Main Menu
Fall Sale! Code FALL2024 takes 25% OFF our Pro Plugins & Books »
Perishable Press
Web Dev + WordPress + Security
eBook: .htaccess made easy
.htaccess made easy: Improve site performance and security.
Related Posts
+ More related posts »

2010 IP Blacklist

♦ Posted by in .htaccess, Security
Updated 36 comments

Over the course of each year, I blacklist a considerable number of individual IP addresses. Every day, Perishable Press is hit with countless numbers of spammers, scrapers, crackers and all sorts of other hapless turds. Weekly examinations of my site’s error logs enable me to filter through the chaff and cherry-pick only the most heinous, nefarious attackers for blacklisting. Minor offenses are generally dismissed, but the evil bastards that insist on wasting resources running redundant automated scripts are immediately investigated via IP lookup and denied access via simple htaccess directive:

<Limit GET POST PUT>
 Order Allow,Deny
 Allow from all
 Deny from 123.456.789
</LIMIT>

Although many of the worst attacks happen in randomized, zombie-like fashion, I have found that individual IPs that are not blacklisted will return repeatedly until finally blocked. Yet, despite the short-term success enjoyed by denying access to the most malicious IPs, the long-term futility of such blacklisting reflects the temporary nature of this solution.

Update: Check out the new and improved 2013 IP Blacklist »

In other words, I have found that blocking individual IPs is useful only for limited periods of time. Thus, every year, I gather my code and flush the blacklist of all individually blocked IP addresses. I then start fresh, adding the worst villains to the list, blocking entire IP ranges if necessary, and referring to previous versions of my htaccess files to cross-check suspiciously familiar entities. Eventually, a new blacklist emerges and I share it at Perishable Press. Here is the current version for 2010..

2010 IP Blacklist, Featuring over 100 Blocked IPs

Here is my custom-built IP blacklist for 2010:

# 2010 IP BLACKLIST
<Limit GET POST PUT>
 Order Allow,Deny
 Allow from all
 Deny from 208.120.202.98
 Deny from 208.64.202.134
 Deny from 217.218.166.14
 Deny from 173.65.81.35
 Deny from 77.21.46.241
 Deny from 82.166.163.
 Deny from 85.175.209.175
 Deny from 212.107.136.66
 Deny from 76.70.116.52
 Deny from 70.106.192.200
 Deny from 213.98.214.17
 Deny from 114.58.253.56
 Deny from 70.27.145.208
 Deny from 208.99.193.10
 Deny from 58.243.5.216
 Deny from 146.115.72.39
 Deny from 219.136.130.241
 Deny from 65.208.151.
 Deny from 222.73.173.11
 Deny from 65.55.106.
 Deny from 72.206.102.189
 Deny from 99.159.41.74
 Deny from 188.40.42.199
 Deny from 195.10.218.132
 Deny from 69.116.41.121
 Deny from 84.220.96.39
 Deny from 85.137.90.133
 Deny from 85.137.83.160
 Deny from 91.144.190.35
 Deny from 83.233.165.88
 Deny from 86.35.12.14
 Deny from 24.182.45.28
 Deny from 97.74.24.41
 Deny from 24.182.45.26
 Deny from 211.206.123.177
 Deny from 213.215.116.99
 Deny from 188.40.89.203
 Deny from 65.55.207.
 Deny from 71.95.178.74
 Deny from 98.189.159.150
 Deny from 174.143.3.188
 Deny from 66.96.248.69
 Deny from 71.235.77.152
 Deny from 67.36.185.44
 Deny from 65.242.250.130
 Deny from 194.8.75.
 Deny from 188.26.51.239
 Deny from 118.208.240.173
 Deny from 24.43.155.122
 Deny from 91.149.157.136
 Deny from 88.0.172.95
 Deny from 66.82.9.92
 Deny from 66.63.167.50
 Deny from 208.99
 Deny from 64.219.110.207
 Deny from 98.189.159.153
 Deny from 174.127.132.10
 Deny from 67.185.43.239
 Deny from 83.246.164.78
 Deny from 213.227.252.26
 Deny from 91.213.121.24
 Deny from 96.243.186.28
 Deny from 67.142.164.34
 Deny from 173.58.132.100
 Deny from 59.160.160.9
 Deny from 67.225.242.171
 Deny from 71.34.43.102
 Deny from 67.205.45.142
 Deny from 77.49.61.248
 Deny from 79.174.64.184
 Deny from 207.241.228.162
 Deny from 204.12.192.135
 Deny from 218.24.170.133
 Deny from 200.90.216.146
 Deny from 86.18.88.15
 Deny from 212.225.185.11
 Deny from 76.115.45.61
 Deny from 213.37.57.113
 Deny from 192.117.105.105
 Deny from 69.45.51.98
 Deny from 72.193.217.97
 Deny from 115.133.252.31
 Deny from 117.196.229.254
 Deny from 117.196.234.101
 Deny from 117.196.236.41
 Deny from 77.49.57.214
 Deny from 71.95.178.68
 Deny from 92.233.3.91
 Deny from 76.25.146.62
 Deny from 66.25.140.85
 Deny from 79.103.230.53
 Deny from 76.65.178.130
 Deny from 41.129.5.121
 Deny from 84.40.30.37
 Deny from 110.45.143.142
 Deny from 66.221.63.33
 Deny from 121.254.228.146
 Deny from 222.236.47.182
 Deny from 118.129.170.49
 Deny from 88.191.94.188
 Deny from 62.141.56.136
 Deny from 174.120.219.160
 Deny from 67.222.152.66
 Deny from 92.240.42.10
 Deny from 174.142.75.205
 Deny from 91.142.208.158
 Deny from 64.22.96.66
 Deny from 78.86.185.224
 Deny from 91.205.96.19
 Deny from 202.70.54.115
 Deny from 213.167.96.196
 Deny from 195.117.223.98
 Deny from 85.17.211.164
 Deny from 213.93.38.160
</Limit>

