Over 150 of the Worst Spammers, Scrapers and Crackers from 2007

Update 2010/07/07: Please visit the 2010 IP Blacklist for more current information.
Over the course of each year, I blacklist a considerable number of individual IP addresses. Every day, Perishable Press is hit with countless numbers of spammers, scrapers, crackers and all sorts of other hapless turds. Weekly examinations of my site’s error logs enable me to filter through the chaff and cherry-pick only the most heinous, nefarious attackers for blacklisting. Minor offenses are generally dismissed, but the evil bastards that insist on wasting resources running redundant automated scripts are immediately investigated via IP lookup and denied access via simple htaccess directive:
<Limit GET POST PUT>
order allow,deny
allow from all
deny from 123.456.789
</LIMIT>
Although many of the worst attacks happen in randomized, zombie-like fashion, I have found that individual IPs that are not blacklisted will return repeatedly until finally blocked. Yet, despite the short-term success enjoyed by denying access to the most malicious IPs, the long-term futility of such blacklisting reflects the temporary nature of this solution. In other words, I have found that blocking individual IPs is useful only for limited periods of time. Thus, every year, I gather my code and flush the blacklist of all individually blocked IP addresses. I then start fresh, adding the worst villains to the list, blocking entire IP ranges if necessary, and referring to previous versions of my htaccess files to cross-check suspiciously familiar entities. It is within this context, then, that I present the following manually assembled collection of over 150 of the worst spammers, scrapers, and crackers to hit my site in 2007.
The Perishable Press 2007 Individually Blocked IP Blacklist
Note: The following list is presented for reference purposes, and is not necessarily recommended for direct copy & paste application.
# 165 BANISHED FOOLS
<Limit GET POST PUT>
order allow,deny
allow from all
# RIPE Network
deny from 62.141.39.235
deny from 62.193.205.210
deny from 62.195.238.225
deny from 80.97.12.51
deny from 80.237.144.80
deny from 81.19.151.104
deny from 81.92.159.45
deny from 81.176.228.30
deny from 82.137.216.16
deny from 82.141.145.197
deny from 82.208.60.42
deny from 84.16.224.168
deny from 85.198.208.78
deny from 88.84.128.164
deny from 88.140.83.49
deny from 88.191.20.52
deny from 88.198.131.54
deny from 88.208.228.216
deny from 89.149.164.130
deny from 89.167.152.110
deny from 89.41.67.162
deny from 91.75.70.18
deny from 91.121.4.205
deny from 193.43.36.234
deny from 195.175.37.70
deny from 195.225.169.73
deny from 195.242.192.18
deny from 212.40.5.38
deny from 212.241.168.186
deny from 212.108.128.30
deny from 213.114.118.44
deny from 213.22.94.50
deny from 213.203.204.70
deny from 213.229.137.240
deny from 217.13.86.17
deny from 217.73.200.244
deny from 217.156.87.154
deny from 79.22.176.145
deny from 81.177.22.242
deny from 83.223.98.160
deny from 86.125.108.159
deny from 87.233.135.30
deny from 89.97.248.67
deny from 161.53.149.3
deny from 195.70.36.237
deny from 212.51.122.7
deny from 213.175.37.194
deny from 213.123.128.28
deny from 213.189.10.11
# Asia Pacific Network
deny from 60.190.243.173
deny from 61.47.47.55
deny from 125.15.14.3
deny from 125.246.52.254
deny from 125.246.96.194
deny from 125.246.154.66
deny from 163.17.190.135
deny from 165.228.128.11
deny from 165.228.131.11
deny from 165.228.131.12
deny from 165.228.132.11
deny from 196.12.53.9
deny from 202.53.12.34
deny from 202.70.201.34
deny from 203.111.38.130
deny from 210.114.222.188
deny from 211.76.128.155
deny from 211.115.112.28
deny from 218.8.129.252
deny from 220.227.134.30
deny from 221.238.235.159
deny from 222.124.147.211
deny from 222.174.184.35
deny from 125.164.200.157
deny from 203.162.1.238
# Latin American and Caribbean IP address Regional Registry
deny from 189.11.126.37
deny from 200.83.4.4
deny from 200.101.66.98
deny from 200.105.231.130
deny from 200.115.166.2
deny from 200.129.43.168
deny from 200.102.51.88
deny from 201.14.185.159
deny from 201.14.190.128
deny from 201.24.66.94
# Google Hackers
deny from 69.89.21.71
deny from 72.232.150.250
deny from 208.110.218.138
deny from 208.110.218.139
deny from 208.110.218.201
# HostDime com Inc
deny from 66.7.197.76
deny from 72.29.65.97
deny from 72.29.66.107
deny from 72.29.74.99
# Layered Technologies
deny from 72.232.26.34
deny from 72.232.83.82
deny from 72.233.5.178
deny from 4.79.181.202 "# Level 3 Comm "
