test Tube were met with critical acclaim for their originality. On Freedom Reflex (One), the principal mixture still persists, however with a more transparent and distinct structure. Or, as Bogdan himself told me in his own words a couple of days ago:

The rhythmic structure is in everything, but in the course of “ascension”…
In the presence of close examination… This structure becomes thin,
aspiring to universal Anahata Nadam… Sounding of one pure tone (note)
means the whole composition at studying… A vertical and a horizontal of
sound space… A ratio of harmonics 1:2:3:4:5 etc… All it, at tone fall,
will look as rhythmic structure similar habitual…

Freedom Reflex (one) will soon be released on CD-R on setola di maiale and I really recommend looking into this release, because it seems to me a highlight in Bogdan’s oeuvre.

Allow me to start with a question: What is the purpose of a legitimate robot? One would think it is fetching content at a reasonable pace whilst respecting the host’s restrictions in robots.txt. When a bot bothers to fetch robots.txt prior to its crawling, does that signify it will also process its rules? Not necessarily it seems. When Dotbot visited me two days ago, it did not seem to be interested in my content, but in collecting redirect messages without following them:

208.115.111.245 – - [28/Sep/2008:08:53:50 +0200] “GET /robots.txt HTTP/1.1″ 200 77 “-” “Mozilla/5.0 (compatible; DotBot/1.1; http://www.dotnetdotcom.org/, crawler@dotnetdotcom.org)”
208.115.111.245 – - [28/Sep/2008:08:58:00 +0200] “GET /category/life HTTP/1.1″ 301 – “-” “Mozilla/5.0 (compatible; DotBot/1.1; http://www.dotnetdotcom.org/, crawler@dotnetdotcom.org)”
208.115.111.245 – - [28/Sep/2008:08:58:04 +0200] “GET /category/music HTTP/1.1″ 301 – “-” “Mozilla/5.0 (compatible; DotBot/1.1; http://www.dotnetdotcom.org/, crawler@dotnetdotcom.org)”
208.115.111.245 – - [28/Sep/2008:08:58:08 +0200] “GET /category/photo HTTP/1.1″ 301 – “-” “Mozilla/5.0 (compatible; DotBot/1.1; http://www.dotnetdotcom.org/, crawler@dotnetdotcom.org)”
208.115.111.245 – - [28/Sep/2008:08:58:13 +0200] “GET /category/spam HTTP/1.1″ 301 – “-” “Mozilla/5.0 (compatible; DotBot/1.1; http://www.dotnetdotcom.org/, crawler@dotnetdotcom.org)”
208.115.111.245 – - [28/Sep/2008:08:58:18 +0200] “GET /category/web HTTP/1.1″ 301 – “-” “Mozilla/5.0 (compatible; DotBot/1.1; http://www.dotnetdotcom.org/, crawler@dotnetdotcom.org)”

This is just a small but representative sample: For reasons unknown to me the Dotbot omits the terminal slash of the URI which results in a 301 redirect (because there is no file of that name). Now if only the spider followed it, so that it could fetch something meaningful. To cut a long story short, except for robots.txt, there was not a single article this bot took home, because the robot obviously does not know how to handle redirects. Quite a silly waste of resources in my opinion, but then again, what do I know about the bot’s purpose?

On the DotNetDotCom website, the crawler’s presumable home, we can find the following statement:

Hi! Thanks for letting us crawl you!

We are just a few Seattle based guys trying to figure out how to make internet data as open as possible. You should be able to find everything you are looking for below. If not feel free to contact us. Happy Surfing!

The “we are just …” statement does not raise much confidence in me. This impression is amplified by the next paragraph, which contains an instruction about how to get rid of the bot:

1. First and foremost, curse our name. Trust us, it will feel good. Now breath gently…
2. Create a simple text file named robots.txt and place it in your server’s root directory. (http://www.yoursite.com/ «– Right There!)
3. Add the following code to your robots.txt file:
User-agent: dotbot
Disallow: /
4. Reflect on how easy that was.

To me this does not sound like a responsible operation, because it suggests that rather than fixing their bot, they urge “flamers” to opt-out from their crawling. Regulars will know I am one of these flamers ;-) and of course this is not the only reason for my scepticism:

208.115.111.245 – - [28/Sep/2008:11:13:52 +0200] “GET /robots.txt HTTP/1.1″ 200 77 “-” “Mozilla/5.0 (compatible; DotBot/1.1; http://www.dotnetdotcom.org/, crawler@dotnetdotcom.org)”
208.115.111.245 – - [28/Sep/2008:11:19:32 +0200] “GET /impressum HTTP/1.1″ 301 241 “-” “Mozilla/5.0 (compatible; DotBot/1.1; http://www.dotnetdotcom.org/, crawler@dotnetdotcom.org)”

Impressum is explicitly excluded from crawling in robots.txt because it contains sensitive information about me that I am required to put up by German law. Yet, despite reading robots.txt DotBot chose to jump right onto it. Fortunately again failing to add a trailing slash to its request and handle the resulting 301 redirect properly. This is usually a KO criterion for a bot and since experience has proven time and again that bad bots have a tendency of morphing I prefer to firewall them right away.