I use this blacklist on all of my sites, which are mostly WordPress, Joomla, and hand-rolled. Just pop it into the root .htaccess file and done. These are some of the worst offenders, so it’s nice knowing that they’re denied access.

How to get on next year’s list

Be a lowlife scumbag who gets off on malicious activity. If you suck enough, you’re going to get caught and appear on a list somewhere. Makes it easy to build effective IP blacklists. But remember that things change quickly, so you should refresh your ban lists as they become available. If you are using my 2007 IP Blacklist, I recommend replacing it with this one.

I’m listening, go a little deeper..

This blacklist was built over the past couple of years. Each week I review and analyze my log files, looking for patterns, noting behavior, checking data, etc. Most of the time attacks are executed simultaneously from multiple unique IPs. It’s futile to chase these “zombie” IPs around, but there are plenty of autonomous machines acting stupid to make IP blocking worthwhile.

Why so bad?

Because these IPs were associated with some seriously messed up behavior. Scanning through thousands of error logs, you see a lot of nasty stuff. Most of it seems very deliberate, hit or miss kind of activity. Other requests are just plain evil. Then there are the relentless “DoS”-like attacks. But in every crop of logs, there are those nefarious IPs that are both relentless and evil.

I’m sold. Wrap it up with an example

For example, one IP in the blacklist was recorded on July 22nd, 2009, as hitting my server 4783 times with all sorts of evil scripted payload. Most of the malicious requests are now blocked in the upcoming 5G Blacklist, but the IP address was consistent throughout the attack, so we block it as well. That’s the kind of stuff we’re blocking with the 2010 IP Blacklist.

Plaintxt for EZ Updates

To make things easier, I’ve uploaded a plain-text version of the 2010 IP Blacklist. The text file contains the IP addresses only, each on its own line. I will try to keep this file updated with fresh data as it becomes available. I will also post some of my other blacklists in plaintxt format and keep those updated as well. Any of these files may be used in your own security/blacklist scripts as a source of data. It’s nice to automate this kind of stuff, but you still want to keep an eye on my feed for news of updates.

