Latest TweetsVerify any search engine or visitor via CLI Forward-Reverse Lookup perishablepress.com/cli-forwar…
Perishable Press

Over 150 of the Worst Spammers, Scrapers and Crackers from 2007

Over the course of each year, I blacklist a considerable number of individual IP addresses. Every day, Perishable Press is hit with countless numbers of spammers, scrapers, crackers and all sorts of other hapless turds. Weekly examinations of my site’s error logs enable me to filter through the chaff and cherry-pick only the most heinous, nefarious attackers for blacklisting. Minor offenses are generally dismissed, but the evil bastards that insist on wasting resources running redundant automated scripts are immediately investigated via IP lookup and denied access via simple htaccess directive:

<Limit GET POST PUT>
	Order allow,deny
	Allow from all
	Deny from 123.456.789
</Limit>

Although many of the worst attacks happen in randomized, zombie-like fashion, I have found that individual IPs that are not blacklisted will return repeatedly until finally blocked. Yet, despite the short-term success enjoyed by denying access to the most malicious IPs, the long-term futility of such blacklisting reflects the temporary nature of this solution. In other words, I have found that blocking individual IPs is useful only for limited periods of time.

Update: Check out the new and improved 2013 IP Blacklist »

Thus, every year, I gather my code and flush the blacklist of all individually blocked IP addresses. I then start fresh, adding the worst villains to the list, blocking entire IP ranges if necessary, and referring to previous versions of my htaccess files to cross-check suspiciously familiar entities. It is within this context, then, that I present the following manually assembled collection of over 150 of the worst spammers, scrapers, and crackers to hit my site in 2007.

The Perishable Press 2007 Individually Blocked IP Blacklist

Note: The following list is presented for reference purposes, and is not necessarily recommended for direct copy & paste application.

# 165 BANISHED FOOLS
<Limit GET POST PUT>
	Order allow,deny
	Allow from all
	
	# RIPE Network
	Deny from 62.141.39.235
	Deny from 62.193.205.210
	Deny from 62.195.238.225
	Deny from 80.97.12.51
	Deny from 80.237.144.80
	Deny from 81.19.151.104
	Deny from 81.92.159.45
	Deny from 81.176.228.30
	Deny from 82.137.216.16
	Deny from 82.141.145.197
	Deny from 82.208.60.42
	Deny from 84.16.224.168
	Deny from 85.198.208.78
	Deny from 88.84.128.164
	Deny from 88.140.83.49
	Deny from 88.191.20.52
	Deny from 88.198.131.54
	Deny from 88.208.228.216
	Deny from 89.149.164.130
	Deny from 89.167.152.110
	Deny from 89.41.67.162
	Deny from 91.75.70.18
	Deny from 91.121.4.205
	Deny from 193.43.36.234
	Deny from 195.175.37.70
	Deny from 195.225.169.73
	Deny from 195.242.192.18
	Deny from 212.40.5.38
	Deny from 212.241.168.186
	Deny from 212.108.128.30
	Deny from 213.114.118.44
	Deny from 213.22.94.50
	Deny from 213.203.204.70
	Deny from 213.229.137.240
	Deny from 217.13.86.17
	Deny from 217.73.200.244
	Deny from 217.156.87.154
	Deny from 79.22.176.145
	Deny from 81.177.22.242
	Deny from 83.223.98.160
	Deny from 86.125.108.159
	Deny from 87.233.135.30
	Deny from 89.97.248.67
	Deny from 161.53.149.3
	Deny from 195.70.36.237
	Deny from 212.51.122.7
	Deny from 213.175.37.194
	Deny from 213.123.128.28
	Deny from 213.189.10.11
	
	# Asia Pacific Network
	Deny from 60.190.243.173
	Deny from 61.47.47.55
	Deny from 125.15.14.3
	Deny from 125.246.52.254
	Deny from 125.246.96.194
	Deny from 125.246.154.66
	Deny from 163.17.190.135
	Deny from 165.228.128.11
	Deny from 165.228.131.11
	Deny from 165.228.131.12
	Deny from 165.228.132.11
	Deny from 196.12.53.9
	Deny from 202.53.12.34
	Deny from 202.70.201.34
	Deny from 203.111.38.130
	Deny from 210.114.222.188
	Deny from 211.76.128.155
	Deny from 211.115.112.28
	Deny from 218.8.129.252
	Deny from 220.227.134.30
	Deny from 221.238.235.159
	Deny from 222.124.147.211
	Deny from 222.174.184.35
	Deny from 125.164.200.157
	Deny from 203.162.1.238
	