Whois opines the following about their address space:

OrgName:    dotnetdotcom.org
OrgID:      DOTNE
Address:    93 S. Jackson Street #10070
City:       Seattle
StateProv:  WA
PostalCode: 98104-2818
Country:    US

NetRange:   208.115.111.240 - 208.115.111.255
CIDR:       208.115.111.240/28
OriginAS:   AS23033
NetName:    208-115-111-240-SLASH28
NetHandle:  NET-208-115-111-240-1
Parent:     NET-208-115-96-0-1
NetType:    Reassigned
Comment:
RegDate:    2008-07-21
Updated:    2008-07-21

I am not suggesting the DotNetDotCom owners are blackhats. But I have better things to do in my life then to debug other people’s bot operation. If DotBot even fails at elementary things like following robots.txt and redirects then I do not see to allow it to visit my sites. Blocking 208.115.111.240/28 should take care of the problem.

Here comes a new release by me on Petcord called Frontal Grid. Well, I wrote every now and then about my progress and how the finished release is supposed to sound like. For a change, I quite met my criteria and improved dynamics and the degree of abstraction. As a side effect, the music is more consistent concerning how it treats themes and spins their development further. But I unlike my previous plans, Frontal Grid again comprises of four movements which are more related to each other than those of Decay.

What will follow after Frontal Grid? More work, of course :-). There are some ideas I like to investigate more thoroughly, like ways of incorporating “natural instruments” into the computer generated mess I produce. I guess, this can only work like treating the source like any other. Not playing some voices by score, but instead reconstruct passages from unrelated snippets. Perhaps deliberately creating anomalies that could not be reproduced with a live player. The first movement of Frontal Grid is such an example, where I recycled several piano snippets.

We shall see…

The Petcord Netlabel team felt that there is a need for a platform that introduces the work and research of experimental netlabel artists to an audience that is not necessarily familiar with the netlabel scene. Perhaps even thinking that this kind of music can only be purchased in shops or illegally downloaded at shady locations of the Internet. So here it comes, Ladies and Gentlemen, boys and girls, hippies and squares:

The Leftob Audio Cast with a 160kbit/s stream and room for 150 visitors.

In IDM and rhythm orientated music the Petcord team is not really interested and therefore specialises on beatless ambient sounds that reach out to electroacoustic, dark ambient and even noisy sound territories. But there is even more: The playlist not only shows the last 20 tunes, but also generates links to the original release page and – if available – to the artist him-/herself. This way, any interested listener just needs to go to the Leftob page to find the original release page for downloading. So, as a summary, this is a project both musicians and labels can benefit from, which is principally a good thing [tm].

Five weeks ago I changed my email address for MySpace and that should usually do to stop receiving emails on the previous address. To make matters more complicated, my preference is to receive notifications but not MySpace’s newsletter and one would think that should prevent the reception of promo blasts. Well, not quite, it seems ;-).

I was more than astonished not only to receive a newsletter I did not ask for today, but also one that was sent my old email address. Oddly enough, I did not receive another copy at my currently used email address, just at the old one. Things happen, and sometimes it helps to utilise the unsubscribe link. Unfortunately their implementation of opt-out does not involve removing an email address but providing a link to one’s profile preferences, which of course ensures the problem will persist. Newsletters are bulk email and each copy that reaches an inbox that did not subscribe to it is unsolicited. That makes their misdirected newsletters spam. Therefore, I flagged this message as spam in my affected Gmail account and wrote to their support stuff making them aware of the issue. Not that I expected any reaction, other than some boilerplate responses that do not fit to the actual situation, but at least future mailings will be dealt with appropriately by Gmail’s junk filters.

In any case, the outcome will have the final say as to whether I will continue using their services in the future. It does not lack some irony that a company which tries to position itself as “anti spam” fails at trivial things like mailing list management. So far, I’ve never encountered a mailing list that continued to deliver to an old email address, but then again there is always a first time…

It does not pay not to preemptively block ranges known to be occupied by popular hosting companies, unless you want to have fun with non behaving or fake bots. The pleasure of me enjoying the WebDataCentreBot was rather accidental as I was lazy in terms of blocklisting any SoftLayer ranges, so that these may not be able to do anything but sending mail to or receiving mail from me.

