fvds.ru spammed me, so I researched them. A good portion of their IPs are in the range of 62.109.24.0/24 but there are others. They use a wide variety of names.
Observation:
t-testing.fvds.ru host lookup 62.109.2.78 is bogus. Research revealed 62.109.24.26 and 62.109.24.27.
static.vdc.vn is regular content scraper, but it did POST to me and left its IP address. I have been trying to track this one down for a while, but it uses such a wide variety of IP addresses that this is difficult. I could ban large ranges but this would also ban a wide swath of Vietnam, which I do not wish.
1-99seo.com looks like a similar content spammer campaign, from South America/Brazil. The style is very similar to fix-website-errors-com by Semalt, which was really terrible.
1-free-share-buttons.com looks to be the same
It is these types of content scraper marketing campaigns that wastes the receiving web site’s bandwidth. They visit the same pages daily, scraping from multiple IP addresses.
Interested, I was, when I read a G&M article, written more like advertising copy, about Virgin Mobile offering home internet service, 300MB for $50/mo.
I went to their web site, input my address, which it acknowledged, but the lookup feature was not working. I therefore phoned and they confirmed that home internet is not yet available for me but is in the works.
They also confirmed that they will use Bell fiber optic lines, which were recently installed on my street, 300G bandwidth, 25mbps download, 15mbps upload. That is a lot cheaper than Bell is offering today.
Not overly annoying, secureserver.net is a regular content spammer on my site. I thought it would be good to track them down. Their host names lookup properly and they seem to ban properly, so there seems to not be anything tricky or suspicious.
The whole concept of tor is a sound one, allowing those in repressive or privacy-optional countries (Canada, US) to anonymously use the internet. Unfortunately this anonymity has been hijacked by the spamming community, taking a benevolent tool and using it for ill. Any IP or hostname used for spamming is game for being banned, tor or not.
tor.exit.babylon.network has a network of tor servers that are content spamming me. Normally tor server IPs are stable, so once you ban them they stay banned. These guys move around a bit, and there are a number of them. If you ban a tor server, or any other hostname, and they return to spam again, then you know they evaded your security efforts. You need to do more research.
My htaccess file is getting large as I continually ban more bad bots of the world. As it gets larger there are bound to be more mistakes. One of the mistakes can occur in “deny from” lines, which account for the vast majority of lines in the htaccess. If you add any alpha characters to the ip addresses in “deny from” lines, the Apache server will do all host lookups and try to not return IP addresses. This means that some spammers’ ip addresses will be hidden behind bogus host names. For accuracy it is best for the Apache server to return their IP addresses. Using IPs you can then do host and search lookups, find them and ban them.
as51430.net spammed me, so here is the research for tracking and banning. as51430.net is out of Luxembourg. I did not get spammed by its three sister host names, lux-net-ip.as51430.net, nld-net-ip.as51430.net, and swe-net-ip.as51430.net.
Observation:
lu-customer-ip.as51430.net found the following IPs:
Research:
Further research found the following host names that change often: lux-net-ip.as51430.net, nld-net-ip.as51430.net, and swe-net-ip.as51430.net. Maybe they stand for Luxembourg, Netherlands, Sweden? Here is the complete list by ip address, so you can ban all three.
