Super Plugin Sale! Your Choice: BOGO or 30% Off »
Web Dev + WordPress + Security

Latest Blacklist Entries

Recently cleared several megabytes of log files, detecting patterns, recording anomalies, and blacklisting gross offenders. Gonna break it down into three sections:

User Agents

User-agents come and go, and are easily spoofed, but it’s worth a few lines of htaccess to block the more persistent bots that repeatedly scan your site with malicious requests.

# Nov 2010 User Agents
SetEnvIfNoCase User-Agent "MaMa " keep_out
SetEnvIfNoCase User-Agent "choppy" keep_out
SetEnvIfNoCase User-Agent "heritrix" keep_out
SetEnvIfNoCase User-Agent "Purebot" keep_out
SetEnvIfNoCase User-Agent "PostRank" keep_out
SetEnvIfNoCase User-Agent "archive.org_bot" keep_out
SetEnvIfNoCase User-Agent "msnbot.htm)._" keep_out

 Order Allow,Deny
 Allow from all
 Deny from env=keep_out

The first line blocks any user-agent containing “MaMa ”. If that scares you, then replace that line with these two:

SetEnvIfNoCase User-Agent "MaMa CyBer" keep_out
SetEnvIfNoCase User-Agent "MaMa Xirio" keep_out

The other lines block the latest batch of “loser-agents,” which may completely disappear overnight. My current strategy is to block for a few months and then start fresh. Stuff like heritrix, Purebot, and PostRank have made the list numerous times.

Character Strings

There must be some exciting new vulnerability, because suddenly I’m seeing TONS of requests for the following resources in just about every virtual directory imaginable:


What’s the best way to deal with endless requests for non-existent resources? I prefer to respond with 403 Forbidden and call it done:

# Nov 2010 Char Strings
<IfModule mod_alias.c>
 RedirectMatch 403 fpw.php
 RedirectMatch 403 xmlpc.php
 RedirectMatch 403 pingserver.php
 RedirectMatch 403

Of course, make sure you aren’t actually using any of these files anywhere on your site before using this code.

IP Addresses

Last but not least, here’s the latest batch of nefarious IP addresses. There’s no reason to block random botnet IPs, so only the most rogue static addresses make the list:

# Nov 2010 IPs
 Order Allow,Deny
 Allow from all
 Deny from
 Deny from
 Deny from
 Deny from 
 Deny from
 Deny from
 Deny from
 Deny from
 Deny from
 Deny from
 Deny from
 Deny from
 Deny from
 Deny from
 Deny from
 Deny from
 Deny from

As with the user-agents, I like to block IPs for a month or so at a time. Implement (or not) as you see fit.

Bonus IPs! – Looking for more bad IPs to block? Check out Vladimir’s post in the comments.

Just one fix..

Don’t take my word for it. Check your own logs and see what shouldn’t be there. “Know thy enemy,” as they say ;)

For more help on blocking stuff with .htaccess, check out Eight Ways to Redirect with Apache’s mod_rewrite.

About the Author
Jeff Starr = Fullstack Developer. Book Author. Teacher. Human Being.
USP Pro: Unlimited front-end forms for user-submitted posts and more.

24 responses to “Latest Blacklist Entries”

  1. Hi Jeff,

    I would like to contribute some more IP addresses (they are taken mainly from if you don’t mind:

  2. Jeff Starr 2010/11/09 9:11 am

    Thanks, Vladimir – I updated the post with a link to your comment.

    Cheers :)

  3. Thanks Jeff for this effort you put, i never had an idea about some stuff here, so your posts were an eye opener for me.

  4. Good post Jeff. I like the user agent block.

  5. I’m looking for a website keeping an updated list we could download and paste into .htaccess

    Here I see this post with a few entries but is there a static link that point to a list that is updated from time to time?


  6. Hello Jeff,

    This is my first message on your website.

    Just few words from France to tell you how grateful I am. I’m really pleased you share so many useful and valuable information.

    I’m more into Joomla than WordPress but many articles are suitable for any CMS. Not to say any website…

    I also (and most of all) appreciate the awesome quality of your work. Everything falls into place and is extremely well designed. I like the way you take care about every details.

    You’re a great source of inspiration to me, even if I’m far from having the same skills.

    As you say in USA : “keep up the ggod work”.



  7. I am always doubtful whether it is a good idea to block IP-adresses, as many of these adresses are shared IPs and so other websites are blocked

    this happened to me with a german shared IP Adress very often on US websites

    please consider this

  8. Michael Clark 2010/11/10 6:20 am

    Why are you blocking the bot? They follow robots.txt.

    The only character string I’ve had hits for is pingserver.php.

    Most of the IP addresses you list haven’t hit my server, although a few of them have hundreds of hits in brief amounts of time.

    I guess this really does show you really need to know what is happening on your server, as attacks are coming from so many different places and in so many different methods. And you really need to understand what these type of blacklist rules will do.

  9. Amazing!! Thanks for sharing the result of many hours of work!

  10. @Daniel: Here is a current IP Blacklist:

    @Ben Gun: Thank you for the kind words – they are greatly appreciated.

    @Connie: Good point, and I would suggest that if you don’t feel comfortable blocking malicious IPs, then you shouldn’t do it. As for me, I have found that temporary blocking some of the worst IPs is an effective security measure.

    @Michael Clark: The bot is one of the WORST, according to my data. They consume miles of bandwidth and never return any traffic. Plus, 90% of the requests I get from that terrible bot are malicious scans for non-existent resources. For my sites, it’s just not worth it.

  11. thanks for the list Jeff…

    looking forward the UA BlackList :-)

  12. HI i am, using your 2010 user agent blacklist at the moment and i wanted to know if i can paste the directive from this site under yours. i am not asking whether their code works or not just whether htaccess will allow it and function okay.

Comments are closed for this post. Something to add? Let me know.
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
The Tao of WordPress: Master the art of WordPress.
All free plugins updated and ready for WordPress 6.6 dropping next week. Pro plugin updates in the works :)
99% of video thumbnail/previews are pure cringe. Goofy faces = Clickbait.
Crazy that we’re almost halfway thru 2024.
I live right next door to the absolute loudest car in town. And the owner loves to drive it.
8G Firewall now out of beta testing, ready for use on production sites.
It's all about that ad revenue baby.
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.