no-reverse-dns-configured.com is a content spammer, and I need to eliminate him from hitting my site. Here are the details required to ban him. If these strict IPs are not sufficient then ban the range.
I did not ban the AWS ranges because IPs usually come up with AWS host names, and I ban them already.
This guy hn.kd.ny.adsl seems innocent enough, until I tried to look him up, only to find no positive IP address. Others have posted that they, too, cannot find his IP address in order to ban him. Hmmm, let me track him down.
This hacker is prolific in that he rarely repeats the third octet, making it harder to ban by a narrower range. You’ll need to go up to the second octet to cover his IP ranges. He uses predominantly China Unicom Henan. Only once did he go to China Unicon Fujian, which might just be an outlier data point.
midex.zomro.com scrapes my site for awstat tags. I do not know why, and they do it multiple times. It is very annoying.
There is a ransomware listing for crasher121.zomro.com 93.170.169.52. There are other comments such as “109.248.33.212 is involved in malware incidents, spamming activity, ssh attacks, ddos” so caution is required. I did not research zomro.net, as I do not know if the .com and .net sites are related.
ipredator.se is a Swedish VPN service that is comment spamming my site.
Observation:
anon-48-125.vpn.ipredator.se 46.246.32.0 – 46.246.63.255 PrivActually
host anon-44-42.vpn.ipredator.se 46.246.44.42
exit1.ipredator.se 197.231.221.211 CYBERDYNE Monrovia I did not realize that I had banned this before. If this changes I will hunt it down again. There are a few IPs that have used this host name. They continue to content scrape me.
anon-45-30.vpn.ipredator.se 46.246.45.30
anon-47-29.vpn.ipredator.se 46.246.47.29
Pattern:
Add 46.246. to the two octets in the host name.
Kik content scraper bots sent me this IP from bredbandsbolaget.se. Kik uses single IPs from all over North American ISPs, and they’re now expanding globally. Kik content scrapes my site daily, so it is in my best interest to stop them.
Just for fun I translated from Swedish to English, “bredbandsbolaget” translates to “broadband company”! LOL! bredbandsbolaget.se provides TV, internet and telephone in Sweden. They have a web site. After the ip address the next set of numbers before the “cust” might be the Swedish telephone number, starting with the area code. Then again maybe not, as some have hex
bb.sky.com is a regular content scraper on my site, so I have decided to track them down. I finally figured out their hex IP address, so I can target ranges better.
Sky is a very large TV and internet provider in the Uk. They have a huge range of IPs.
fregat.ua is a bot from Russia. It was logged for ransomware, so you really don’t want them to try to break into your site. Quite bold, they are, trying to get my login and admin pages, so they are a definite security threat for trying to break into my site. Fregat.ua is an ISP with a web page.
This is part of the keywords-monitoring-your-success.com, free-video-tool.com Semalt Botnet that spread to other South American hosts, but they have changed the referrer name slightly to keywords-monitoring-success.com. This host is tricky because they only provide the last 2 octets of the IP address, leaving me to guess the first two.
Here is my clue: customer-qro-199-67.megared.net.mx
There are clues to the same pattern used by megared.net.mx, using a variety of new 2 initial octets combined with the last 2 from the host name. While I only have this one IP as a content scraper, their reputation is one of an email spammer. I guess they moved into a newer but related business model.
