free-109-108.mediaworksit.net has tried to crack my security so I thought it appropriate to track them down.
The host name only provides the third and fourth octet, leading one to gues the first two. As they have not repeated the third octet you will need to ban larger ranges.
Observation:
Research:
free-234-154.mediaworksit.net 109.111.234.154 109.111.234.0 – 109.111.237.255 109.111.234.0/22
free-144-214.mediaworksit.net 178.254.144.214 178.254.128.0 – 178.254.191.255 178.254.128.0/18
bot , Tech ban , ban IP , internet security , ip address , mediaworksit , mediaworksit.net , research , spam , strategy , vpn
hoor.nullvpn.com was trying to crack my security, so I thought it good to research and ban them. They are using a VPN, but there are not many IP addresses.
Observed:
Research:
game.nullvpn.com 116.251.210.113
loki.nullvpn.com 128.199.80.0 128.199.0.0 – 128.199.255.255 DigitalOcean
eros.nullvpn.com 139.59.234.213
free-02.nullvpn.com 149.202.60.72
poseidon.nullvpn.com 188.166.178.67 188.166.0.0 – 188.166.255.255 EU-DIGITALOCEAN
Permanent link to this post (85 words, 0 images, estimated 20 secs reading time)
bot , Tech ban , ban IP , hoor.nullvpn.com , internet security , ip address , nullvpn.com , research , spam , strategy , vpn
h-65-167.a416.corp.bahnhof.se has content spammed by site, so I am looking to remove it. bahnhof.se and bahnhof.no are from Sweden.
Observed:
Research:
h-253-21.a139.corp.bahnhof.se 5.150.253.21 5.150.192.0 – 5.150.255.255 5.150.192.0/18
h-42-226.a357.priv.bahnhof.se 79.136.42.226 79.136.0.0 – 79.136.128.255 79.136.0.0/17
h-184-90.a322.priv.bahnhof.se 81.170.184.90 81.170.128.0 – 81.170.255.255 81.170.128.0/17
h-129-203.a328.priv.bahnhof.se 85.24.129.203 85.24.128.0 – 85.24.255.255 85.24.128.0/17
h-2-71.a322.priv.bahnhof.se 94.254.2.71 163.34 94.254.0.0 – 94.254.128.255 94.254.0.0/17
bot , Tech bahnhof , bahnhof.no , bahnhof.se , ban , ban IP , internet security , ip address , key , research , spam , strategy
tor-exit-node.7by7.de spammed me today, so I decided to track them down. There is not much on him, but he is a tor exit server.
It is too bad that tor exit servers are used for spamming, as many sites will ban them. Banning due to spamming really defeats the purpose of tor. The best intentions result in misuse.
tor-exit-node.7by7.de 72.52.91.19
7by7.de 91.236.122.1
Permanent link to this post (69 words, 0 images, estimated 17 secs reading time)
bot , Tech 7by7 , ban , ban IP , bot , dangerous , internet security , ip address , mbahrain , pattern , research , spam , strategy , tor
mbahrain.mbahrain.net is using the Zend_Http_Client user agent, so they get banned. They are small, only 2 IPs.
mbahrain.mbahrain.net 198.57.181.97 198.57.128.0 – 198.57.255.255 198.57.128.0/17 UNIFIEDLAYER
Permanent link to this post (27 words, 0 images, estimated 6 secs reading time)
bot , Tech ban , ban IP , bot , dangerous , internet security , ip address , mbahrain , mbahrain.net , pattern , research , spam , strategy , Zend , Zend_Http_Client
boostgram.com tried to crack my site security. I need him disabled. Boostgram is hosted by Digital Ocean, which hosts a lot of spamming sites.
Observation:
51.147.188
Research:
production.ap.831aab.boostgram.com 104.236.7.133 104.236.0.0 – 104.236.255.255 104.236.0.0/16
production.ap.e06883.boostgram.com 107.170.4.120 107.170.0.0 – 107.170.255.255 107.170.0.0/16
production.ap.3393bc.boostgram.com 159.203.202.54 159.203.0.0 – 159.203.255.255 159.203.0.0/16
bot , Tech ban , ban IP , boostgram , bot , content spammer , internet security , ip address , pattern , research , spam , strategy
sl-reverse.com is a content spammer that is creeping into my site and I want it stopped. I’ll hunt them down and ban them. Sl-reverse also uses servers in Canada, Germany, Singapore, Japan and Italy, to name a few.
If they botnet my butt I will get more aggressive on them.
Observations:
6.1f.5177.ip4.static.sl-reverse.com 119.81.31.6 119.81.31.0/24 SOFTLAYER
e6.96.089f.ip4.static.sl-reverse.com 159.8.150.230
bot , Tech ban , ban IP , bot , content spammer , internet security , ip address , pattern , research , Shanghai , spam , strategy
hn.kd.dhcp is spamming my site, so I need to remove it. This guy has been around for quote a while and has a long list of IPs, but not so long a list of IP ranges. This spammer runs out of Henan Province, China, but has used Jilin, Chongqing, Guangdong, and Shanghai
These may be related: hn.kd.ny.adsl ; hn.ly.kd.adsl; hn.kd.dhcp
Observation:
Research:
bot , Tech ban , ban IP , bot , China Unicom Henan , Chongqing , dangerous , Guangdong , hn.kd.dhcp , hn.kd.ny.adsl , hn.ly.kd.adsl , internet security , ip address , Jilin , pattern , research , Shanghai , spam , strategy , 上海 , 中国 , 吉林 , 广东 , 河南 , 重庆
unassigned.calpop.com is a comment spammer, small yes, but still needs removal. They change this hostname’s IP a lot and move between different companies such as Calpop, CoreExpress, AirlineReservations.Com, and ATMLINK. They are out of Los Angeles. I am unsure if calpop.com is still in business, as Yelp postings suggest they are now closed . Their bot is still somehow finding electricity and connectivity to spam me, so the company and store die but the bot lives on…
Observations:
bot , Tech AirlineReservations.Com , ATMLINK , ban , ban IP , bot , Calpop , calpop.com , CoreExpress , internet security , ip address , pattern , research , spam , strategy
no-reverse-dns-configured.com is a content spammer, and I need to eliminate him from hitting my site. Here are the details required to ban him. If these strict IPs are not sufficient then ban the range.
I did not ban the AWS ranges because IPs usually come up with AWS host names, and I ban them already.
Observation:
Research:
bot , Tech ban , ban IP , bot , internet security , ip address , no-reverse-dns-configured.com , pattern , Quasi , research , SEYCHELLES , spam , strategy