Grab the plain-text version of the IP blacklist »

Thanks to Eric Marden for the “plaintxt” suggestion!

blacklist ip spam websites
About the Author
Jeff Starr = Creative thinker. Passionate about free and open Web.
The Tao of WordPress: Master the art of WordPress.
← Next Post
Previous Post →

36 responses to “2010 IP Blacklist”

  1. Steve 2010/07/08 1:20 pm

    So this can just be added on below your STRONG HTACCESS PROTECTION snip?

  2. midali 2010/07/08 10:26 pm

    Thanks alot jeff
    i was having problem earlier with spammer and scrapper i ended up blocking the whole ip range instead of individual ips

  3. Steve 2010/07/09 5:58 am

    My test site htaccess is so crammed full of stuff now I don’t know what to think. Or if I even know what I am doing.

    LOL oh man. Help . . . . . name your price!

  4. Jeff Starr 2010/07/10 2:17 pm • Post Author

    @aleSub: My pleasure :)

    @Steve: Yes absolutely, or below other code that you may have. I usually place this sort of stuff at the end of the htaccess file. Is there something specific that you are needing help with? Drop me a line and I’ll see what I can do.

    @midali: Awesome, glad to hear it’s useful for you :)

  5. Luis Alberto Ochoa 2010/07/22 2:34 am

    Thank you Jeff!

    I’ve added right away into the .htaccess:

    deny from 91.201.66.6
    deny from 109.70.66.189
    deny from 88.191.120.194
    deny from 94.142.134.246

  6. Jeff Starr 2010/07/22 9:20 pm • Post Author

    Luis, are those friends of yours? ;)

  7. Luis Alberto Ochoa 2010/07/23 1:29 am

    Jeff

    I Don’t Think So, Why?

    I’m good guy!!!

    :)

  8. Calce 2010/07/28 8:32 am

    Thanks for the idea :-)

  9. Steve 2010/08/01 5:57 pm

    Speaking of it, can anyone recommend a good raw log viewer? For access and error logs?

  10. Jeff Starr 2010/08/02 8:57 pm • Post Author

    @Steve: I have always analyzed my log files directly, but want to build an elegant PHP/MySQL viewer for custom logs, such as error and/or access. Thanks for the reminder :)

  11. Steve 2010/08/04 11:47 am

    Block 95.168.177.94

    http://bit.ly/behn3H

  12. Micah 2010/08/17 7:58 pm

    Hey Jeff, this IP blacklist is a great idea and I’m trying it on a few WordPress sites that I work with.

    How do I troubleshoot connection issues when the occasional visitor can’t access the sites I’m using this on? I’ve received a few consecutive emails where people are getting messages similar to this:

    “Gone, The requested resource is no longer available on this server and there is no forwarding address. Please remove all references to this resource.”

    When I remove the IP blacklist, this restores the connectivity issue. Does this mean these visitors are trying to access my sites from one of the IPs on this blacklist? If not, is there a way to view my logs and see who is trying to visit and if they’re getting blocked?

    I’ve seen the links to your similar articles explaining some of the processes and they’re overwhelming but I hope to try and dig in to understand better what’s going on and how to resolve the issue. Thanks!

123
Comments are closed for this post. Something to add? Let me know.
Welcome
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
.htaccess made easy: Improve site performance and security.
Thoughts
I disabled AI in Google search results. It was making me lazy.
Went out walking today and soaked up some sunshine. It felt good.
I have an original box/packaging for 2010 iMac if anyone wants it free let me know.
Always ask AI to cite its sources. Also: “The Web” is not a valid answer.
All free plugins updated and ready for WP 6.6 dropping next week. Pro plugin updates in the works also complete :)
99% of video thumbnail/previews are pure cringe. Goofy faces = Clickbait.
RIP ICQ
+ More thoughts »
Newsletter
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.
Topics
Perishable Press Newsletter
Get news, updates, deals & tips via email.
Your email will remain private. Easy unsubscribe anytime.
Find me on the social medias
Around the site
WordPress help
Favorite projects
© 2004–2024 Perishable Press • Yes Theme by Monzilla Media • Built w/ shapeSpaceSitemapPolicyRSSJohn 3:16