Author Archives: dontai

Lance Leaved Coreopsis in Bloom, Toronto, Canada

Yellow Lance leaved coreopsis in bloom, Toronto, Canada. Photo 1 by Don Tai

Yellow Lance leaved coreopsis in bloom, Toronto, Canada. Photo 1 by Don Tai

This flower, Coreopsis lanceolata, comes up every year and is beautiful. It is very successful at propagating and spreads quickly. I like this in a blooming flower, but not in a weed. It has literally taken over.

I had a bit of a search for the actual name: Lance leaved coreopsis.

About 5 years ago a neighbour gave us a clump of a few flowers. We planted it in our front yard that gets full sun. It has grown and expanded every year, irregardless of a hard or mild winter. While the roses are temperamental and need care, the coreopsis needs nothing.

This is a preview of Lance Leaved Coreopsis in Bloom, Toronto, Canada. Read the full post (183 words, 3 images, estimated 44 secs reading time)

mediaworksit.net: Research, Ban

free-109-108.mediaworksit.net has tried to crack my security so I thought it appropriate to track them down.

The host name only provides the third and fourth octet, leading one to gues the first two. As they have not repeated the third octet you will need to ban larger ranges.

Observation:
free-109-108.mediaworksit.net

Research:
free-112-5.mediaworksit.net 95.140.112.5 95.140.112.0 – 95.140.127.255 140.112.0/20
free-114-1.mediaworksit.net 95.140.114.0
free-124-110.mediaworksit.net 95.140.124.110
free-125-37.mediaworksit.net 95.140.125.37
free-125-62.mediaworksit.net 95.140.125.62

free-234-154.mediaworksit.net 109.111.234.154 109.111.234.0 – 109.111.237.255 109.111.234.0/22
free-235-194.mediaworksit.net 109.111.235.194

free-144-214.mediaworksit.net 178.254.144.214 178.254.128.0 – 178.254.191.255 178.254.128.0/18
free-148-194.mediaworksit.net 178.254.148.194
free-164-196.mediaworksit.net 178.254.164.196
free-167-14.mediaworksit.net 178.254.167.14
free-246-89.mediaworksit.net 178.253.246.89
free-249-30.mediaworksit.net 178.253.249.30

This is a preview of mediaworksit.net: Research, Ban. Read the full post (145 words, 0 images, estimated 35 secs reading time)

nullvpn.com: Research, Ban

hoor.nullvpn.com was trying to crack my security, so I thought it good to research and ban them. They are using a VPN, but there are not many IP addresses.

Observed:
hoor.nullvpn.com 128.199.170.45
paladin.nullvpn.com
kodi.nullvpn.com 128.199.103.2
hermod.nullvpn.com 188.166.188.219
cooper.nullvpn.com 128.199.127.59

Research:
Nullvpn.com 104.24.114.17

game.nullvpn.com 116.251.210.113

loki.nullvpn.com 128.199.80.0 128.199.0.0 – 128.199.255.255 DigitalOcean
necro.nullvpn.com 128.199.86.38
aegis.nullvpn.com 128.199.124.10
ra.nullvpn.com 128.199.176.180
tios.nullvpn.com 128.199.194.237
nyx.nullvpn.com 128.199.225.142
kodi.nullvpn.com 128.199.103.2

eros.nullvpn.com 139.59.234.213

free-02.nullvpn.com 149.202.60.72

poseidon.nullvpn.com 188.166.178.67 188.166.0.0 – 188.166.255.255 EU-DIGITALOCEAN
zeus.nullvpn.com 188.166.178.103
demeter.nullvpn.com 188.166.184.105
tyr.nullvpn.com 188.166.184.163
hermod.nullvpn.com 188.166.188.219
float.nullvpn.com 188.166.189.38
dev.nullvpn.com 188.166.190.144

Permanent link to this post (85 words, 0 images, estimated 20 secs reading time)

bahnhof.se Content Scraper: Research, Ban

h-65-167.a416.corp.bahnhof.se has content spammed by site, so I am looking to remove it. bahnhof.se and bahnhof.no are from Sweden.

Observed:
h-65-167.a416.corp.bahnhof.se 79.136.65.167
h-42-226.a357.priv.bahnhof.se 79.136.42.226
h-46-23.a165.priv.bahnhof.se 46.59.46.23

Research:
h-130-176.a2.corp.bahnhof.no 37.123.130.176 a2 = 162 37.123.128.0 – 37.123.191.255 37.123.128.0/18

h-253-21.a139.corp.bahnhof.se 5.150.253.21 5.150.192.0 – 5.150.255.255 5.150.192.0/18
h-130-176.a2.corp.bahnhof.no 37.123.130.176 37.123.128.0 – 37.123.191.255 37.123.128.0/18
h-62-152.a213.priv.bahnhof.se 46.59.62.152 46.59.0.0 – 46.59.128.255 46.59.0.0/17

h-42-226.a357.priv.bahnhof.se 79.136.42.226 79.136.0.0 – 79.136.128.255 79.136.0.0/17
h-53-173.a157.priv.bahnhof.se 79.136.53.173
h-65-174.a416.corp.bahnhof.se 79.136.65.174

h-184-90.a322.priv.bahnhof.se 81.170.184.90 81.170.128.0 – 81.170.255.255 81.170.128.0/17
h-234-136.a189.priv.bahnhof.se 81.170.234.136
h-236-56.a193.priv.bahnhof.se 81.170.236.56
H-249-146.a175.corp.bahnhof.se 81.170.249.146

h-129-203.a328.priv.bahnhof.se 85.24.129.203 85.24.128.0 – 85.24.255.255 85.24.128.0/17
h-129-14.a209.priv.bahnhof.se 85.24.129.14
A218.cust.bahnhof.se 85.24.240.1

h-2-71.a322.priv.bahnhof.se 94.254.2.71 163.34 94.254.0.0 – 94.254.128.255 94.254.0.0/17
h-2-71.a322.priv.bahnhof.se 94.254.2.71
h-2-51.A322.priv.bahnhof.se 94.254.2.51
h-50-216.a240.priv.bahnhof.se 94.254.50.216

This is a preview of bahnhof.se Content Scraper: Research, Ban. Read the full post (134 words, 0 images, estimated 32 secs reading time)

7by7.de Content Spammer: Research, Ban

tor-exit-node.7by7.de spammed me today, so I decided to track them down. There is not much on him, but he is a tor exit server.

