Host Name 0 Zero or localhost in your Raw Access Log

Does your raw access log display a host name of “0”, or zero? Very odd, is it not? I have been struggling with this for a couple of months, and my ISP Site5 had no answers. It turns out that one of my spammers, NFORCE_ENTERTAINMENT, puts an unprintable character into their host table, so that when my ISP looks them up, they display the unprintable character in my log as “0”.

Trying to control your site’s spam can be challenging. If you try to ban an IP that is simply 0, or a host name of “0” you will fail, because there is no zero in their host name, but an unprintable character. Ban these guys instead.

Observations:
Host name = “0”
46.166.141.0 – 46.166.141.127 46.166.184.0 – 46.166.191.255 NFORCE_ENTERTAINMENT Serverhosting NL
46.166.141.90 2016-oct-26
46.166.141.104 2016-oct-23
46.166.141.115 2016-oct-27
46.166.186.225 2016-oct-13
109.201.133.0 – 109.201.133.255
109.201.133.100
109.201.138.240 2016-oct-23
109.201.138.248
109.201.154.249 2016-oct-05
Electro Nebula ColoCrossing 23.94.0.0 – 23.95.255.255
23.94.148.171
China Mobile 117.184.0.0 – 117.187.255.255
117.184.110.241
SOLUTION PRO 206.80.96.0 – 206.80.127.255
206.80.118.119
Telus
173.180.44.8
Simply Transit 217.112.80.0 – 217.112.95.255
217.112.91.190 2016-oct-28
Enzui
23.88.103.223 2016-dec-17

My raw access log:

0 [08/Sep/2016:03:35:41 GET /root/comment/reply/58/ HTTP/1.1 403 638 http://dontai.com/root/comment/reply/58/
0 [08/Sep/2016:03:35:42 GET / HTTP/1.1 403 638 http://dontai.com/root/comment/reply/58/
0 [08/Sep/2016:08:02:21 GET /root/comment/reply/58/ HTTP/1.1 403 638 http://dontai.com/root/comment/reply/58/
0 [08/Sep/2016:16:43:34 GET / HTTP/1.1 403 638 http://dontai.com/root/comment/reply/58/

Host Name = “localhost”
localhost is very similar. The ip address 113.165.45.174 actually resolves to “localhost”. Very sneaky, as reverse lookup returns 127.0.0.1.
113.165.0.0 – 113.165.127.255
VietNam Post and Telecom
113.165.45.174
113.166.15.215 2017-feb-12
113.168.155.137 2017-feb-23
113.172.105.153 2017-feb-12
113.172.114.22 2017-jan-03
113.172.146.123 2016-oct-04
113.172.239.129 2016-dec-14
113.173.0.0 – 113.173.255.255
VietNam Post and Tel
113.173.13.171
113.173.111.46 2016-oct-19
113.173.148.78
113.173.150.174 2016-nov-04
113.174.156.105 2017-feb-05
113.175.23.243 2016-dec-05
113.175.30.242 2016-oct-12
113.175.204.244 2016-oct-01
113.179.42.116 2017-jan-03
113.180.79.91 2016-dec-27
113.181.38.197 2017-june-17
113.182.249.178 2016-oct-26
113.183.133.84 2016-oct-22
113.183.161.18 2017-jan-14
113.184.107.240 2016-dec-22
113.185.19.192 2016-nov-01
113.185.28.55 2016-oct-28
113.188.64.112 2017-jan-14
123.28.208.37 2016-dec-11
222.253.239.97 2016-nov-17
123.28.174.136 2017-jan-26
123.31.30.77 2017-mar-01
Viettel 27.72.0.0 – 27.75.255.255
27.64.51.231 2017-jul-22
27.67.23.105 2016-dec-13
27.68.52.53 2017-may-29
27.72.88.126 2017-may-29
27.74.100.48 2017-jan-30
27.74.240.152 2017-jan-06
27.74.131.205 2016-dec-20
27.74.135.61 2016-dec-12
27.74.150.191 2016-oct-23
27.74.246.198 2016-nov-27
27.75.236.175 2016-nov-01
27.76.175.151 2017-may-14
27.77.130.206 2016-oct-27
117.0.48.76 2017-apr-03
117.2.196.209 2017-feb-17
117.5.84.93 2017-may-08
117.5.87.158 2016-dec-11
117.5.207.227 2017-mar-01
220.231.123.134 2016-nov-28
Hanoi Post and Tel 222.252.0.0 – 222.252.127.255
222.252.42.194 2016-nov-06
222.252.86.90 2016-dec-01
Omonia TRIPRO Hr 213.186.0.0/19
213.186.7.232

