Tag: ban IP

bahnhof.se Content Scraper: Research, Ban

h-65-167.a416.corp.bahnhof.se has content spammed by site, so I am looking to remove it. bahnhof.se and bahnhof.no are from Sweden.

Observed:
h-65-167.a416.corp.bahnhof.se 79.136.65.167
h-42-226.a357.priv.bahnhof.se 79.136.42.226
h-46-23.a165.priv.bahnhof.se 46.59.46.23

Research:
h-130-176.a2.corp.bahnhof.no 37.123.130.176 a2 = 162 37.123.128.0 – 37.123.191.255 37.123.128.0/18

h-253-21.a139.corp.bahnhof.se 5.150.253.21 5.150.192.0 – 5.150.255.255 5.150.192.0/18
h-130-176.a2.corp.bahnhof.no 37.123.130.176 37.123.128.0 – 37.123.191.255 37.123.128.0/18
h-62-152.a213.priv.bahnhof.se 46.59.62.152 46.59.0.0 – 46.59.128.255 46.59.0.0/17

h-42-226.a357.priv.bahnhof.se 79.136.42.226 79.136.0.0 – 79.136.128.255 79.136.0.0/17
h-53-173.a157.priv.bahnhof.se 79.136.53.173
h-65-174.a416.corp.bahnhof.se 79.136.65.174

h-184-90.a322.priv.bahnhof.se 81.170.184.90 81.170.128.0 – 81.170.255.255 81.170.128.0/17
h-234-136.a189.priv.bahnhof.se 81.170.234.136
h-236-56.a193.priv.bahnhof.se 81.170.236.56
H-249-146.a175.corp.bahnhof.se 81.170.249.146

h-129-203.a328.priv.bahnhof.se 85.24.129.203 85.24.128.0 – 85.24.255.255 85.24.128.0/17
h-129-14.a209.priv.bahnhof.se 85.24.129.14
A218.cust.bahnhof.se 85.24.240.1

h-2-71.a322.priv.bahnhof.se 94.254.2.71 163.34 94.254.0.0 – 94.254.128.255 94.254.0.0/17
h-2-71.a322.priv.bahnhof.se 94.254.2.71
h-2-51.A322.priv.bahnhof.se 94.254.2.51
h-50-216.a240.priv.bahnhof.se 94.254.50.216

This is a preview of bahnhof.se Content Scraper: Research, Ban. Read the full post (134 words, 0 images, estimated 32 secs reading time)

7by7.de Content Spammer: Research, Ban

tor-exit-node.7by7.de spammed me today, so I decided to track them down. There is not much on him, but he is a tor exit server.

It is too bad that tor exit servers are used for spamming, as many sites will ban them. Banning due to spamming really defeats the purpose of tor. The best intentions result in misuse.

tor-exit-node.7by7.de 72.52.91.19
tor-exit-node.7by7.de 72.52.91.30
tor-exit-node.7by7.de 96.44.189.101
tor-exit-node.7by7.de 213.61.149.100

7by7.de 91.236.122.1

Permanent link to this post (69 words, 0 images, estimated 17 secs reading time)

mbahrain.net: Research, Ban

mbahrain.mbahrain.net is using the Zend_Http_Client user agent, so they get banned. They are small, only 2 IPs.

mbahrain.mbahrain.net 198.57.181.97 198.57.128.0 – 198.57.255.255 198.57.128.0/17 UNIFIEDLAYER
mbahrain.mbahrain.net 198.57.168.229

Permanent link to this post (27 words, 0 images, estimated 6 secs reading time)

greencloudvps.com: Research, Ban

10gbpsnl.greencloudvps.com hit my site looking for security weaknesses, so I thought it wise to research them and send them packing. They are a VPS, so I’ll never find the actual intruder.

They are spotty, so I will start small and work my way up.