	# Latin American and Caribbean IP address Regional Registry
	Deny from 189.11.126.37
	Deny from 200.83.4.4
	Deny from 200.101.66.98
	Deny from 200.105.231.130
	Deny from 200.115.166.2
	Deny from 200.129.43.168
	Deny from 200.102.51.88
	Deny from 201.14.185.159
	Deny from 201.14.190.128
	Deny from 201.24.66.94
	
	# Google Hackers
	Deny from 69.89.21.71
	Deny from 72.232.150.250
	Deny from 208.110.218.138
	Deny from 208.110.218.139
	Deny from 208.110.218.201
	
	# HostDime com Inc
	Deny from 66.7.197.76
	Deny from 72.29.65.97
	Deny from 72.29.66.107
	Deny from 72.29.74.99
	
	# Layered Technologies
	Deny from 72.232.26.34
	Deny from 72.232.83.82
	Deny from 72.233.5.178
	
	# Level 3 Comm
	Deny from 4.79.181.202
	Deny from 8.7.22.195
	
	# Everyones Internet
	Deny from 207.44.234.6
	Deny from 207.44.188.10
	
	# ThePlanet.com Internet Services, Inc.
	Deny from 74.52.158.98
	Deny from 74.53.88.114
	Deny from 70.85.208.66
	Deny from 67.19.192.212
	Deny from 69.93.171.242
	Deny from 70.87.63.234
	