undefined.hostname.localhost
Madhav Cement
103.53.73.8 2017-jan-09
Giriraj Concrete
45.119.10.248 2017-mar-03

host name = “no PTR record”
host command returns “no PTR record”. I’m unsure how this displays in the log. It might display zero as well.
CachedNet
23.92.119.166
23.92.121.57
107.150.65.204
107.150.65.245 2016-oct-26
162.212.169.100
162.212.170.126
162.212.171.45
162.212.172.94
162.212.174.28
Avante Hosting Services 66.248.192.0 – 66.248.199.255
66.248.198.159 2016-oct-25
66.248.198.163 2016-oct-23
66.248.198.169 2016-oct-23
66.248.199.141 2016-oct-23
66.248.210.209 2016-nov-13
66.248.220.157 2017-aug-28
66.248.223.192 2016-nov-16
198.52.134.253 2016-nov-07
198.52.135.254 2016-nov-06
198.52.136.221 2016-dec-13
198.52.148.254 2017-apr-08
198.52.162.254 2016-nov-07
198.52.163.52 2016-dec-05
198.52.180.216 2016-nov-14
198.52.211.38 2016-nov-28
198.52.212.77 2016-nov-17
198.52.213.118 2016-nov-07
198.52.217.253 2016-nov-04
198.52.217.254 2016-nov-04
198.52.220.253 2016-nov-12
198.52.240.94 2016-nov-15
198.52.252.52 2016-nov-16
199.195.157.21 2016-dec-07
Telehouse
165.231.80.227
165.231.83.250 2016-oct-26
165.231.84.136
165.231.87.37 2016-oct-28
165.231.87.125 2016-oct-23
165.231.92.154 2016-oct-20
165.231.84.165 2016-oct-21
NForce
46.166.136.162
Level 3 199.75.0.0 – 199.78.255.255
199.76.32.243 2016-oct-20
Cloudflare
162.158.64.239 2017-jan-16
162.158.65.182
MyRepublic Sg 103.224.164.0 – 103.224.164.255
103.224.119.78 2016-nov-27
103.224.164.109 2016-oct-23
103.252.201.107 2016-nov-01
103.252.202.96 2016-oct-25
CHINA UNICOM Shanghai 139.226.0.0 – 139.227.255.255
139.227.244.63 2016-oct-23
139.227.6.82 2017-may-20
China Unicom Hebei
60.8.207.34 2017-oct-18
CHINANET Jiangxi
59.62.130.167
Kiwi Networks ViveDigital Mx 201.139.109.128/29
201.139.109.132
201.139.109.133
201.139.109.134
201.139.109.135
EBOX 96.127.192.0 – 96.127.255.255
96.127.233.21 2017-jan-29
96.127.235.38
104.163.161.69 2017-feb-10
198.58.139.80 2017-sept 22

198.58.195.6 2017-mar-08
Colocrossing
107.172.151.250
Craw-Kan Tel 216.183.192.0 – 216.183.207.255
216.183.201.58
PAVLOV MEDIA 68.234.128.0/17
50.30.152.130
68.234.195.8
Dalmia Bharat In 103.41.10.0 – 103.41.10.255
103.41.10.3
Astute Hosting 162.213.156.0 – 162.213.159.255
135.84.177.162 2016-dec-15
162.213.159.84
162.245.144.116 2017-feb-15
162.245.145.101 2016-dec-15
162.245.145.121 2016-dec-16
New Wave 192.161.192.0 – 192.161.255.255
192.161.255.55
A.G.E. NETWORKS 86.107.50.0/23
86.107.51.189 2016-nov-25
Blizoo
89.253.128.19 2017-jan-31
89.253.154.20 2016-dec-10
89.253.171.50 2017-feb-03
Finecom Tel Quickline Ch
5.153.126.84
Hunter Region Mail Centre AU 202.9.74.0 – 202.9.74.255
202.9.74.4
FR-PROXAD 62.147.79.0 – 62.147.255.255
62.147.211.89
78.192.152.228 2017-feb-11
78.194.139.106
81.56.188.254
88.190.40.20
88.190.152.178
Starnet Servicii Lir 95.65.0.0 – 95.65.127.255
95.65.45.111
Quickline CH
94.16.168.146
185.74.124.172
Microsoft Singapore
167.220.24.209
167.220.196.59
167.220.232.178
167.220.255.20
Integra Tel
67.138.19.1
Internap Network Services
63.251.215.29
Philippine Telelgraph & Telephone
103.21.170.230
Versaweb
76.164.210.2 2017-feb-03
Corporation of the County of Simcoe
205.211.127.253
VIETTEL-CAMBODIA
175.100.110.218
Microsoft
167.220.24.209
DIRECTEL Za
169.255.1.142 2017-feb-23
KW Datacenter
45.62.210.151 2017-feb-23
SPA Impulse
77.236.88.68 2017-feb-27
EONIX
173.44.221.103 2017-mar-03
Dadeh Gostar Ir
77.42.46.68
77.42.74.190
77.42.77.35
Hydro One Telecom
142.46.208.133 2017-mar-08
Wanriau Indoxp Id
103.19.210.18
Centrilogic
192.198.80.227
Microsoft
167.220.148.116
Pinpoint Communications Us
65.39.120.23