Observed:
10gbpsnl.greencloudvps.com 93.158.215.90 93.158.215.0 – 93.158.215.255 SERVERIUS NL
mnt-by:
10gbpsnl.greencloudvps.com 93.158.215.92

Research:
lgvn.greencloudvps.com 66.249.69.189

kvmla2.greencloudvps.com 92.210.165.94
lgnl.greencloudvps.com 93.158.203.162

lgnv.Greencloudvps.com 104.194.14.71
104.223.6.19.static.greencloudvps.com 104.223.6.19

107.161.93.161.static.greencloudvps.com 107.161.93.161

lgaz.greencloudvps.com 148.163.90.3

kvmla2.greencloudvps.com 192.210.165.97
kvmla2.greencloudvps.com 192.210.165.96

198.55.115.24.static.greencloudvps.com 198.55.115.24
198.55.115.58.static.greencloudvps.com 198.55.115.58

Permanent link to this post (79 words, 0 images, estimated 19 secs reading time)

hukot.net Tor Exit: Research, Ban

108-36.hukot.net seems to be a Tor exit server. While I am all for the philosophy of net privacy, these Tor servers more often than not are used to content spam me. As a result I ban almost all of them. It is human nature, I suppose, to take something that should be beneficial and, using selfish and personal reasons, turn it to a tool of the bad.

Oh well, who am I to judge. This is my site, I ban content spammers, and I therefore also ban Tor content spammers, exit or not.

hukot.net seems to be an ISP from the Czech Republic.

This is a preview of hukot.net Tor Exit: Research, Ban. Read the full post (202 words, 0 images, estimated 48 secs reading time)

ubernet.com.bd: Research, Ban

host-64-166-83.ubernet.com.bd was testing my security, so I thought I would out them. ubernet.com.bd is an IP telephone and ISP, out of Bangledesh.

Pattern:
This guy seems to have an older and a newer pattern. The older pattern starts with 220.47 and then appends the last 2 octets of the host name. The newer pattern starts with 45 and appends the last 3 octets of the host name.

Research:
host-161-148.ubernet.com.bd 220.247.161.148 220.247.160.0 – 220.247.167.255 220.247.160.0/21
host-162-202.ubernet.com.bd 220.247.162.202
host-162-238.ubernet.com.bd 220.247.162.238
host-162-58.ubernet.com.bd 220.247.162.58
host-162-55.ubernet.com.bd 220.247.162.55
host-162-173.ubernet.com.bd 220.247.162.173

This is a preview of ubernet.com.bd: Research, Ban. Read the full post (141 words, 0 images, estimated 34 secs reading time)

dps.gov.co Content Scraper: Research, Ban

lyncdiscover.dps.gov.co has nothing to do with the Government of Columbia, and a good thing, because it is a content scraper bot.

dps.gov.co is the Departamento para la Prosperidad Social, part of the Columbian Government. I am unsure how a content scraper got hold of a Columbian Government extent, legally.

As this is a Government site I have contacted their tech contact, but they do not look too sophisticated. At least I have done my part to try to stop this abuse of the dps.gv.co host name.

Research:
186.170.31.134 186.170.0.0 /15 COLOMBIA TEL
186.170.31.134
186.170.31.134

Permanent link to this post (95 words, 0 images, estimated 23 secs reading time)

boostgram.com security risk: Research, Ban

boostgram.com tried to crack my site security. I need him disabled. Boostgram is hosted by Digital Ocean, which hosts a lot of spamming sites.

Observation:
production.ap.3393bc.boostgram.com 159.203.202.54

51.147.188

Research:
production.ap.9612d3.boostgram.com 104.131.9.204 104.131.0.0 – 104.131.255.255 104.131.0.0/16
150.18.211.
production.ap.90c84e.boostgram.com 104.131.156.149 144.200.78.
production.ap.970190.boostgram.com 104.131.192.0/19

production.ap.831aab.boostgram.com 104.236.7.133 104.236.0.0 – 104.236.255.255 104.236.0.0/16
131.26.171.
production.ap.9b51e1.boostgram.com 104.236.9.104 155.81.225.
production.ap.ecaad3.boostgram.com 104.236.88.116 236.170.211.
production.ap.3880c0.boostgram.com 104.236.94.135
production.ap.777b50.boostgram.com 104.236.199.226
production.ap.136571.boostgram.com 104.236.254.46

production.ap.e06883.boostgram.com 107.170.4.120 107.170.0.0 – 107.170.255.255 107.170.0.0/16
production.ap.73d069.boostgram.com 107.170.36.72
production.ap.67b6b3.boostgram.com 107.170.115.31
production.ap.f9906e.boostgram.com 107.170.219.111

production.ap.3393bc.boostgram.com 159.203.202.54 159.203.0.0 – 159.203.255.255 159.203.0.0/16
production.ap.c648f2.boostgram.com 159.203.218.94
production.ap.08ccaf.boostgram.com 159.203.245.132
production.ap.9d13a2.boostgram.com 159.203.207.1