It is too bad that tor exit servers are used for spamming, as many sites will ban them. Banning due to spamming really defeats the purpose of tor. The best intentions result in misuse.

tor-exit-node.7by7.de 72.52.91.19
tor-exit-node.7by7.de 72.52.91.30
tor-exit-node.7by7.de 96.44.189.101
tor-exit-node.7by7.de 213.61.149.100

7by7.de 91.236.122.1

Permanent link to this post (69 words, 0 images, estimated 17 secs reading time)

mbahrain.net: Research, Ban

mbahrain.mbahrain.net is using the Zend_Http_Client user agent, so they get banned. They are small, only 2 IPs.

mbahrain.mbahrain.net 198.57.181.97 198.57.128.0 – 198.57.255.255 198.57.128.0/17 UNIFIEDLAYER
mbahrain.mbahrain.net 198.57.168.229

Permanent link to this post (27 words, 0 images, estimated 6 secs reading time)

yota.com.ni, Part of Semalt Botnet: Research, Ban

wimax183-11.yota.com.ni hit my site as a part of the large Semalt botnet that started with keywords-monitoring-your-success.com and free-video-tool.com campaign, which I have already banned. That botnet was huge. They involved virtua in Brazil as well. Finally that campaign ended and they started with fix-website-errors.com and buttons-for-website. buttons-for-website is a really old Semalt SEO botnet campaign.

Pattern:
To the IP root of 190.181 for the first two octets, add the second two from the hostname.

Observed:
wimax183-11.yota.com.ni 190.181.183.11 190.181.128.0 – 190.181.191.255 190.181.128/18 Yota De Nicaragua

Research:
WiMax128-245.yota.com.ni 190.181.128.245
wimax129-115.yota.com.ni 190.181.129.115
wimax129-158.yota.com.ni 190.181.129.158
wimax132-70.yota.com.ni 190.181.132.70
WiMax133-44.yota.com.ni 190.181.133.44
WiMax137-187.yota.com.ni 190.181.137.187
WiMax139-2.yota.com.ni 190.181.139.2
WiMax141-57.yota.com.ni 190.181.141.57

This is a preview of yota.com.ni, Part of Semalt Botnet: Research, Ban. Read the full post (124 words, 0 images, estimated 30 secs reading time)

greencloudvps.com: Research, Ban

10gbpsnl.greencloudvps.com hit my site looking for security weaknesses, so I thought it wise to research them and send them packing. They are a VPS, so I’ll never find the actual intruder.

They are spotty, so I will start small and work my way up.

Observed:
10gbpsnl.greencloudvps.com 93.158.215.90 93.158.215.0 – 93.158.215.255 SERVERIUS NL
mnt-by:
10gbpsnl.greencloudvps.com 93.158.215.92

Research:
lgvn.greencloudvps.com 66.249.69.189

kvmla2.greencloudvps.com 92.210.165.94
lgnl.greencloudvps.com 93.158.203.162

lgnv.Greencloudvps.com 104.194.14.71
104.223.6.19.static.greencloudvps.com 104.223.6.19

107.161.93.161.static.greencloudvps.com 107.161.93.161

lgaz.greencloudvps.com 148.163.90.3

kvmla2.greencloudvps.com 192.210.165.97
kvmla2.greencloudvps.com 192.210.165.96

198.55.115.24.static.greencloudvps.com 198.55.115.24
198.55.115.58.static.greencloudvps.com 198.55.115.58

Permanent link to this post (79 words, 0 images, estimated 19 secs reading time)

hukot.net Tor Exit: Research, Ban

108-36.hukot.net seems to be a Tor exit server. While I am all for the philosophy of net privacy, these Tor servers more often than not are used to content spam me. As a result I ban almost all of them. It is human nature, I suppose, to take something that should be beneficial and, using selfish and personal reasons, turn it to a tool of the bad.

Oh well, who am I to judge. This is my site, I ban content spammers, and I therefore also ban Tor content spammers, exit or not.

hukot.net seems to be an ISP from the Czech Republic.

This is a preview of hukot.net Tor Exit: Research, Ban. Read the full post (202 words, 0 images, estimated 48 secs reading time)

ubernet.com.bd: Research, Ban

host-64-166-83.ubernet.com.bd was testing my security, so I thought I would out them. ubernet.com.bd is an IP telephone and ISP, out of Bangledesh.

Pattern:
This guy seems to have an older and a newer pattern. The older pattern starts with 220.47 and then appends the last 2 octets of the host name. The newer pattern starts with 45 and appends the last 3 octets of the host name.

Research:
host-161-148.ubernet.com.bd 220.247.161.148 220.247.160.0 – 220.247.167.255 220.247.160.0/21
host-162-202.ubernet.com.bd 220.247.162.202
host-162-238.ubernet.com.bd 220.247.162.238
host-162-58.ubernet.com.bd 220.247.162.58
host-162-55.ubernet.com.bd 220.247.162.55
host-162-173.ubernet.com.bd 220.247.162.173

This is a preview of ubernet.com.bd: Research, Ban. Read the full post (141 words, 0 images, estimated 34 secs reading time)