TekSavvy 23.91.128.0 – 23.91.159.255
23.91.139.52
23.91.156.65
45.72.131.225
45.72.174.237
45.72.189.82
45.72.208.243
167.88.23.31

Host Name = “”
China Mobile 183.194.0.0 – 183.195.255.255
36.149.6.191 2016-dec-05
117.143.109.147 2017-june-17
117.184.70.194 2016-nov-20
117.185.27.115 2016-nov-11
183.193.32.39 2017-apr-03
183.194.104.238 2016-nov-03
183.194.113.62 2017-jan-14
183.195.151.210 2017-feb-23
223.72.103.39 2016-dec-05
223.104.5.194 2017-jan-05
Colocrossing
23.95.247.247 2017-feb-23
192.3.178.47 2016-nov-02
Global Layer 109.202.96.0 – 109.202.103.255
109.202.103.170
NForce
46.166.145.242 2016-nov-14
SOLUTION PRO 206.207.64.0 – 206.207.127.255 207.70.0.0 – 207.70.63.255
149.255.104.0/23
199.229.235.85 2016-dec-11
206.80.114.189 2017-jan-09
206.80.115.117 2017-feb-12
206.207.80.172 2017-jan-21
206.207.116.61 2017-jan-17
206.207.116.62 2017-jan-17
206.207.117.166 2017-feb-12
207.70.3.138
207.70.9.109 2017-feb-12
207.70.60.18 2017-jan-29
207.70.25.62 2016-nov-20
209.19.170.60 2017-jan-19
OpenITC MPP
149.255.104.251 2016-dec-02
149.255.105.5 2016-dec-26
Kingston Online 64.64.160.0 – 64.64.191.255
64.64.184.207 2016-dec-05
Enzu
107.183.116.197
Key Information Systems
207.178.158.210
SilverIP
162.255.57.151
Istanbul Datacenter, Tr
176.53.23.243
176.53.16.234

Host Name = “unassigned” or “UNASSIGNED”
M247 IT
217.64.113.211 2016-dec-14
Stichting BOA 145.102.240.0 – 145.102.247.255
145.102.246.98

Host Name = “-”
Contabo 5.189.144.0 – 5.189.159.255
5.189.146.133
CHINANET HEILONGJIANG
42.103.24.246

Referrer = “(null)”
Digital Ocean
107.170.96.6 2016-nov-02
138.197.202.197 2016-dec-13
159.203.196.79 2016-nov-02
162.243.69.215 2016-nov-29

Host Name = “no-data”
China Unicom Tianjin
125.39.57.38 2017-feb-26
125.39.210.31 2017-feb-26
125.39.222.252 2017-jan-16

Host Name = “domain.not.configured”
University of Evansville 192.195.230.110
ZSCALER
165.225.16.218
165.225.86.86 2017-feb-23
165.225.106.86 2017-apr-18
Machine Zone
104.254.132.10

207.162.72.20 emptyaddr

Host Name = "example.com"
185.203.240.139

Host Name = "no-reverse-dns-configured.com"
Quasi Networks, SC
93.174.92.177

Leave a Reply

Your email address will not be published. Required fields are marked *