Sitting on 67.228.177.87 and announcing itself as:

Mozilla/5.0 (compatible; WebDataCentreBot/1.0; +http://WebDataCentre.com/)

Not only did it jump right in to start indexing without bothering in the slightest about robots.txt, but also happily accepted content that was explicitly excluded from robots.txt. But then again, how should it know without reading it in the first place? Well, I thought perhaps they want to learn about the broken behaviour of their bot and fix it, but looking at their site webdatacentre.com, all I can find is:

Web Data Centre

Web Data Centre is an internet research project driven by a small team of researchers from different parts of the world. Its aim is to get a better understanding of the link structure of the web. More info is coming shortly.

(front page as of June 29th 2008)

And that was it. No point of contact whatsoever and looking at the registration data, things turn out to look pretty spammy:

Domain Name: WEBDATACENTRE.COM

Registrant [1435225]:
        Moniker Privacy Services
        20 SW 27th Ave.
        Suite 201
        Pompano Beach
        FL
        33069
        US

Administrative Contact [1435225]:
        Moniker Privacy Services WEBDATACENTRE.COM @ domainservice.com
        Moniker Privacy Services
        20 SW 27th Ave.
        Suite 201
        Pompano Beach
        FL
        33069
        US
        Phone: +1.9549848445
        Fax:   +1.9549699155

Billing Contact [1435225]:
        Moniker Privacy Services WEBDATACENTRE.COM @ domainservice.com
        Moniker Privacy Services
        20 SW 27th Ave.
        Suite 201
        Pompano Beach
        FL
        33069
        US
        Phone: +1.9549848445
        Fax:   +1.9549699155

Technical Contact [1435225]:
        Moniker Privacy Services WEBDATACENTRE.COM @ domainservice.com
        Moniker Privacy Services
        20 SW 27th Ave.
        Suite 201
        Pompano Beach
        FL
        33069
        US
        Phone: +1.9549848445
        Fax:   +1.9549699155

Domain servers in listed order:

        NS1.DOMAINSERVICE.COM         67.99.176.12
        NS2.DOMAINSERVICE.COM         67.97.247.209
        NS3.DOMAINSERVICE.COM         64.49.213.231
        NS4.DOMAINSERVICE.COM         67.97.247.210

        Record created on:        2008-06-27 05:46:23.0
        Database last updated on: 2008-06-27 05:46:39.373
        Domain Expires on:        2009-06-27 05:46:41.0

Registered a mere two days ago and hiding behind an anonymous privacy shield. Why would a business want to remain anonymous unless it has to conceal something? One also might expect a search engine to reveal its legitimacy by having a meaningful rDNS name that reflects the bot’s name, but nothing much to find here either:

olliver@bunkiten:~$ host 67.228.177.87
87.177.228.67.in-addr.arpa domain name pointer midphase.com.

Midphase.com is the generic PTR record of a Softlayer reseller:

%rwhois V-1.5:003fff:00 rwhois.softlayer.com (by Network Solutions, Inc. V-1.5.9.5)
network:Class-Name:network
network:ID:NETBLK-SOFTLAYER.67.228.160.0/19
network:Auth-Area:67.228.160.0/19
network:Network-Name:SOFTLAYER-67.228.160.0
network:IP-Network:67.228.177.0/24
network:IP-Network-Block:67.228.177.0-67.228.177.255
network:Organization;I:Hosting Services Inc.
network:Street-Address:223 West Jackson Blvd STE# 1014
network:City:Chicago
network:State:IL
network:Postal-Code:60606
network:Country-Code:US
network:Tech-Contact;I:sysadmins @ softlayer.com
network:Abuse-Contact;I:abuse @ midphase.com
network:Admin-Contact;I:IPADM258-ARIN
network:Created:20080128
network:Updated:20080324
network:Updated-By:ipadmin @ softlayer.com

An aggregated range of consecutive ip addresses registered to the bot building outfit would seem more practical, especially to direct complaints to the appropriate persons. However, there is no info about the number of ip addresses in use by this anonymous entity, which effectively helps Midphase’s publicity shy customers remain anonymous. Putting all together, it seems more likely to assume they are content/email/webform seeking spammers building a list for themselves or to sell to other spammers than an actual search engine. Even if I am all mistaken, I am still not particularly keen on bots that do ignore established standards like robots.txt. Absent any communication channels one has to conclude that one may not be able to opt out from their crawling by ordinary means.