This is a preview of boostgram.com security risk: Research, Ban. Read the full post (135 words, 0 images, estimated 32 secs reading time)

sl-reverse.com Content Scraper: Research, Ban

sl-reverse.com is a content spammer that is creeping into my site and I want it stopped. I’ll hunt them down and ban them. Sl-reverse also uses servers in Canada, Germany, Singapore, Japan and Italy, to name a few.

If they botnet my butt I will get more aggressive on them.

Observations:
fa.f7.a86c.ip4.static.sl-reverse.com 108.168.247.250

6.1f.5177.ip4.static.sl-reverse.com 119.81.31.6 119.81.31.0/24 SOFTLAYER
6.1f.5177.ip4.static.sl-reverse.com 119.81.31.6
59.7c.5177.ip4.static.sl-reverse.com 119.81.124.89
12.87.5177.ip4.static.sl-reverse.com 119.81.135.18
93.fa.5177.ip4.static.sl-reverse.com 119.81.250.147
39.f8.5177.ip4.static.sl-reverse.com 119.81.248.57
8b.f9.5177.ip4.static.sl-reverse.com 119.81.249.139
d6.fd.5177.ip4.static.sl-reverse.com 119.81.253.214

e6.96.089f.ip4.static.sl-reverse.com 159.8.150.230
d7.85.7a9f.ip4.static.sl-reverse.com 159.122.133.215 159.122.133.0/24 SOFTLAYER
d7.85.7a9f.ip4.static.sl-reverse.com 159.122.133.215
a6.48.caa1.ip4.static.sl-reverse.com 161.202.72.166
a.06.01a8.ip4.static.sl-reverse.com 168.1.6.10
d6.35.01a8.ip4.static.sl-reverse.com 168.1.53.214
70.17.01a8.ip4.static.sl-reverse.com 168.1.23.112
34.4b.01a8.ip4.static.sl-reverse.com 168.1.75.52
db.63.01a8.ip4.static.sl-reverse.com 168.1.99.219
fa.f7.a86c.ip4.static.sl-reverse.com 168.108.247.250
d8.00.39a9.ip4.static.sl-reverse.com 169.57.0.216
a0.67.b9d8.ip4.static.sl-reverse.com 216.185.103.160

This is a preview of sl-reverse.com Content Scraper: Research, Ban. Read the full post (127 words, 0 images, estimated 30 secs reading time)

hn.kd.dhcp Content Spammer: Research, Ban

hn.kd.dhcp is spamming my site, so I need to remove it. This guy has been around for quote a while and has a long list of IPs, but not so long a list of IP ranges. This spammer runs out of Henan Province, China, but has used Jilin, Chongqing, Guangdong, and Shanghai

These may be related: hn.kd.ny.adsl; hn.ly.kd.adsl; hn.kd.dhcp

Observation:
61.52.253.116 hn.kd.dhcp 2017-jan-04
61.54.208.158 hn.kd.dhcp
61.54.208.235 hn.kd.dhcp 2016-oct-06
61.54.209.51 hn.kd.dhcp

Research:
61.52.9.239 61.52.0.0 – 61.53.255.255 61.52.0.0/15 China Unicom Henan
61.52.28.157
61.52.53.10
61.52.74.18
61.52.100.71
61.52.168.1
61.52.198.139
61.52.207.172
61.52.232.29
61.53.1.241
61.53.5.165
61.53.25.9
61.53.65.52
61.53.64.37
61.53.64.37
61.53.65.54
61.53.65.54
61.53.65.54
61.53.67.14
61.53.73.0
61.53.86.244
61.53.92.65
61.53.143.179
61.53.143.179
61.53.143.179
61.53.152.179
61.53.153.90
61.53.153.90
61.53.160.28
61.53.185.170
61.53.193.169
61.53.194.0
61.53.203.0
61.53.235.197

This is a preview of hn.kd.dhcp Content Spammer: Research, Ban. Read the full post (215 words, 0 images, estimated 52 secs reading time)