	# BANDWIDTH HOGS
	
	# infolink
	Deny from 69.60.125.233
	
	# ibis pa net
	Deny from 87.192.246.117
	
	# global net access
	Deny from 207.210.105.96
	
	# netdirect net
	Deny from 217.20.115.84
	
	# Managed Solutions
	Deny from 66.79.165.43
	
	# cox comm
	Deny from 72.215.220.52
	
	# time warner
	Deny from 207.67.117.178
	
	# savvis
	Deny from 216.91.52.168
	
	# hollywood interactive
	Deny from 64.27.10.199
	
	# tvcabo
	Deny from 213.22.94.50
	
	# atmlink
	Deny from 216.240.146.118
	
	# hollywood interactive
	Deny from 64.27.13.218
	
	# technix internet
	Deny from 81.223.153.134
	
	# GENERAL IDIOTS
	
	# Performance Systems International Inc
	Deny from 38.99.201.82
	
	# att internet services
	Deny from 70.249.74.134
	
	# CazoodleBot Crawler
	Deny from 72.36.115.56
	
	# mci comm
	Deny from 63.113.69.15
	
	# name intelligence
	Deny from 64.79.200.190
	
	# att
	Deny from 65.69.224.10
	
	# FDC Servers net LLC
	Deny from 67.159.26.63
	
	# fortress itx
	Deny from 69.72.254.194
	
	# Tierzero
	Deny from 208.179.126.38
	
	# bluehost
	Deny from 69.89.21.79
	
	# UUNET Technologies
	Deny from 65.228.131.12
	
	# California Regional Intranet
	Deny from 71.6.196.212
	
	# Allstream Corp Corporation Allstream
	Deny from 66.46.177.240
	
	# 7 plugin tips cracker at Cox Comm
	Deny from 72.215.220.52
	
	# Server Beach
	Deny from 66.135.39.227
	
	# Hostway Corp
	Deny from 64.26.63.10
	
	# Suavemente
	Deny from 66.11.122.72
	
	# GigeNET
	Deny from 69.65.46.207
	
	# Rackspace
	Deny from 67.192.61.246
	
	# Abacus America
	Deny from 69.64.77.25
	
	# Textdrive
	Deny from 207.7.108.203
	
	# Net Access Corp 
	Deny from 209.123.207.130
	
	# Colo4Dallas LP COLO4 BLK2
	Deny from 72.249.45.76
	
	# Electric Lightwave Inc
	Deny from 70.103.251.5
	
	# XO Communications
	Deny from 65.44.66.100
	
	# Staminus Communications
	Deny from 72.20.4.66
	
	# HopOne Internet Corporation
	Deny from 66.235.180.189
	
	# African Network
	Deny from 196.40.106.216
	
	# Novacon
	Deny from 64.27.143.218
	
	# B2B2C Inc 
	Deny from 66.158.134.10
	
	# Charter Communications
	Deny from 71.13.68.206
	
	# Groupe iWeb Technologies inc.
	Deny from 72.55.156.153
	
	# Peer 1 Network Inc.
	Deny from 72.51.42.202
	
	# Groupe iWeb Technologies inc.
	Deny from 72.55.148.27
	
	# dyn.user.ono.com
	Deny from 82.158.142.161
	
	# Sprint
	Deny from 144.226.173.68
	
	# J.E.D.I. Network
	Deny from 199.233.91.129
	
	# FDC Servers.net, LLC
	Deny from 208.53.147.60
	
	# Websense, Inc
	Deny from 208.80.193.39
	
	# Net Access Corporation
	Deny from 216.118.97.226
	
	# Speedfox, Inc
	Deny from 216.177.128.128
	
	# Logix Communications
	Deny from 216.215.70.242
	
	# Netfire.com
	Deny from 69.12.121.5
	
	# Phatservers.net
	Deny from 216.17.101.126
</Limit>

More security tips and tricks on the way. Stay tuned!

Jeff Starr
About the Author Jeff Starr = Web Developer. Security Specialist. WordPress Buff.
Archives
8 responses
  1. Thanks for this man, after finally breaking into google and getting some ranking i have started to get hit by spam bots and other nasties this is a great help.
    Cheers

  2. Jeff Starr

    Thanks for the feedback, Don. Congrats on breaking into Google, despite the unwanted side-effects. Securing your site as it becomes more popular is a critical part of working and thriving online. You may also want to check out this article for an effective method of protecting your site. — Cheers ;)

  3. It’s a great list :D

    Thanks

  4. Rich Paul May 13, 2008 @ 7:40 pm

    Am I just not educated well enough. I can’t seem to get any of the IP address blocks to work!

    Is .htaccess just to block FTP access, if so, is there a way to block HTTP access to my website?

  5. Rich Paul May 13, 2008 @ 9:26 pm

    Thank you so much… Here is a portion of my .htaccess located in the root of my html directory. However, I continue to get access from persons leaving inappropriate comments in some gallery files. I know this because the gallery captures the IP of the poster. Also, because we had asked a specific site to remove a link to our site because of possible copyright violations, we listed their ip and name, but still they appear to have un-inhibited access. ??

    # -FrontPage-

    IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

    # Added to block access by specific IP address range 4/28/08.

    order allow,deny
    allow from all
    deny from irazoo.com
    deny from 89.0.15.107
    deny from 76.12.42.68
    deny from 195.47.247.139
    deny from 195.47.247.140
    deny from 195.47.247.141
    deny from 195.47.247.142
    deny from 195.47.247.143
    deny from 62.
    deny from 76.30.*.*
    deny from 77.*.*.*
    deny from 78.*.*.*
    deny from 79.*.*.*
    deny from 80.*.*.*
    deny from 81.*.*.*
    deny from 82.*.*.*
    deny from 83.*.*.*
    deny from 84.*.*.*
    deny from 85.*.*.*
    deny from 86.*.*.*

  6. Jeff Starr

    The htaccess method used to block individual IP addresses as presented in the above article may be generalized to block any all access to your domain for the blocked IP. For example, if you place the following code in a working root htaccess file:

    <Limit GET POST PUT>
     order allow,deny
     allow from all
     deny from 123.456.789
    </LIMIT>

    ..the IP address “123.456.789” will be denied access to your site. Of course, to apply this method on an actual site, replace the example IP address with one that you wish to block. Subsequent IPs may be blocked by replicating the “deny from” line as demonstrated in the article above.

  7. Jeff Starr

    Okay, they might be targeting the comment script directly. Try adding the following code to your root htaccess file:

    # DENY ACCESS TO COMMENT SCRIPT FOR SPECIFIC IP
    <ifmodule mod_rewrite.c>
     RewriteCond %{REQUEST_METHOD} POST
     RewriteCond %{REQUEST_URI} .comment\-script\.
     RewriteCond %{REMOTE_ADDR} ^123\.123\.123\.123$
     RewriteRule (.*) - [F,L]
    </ifmodule>

    Replace the “comment\-script” with the name of the actual file. Also replace the “123\.123\.123\.123” with the IP that you wish to block. Once in place, this method will block the specified IP address from posting anything through the comment script. Good luck!

  8. Rich Paul May 14, 2008 @ 5:45 am

    Thank you so much for your quick and professional replies. I’m not particularily versed in these processes, but I will try to implement this as soon as possible.

    In the meantime, I have had to block all comments, just to block the spammers, and want to return to the default parameters, and allow comments!

[ Comments are closed for this post ]