Therefore, firewalling this particular range seems an appropriate solution to me:

iptables -A INPUT -s 67.228.177.0/24 -i eth0 -p tcp -m tcp ! --dport 25 --syn -j REJECT

This rule rejects all incoming TCP traffic except for SMTP, as there may be legit sites we like to receive mail from or sent mail to. We have to specify that only incoming syn packages be rejected, because otherwise outgoing mail to this address range would remain stuck in our queue and never got delivered. If this potential need for communication is not an issue to be worried of, one still can apply the BOfH method and drop the range altogether:

iptables -A INPUT -s 67.228.177.0/24 -i eth0 -j DROP

Apache servers may also be happy about another SetEnvIfRule, preferably in httpd.conf/apache2.conf or .htaccess if the former is not an option due to a shared hosting account:

SetEnvIfNoCase User-Agent "WebDataCentre(Bot|\.com)" block

Deny from env=block

Update July 1st, 2008:

The bot has been spotted with another ip address, 66.150.224.245, this time without any rDNS record at all:

olliver@bunkiten:~$ host 66.150.224.245
Host 245.224.150.66.in-addr.arpa. not found: 3(NXDOMAIN)

Familiar set up, within a /24 of a presumable Internap reseller and still without any details concerning the company/project.

CustName:   Networld Internet Services
Address:    P.O box 551
City:       Skippack
StateProv:  PA
PostalCode: 19474
Country:    US
RegDate:    2007-01-16
Updated:    2007-01-16

NetRange:   66.150.224.0 - 66.150.224.255
CIDR:       66.150.224.0/24
NetName:    INAP-PHI-NETWORLDINT-12098
NetHandle:  NET-66-150-224-0-1
Parent:     NET-66-150-0-0-1
NetType:    Reassigned
Comment:
RegDate:    2007-01-16
Updated:    2007-01-16

RTechHandle: INO3-ARIN
RTechName:   InterNap Network Operations Center
RTechPhone:  +1-877-843-4662
RTechEmail:  noc @ internap.com 

OrgAbuseHandle: IAC3-ARIN
OrgAbuseName:   Internap Abuse Contact
OrgAbusePhone:  +1-206-256-9500
OrgAbuseEmail:  abuse @ internap.com

OrgTechHandle: INO3-ARIN
OrgTechName:   InterNap Network Operations Center
OrgTechPhone:  +1-877-843-4662
OrgTechEmail:  noc @ internap.com

In case you want to add another iptables rule based on the sample further above, simply replace 67.228.177.0/24 with 66.150.224.0/24 and you should be set.

Update July 4th, 2008

Another sighting, this time crawling from Sweden using 77.110.52.67 as ip address:

olliver@bunkiten:~$ host 77.110.52.67
67.52.110.77.in-addr.arpa is an alias for 77-110-52-67.univation.riksnet.nu.
77-110-52-67.univation.riksnet.nu domain name pointer ip67.univation.riksnet.nu.

So the pattern of using generic rDNS records obviously persists, as does their ignorance concerning robots.txt.

Whois:

inetnum:        77.110.52.64 - 77.110.52.79
netname:        SE-RIKSNET-UNIVATION2
descr:	        Stockholm Univation AB site2
country:        SE
admin-c:        BEER3-RIPE
tech-c:         BEER3-RIPE
status:         ASSIGNED PA
mnt-by:         MNT-RIKSNET
mnt-lower:      MNT-RIKSNET
mnt-routes:     MNT-RIKSNET
source:         RIPE # Filtered

person:         Bengt Erik Sandstrom
address:        Graddvagen 7
address:        S-906 20 Umea
address:        Sweden
phone:          +46 768 272022
nic-hdl:        BEER3-RIPE
source:         RIPE # Filtered

That range would translate to 77.110.52.64/28, a rather small block this time, and this is also the value you would like to use for blocking them via iptables or other means.

I’ve been waiting for a guide to come and take me by the hand
Could these sensations make me feel the pleasures of a normal man?
These sensations barely interest me for another day
I’ve got the spirit, lose the feeling, take the shock away

Ian Curtis – Disorder

Perhaps a summary of the past two months:
Some people may appear like helpful or in favour of you, but taken at their words they turn out to be just more professional poseurs with decades of practice in society compliant obedience. Should you ever happen to get too close to the edge of nowhere, they will quickly let you know about their priorities. In line of society means transposing the laws of capitalism to everyday’s life, which of course is nothing else but a political correct form of Darwinism. You are not welcome as a human, but as a human resource to deploy, as a commodity, institution, object or vessel for silly prejudices and hatred. Right is not a matter of the better argument, but merely a matter of dependence and abusing it for one’s own end.

There is not really a good reason to live on like nothing ever happened, because it has alway been around like this. Perhaps one was lucky to be spared, not to come into someone else’s crosshairs, but that alone does not make the world a better place. Nor does it mean that people will think of someone as a useful member of society. You are judged by what you own by people who do not have the authority to judge and not by what you achieved. There is a place, confirmed and assigned, but no matter how hard you try you do not get to change the rules others will apply to you. Should you ever become too careless to forget about it someone will gracefully remind you of it.