sl-reverse.com is a content spammer that is creeping into my site and I want it stopped. I’ll hunt them down and ban them. Sl-reverse also uses servers in Canada, Germany, Singapore, Japan and Italy, to name a few.
If they botnet my butt I will get more aggressive on them.
hn.kd.dhcp is spamming my site, so I need to remove it. This guy has been around for quote a while and has a long list of IPs, but not so long a list of IP ranges. This spammer runs out of Henan Province, China, but has used Jilin, Chongqing, Guangdong, and Shanghai
These may be related: hn.kd.ny.adsl; hn.ly.kd.adsl; hn.kd.dhcp
unassigned.calpop.com is a comment spammer, small yes, but still needs removal. They change this hostname’s IP a lot and move between different companies such as Calpop, CoreExpress, AirlineReservations.Com, and ATMLINK. They are out of Los Angeles. I am unsure if calpop.com is still in business, as Yelp postings suggest they are now closed. Their bot is still somehow finding electricity and connectivity to spam me, so the company and store die but the bot lives on…
no-reverse-dns-configured.com is a content spammer, and I need to eliminate him from hitting my site. Here are the details required to ban him. If these strict IPs are not sufficient then ban the range.
I did not ban the AWS ranges because IPs usually come up with AWS host names, and I ban them already.
This guy hn.kd.ny.adsl seems innocent enough, until I tried to look him up, only to find no positive IP address. Others have posted that they, too, cannot find his IP address in order to ban him. Hmmm, let me track him down.
This hacker is prolific in that he rarely repeats the third octet, making it harder to ban by a narrower range. You’ll need to go up to the second octet to cover his IP ranges. He uses predominantly China Unicom Henan. Only once did he go to China Unicon Fujian, which might just be an outlier data point.
midex.zomro.com scrapes my site for awstat tags. I do not know why, and they do it multiple times. It is very annoying.
There is a ransomware listing for crasher121.zomro.com 93.170.169.52. There are other comments such as “109.248.33.212 is involved in malware incidents, spamming activity, ssh attacks, ddos” so caution is required. I did not research zomro.net, as I do not know if the .com and .net sites are related.
ipredator.se is a Swedish VPN service that is comment spamming my site.
Observation:
anon-48-125.vpn.ipredator.se 46.246.32.0 – 46.246.63.255 PrivActually
host anon-44-42.vpn.ipredator.se 46.246.44.42
exit1.ipredator.se 197.231.221.211 CYBERDYNE Monrovia I did not realize that I had banned this before. If this changes I will hunt it down again. There are a few IPs that have used this host name. They continue to content scrape me.
anon-45-30.vpn.ipredator.se 46.246.45.30
anon-47-29.vpn.ipredator.se 46.246.47.29
Pattern:
Add 46.246. to the two octets in the host name.
Kik content scraper bots sent me this IP from bredbandsbolaget.se. Kik uses single IPs from all over North American ISPs, and they’re now expanding globally. Kik content scrapes my site daily, so it is in my best interest to stop them.
Just for fun I translated from Swedish to English, “bredbandsbolaget” translates to “broadband company”! LOL! bredbandsbolaget.se provides TV, internet and telephone in Sweden. They have a web site. After the ip address the next set of numbers before the “cust” might be the Swedish telephone number, starting with the area code. Then again maybe not, as some have hex