deny from 8.7.22.195 "# Level 3 Comm "
deny from 207.44.234.6 "# Everyones Internet "
deny from 207.44.188.10 "# Everyones Internet "
deny from 74.52.158.98 "# ThePlanet.com Internet Services, Inc. "
deny from 74.53.88.114 "# ThePlanet.com Internet Services, Inc. "
deny from 70.85.208.66 "# ThePlanet.com Internet Services, Inc. "
deny from 67.19.192.212 "# ThePlanet.com Internet Services, Inc. "
deny from 69.93.171.242 "# ThePlanet.com Internet Services, Inc. "
deny from 70.87.63.234 "# ThePlanet.com Internet Services, Inc. "
# BANDWIDTH HOGS
deny from 69.60.125.233 "# infolink "
deny from 87.192.246.117 "# ibis pa net "
deny from 207.210.105.96 "# global net access "
deny from 217.20.115.84 "# netdirect net "
deny from 66.79.165.43 "# Managed Solutions "
deny from 72.215.220.52 "# cox comm "
deny from 207.67.117.178 "# time warner "
deny from 216.91.52.168 "# savvis "
deny from 64.27.10.199 "# hollywood interactive "
deny from 213.22.94.50 "# tvcabo "
deny from 216.240.146.118 "# atmlink "
deny from 64.27.13.218 "# hollywood interactive "
deny from 81.223.153.134 "# technix internet "
# GENERAL IDIOTS
deny from 38.99.201.82 "# Performance Systems International Inc "
deny from 70.249.74.134 "# att internet services "
deny from 72.36.115.56 "# CazoodleBot Crawler "
deny from 63.113.69.15 "# mci comm "
deny from 64.79.200.190 "# name intelligence "
deny from 65.69.224.10 "# att "
deny from 67.159.26.63 "# FDC Servers net LLC "
deny from 69.72.254.194 "# fortress itx "
deny from 208.179.126.38 "# Tierzero "
deny from 69.89.21.79 "# bluehost "
deny from 65.228.131.12 "# UUNET Technologies "
deny from 71.6.196.212 "# California Regional Intranet "
deny from 66.46.177.240 "# Allstream Corp Corporation Allstream "
deny from 72.215.220.52 "# 7 plugin tips cracker at Cox Comm "
deny from 66.135.39.227 "# Server Beach "
deny from 64.26.63.10 "# Hostway Corp "
deny from 66.11.122.72 "# Suavemente "
deny from 69.65.46.207 "# GigeNET "
deny from 67.192.61.246 "# Rackspace "
deny from 69.64.77.25 "# Abacus America "
deny from 207.7.108.203 "# Textdrive "
deny from 209.123.207.130 "# Net Access Corp "
deny from 72.249.45.76 "# Colo4Dallas LP COLO4 BLK2 "
deny from 70.103.251.5 "# Electric Lightwave Inc "
deny from 65.44.66.100 "# XO Communications "
deny from 72.20.4.66 "# Staminus Communications "
deny from 66.235.180.189 "# HopOne Internet Corporation "
deny from 196.40.106.216 "# African Network "
deny from 64.27.143.218 "# Novacon "
deny from 66.158.134.10 "# B2B2C Inc "
deny from 71.13.68.206 "# Charter Communications "
deny from 72.55.156.153 "# Groupe iWeb Technologies inc. "
deny from 72.51.42.202 "# Peer 1 Network Inc. "
deny from 72.55.148.27 "# Groupe iWeb Technologies inc. "
deny from 82.158.142.161 "# dyn.user.ono.com "
deny from 144.226.173.68 "# Sprint "
deny from 199.233.91.129 "# J.E.D.I. Network "
deny from 208.53.147.60 "# FDC Servers.net, LLC "
deny from 208.80.193.39 "# Websense, Inc "
deny from 216.118.97.226 "# Net Access Corporation "
deny from 216.177.128.128 "# Speedfox, Inc "
deny from 216.215.70.242 "# Logix Communications "
deny from 69.12.121.5 "# Netfire.com "
deny from 216.17.101.126 "# Phatservers.net "
</LIMIT>
Thanks for this man, after finally breaking into google and getting some ranking i have started to get hit by spam bots and other nasties this is a great help.
Cheers
Thanks for the feedback, Don. Congrats on breaking into Google, despite the unwanted side-effects. Securing your site as it becomes more popular is a critical part of working and thriving online. You may also want to check out this article for an effective method of protecting your site. — Cheers ;)
It’s a great list :D
Thanks
Am I just not educated well enough. I can’t seem to get any of the IP address blocks to work!
Is .htaccess just to block FTP access, if so, is there a way to block HTTP access to my website?
Thank you so much… Here is a portion of my .htaccess located in the root of my html directory. However, I continue to get access from persons leaving inappropriate comments in some gallery files. I know this because the gallery captures the IP of the poster. Also, because we had asked a specific site to remove a link to our site because of possible copyright violations, we listed their ip and name, but still they appear to have un-inhibited access. ??
# -FrontPage-
IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*
# Added to block access by specific IP address range 4/28/08.
order allow,deny
allow from all
deny from irazoo.com
deny from 89.0.15.107
deny from 76.12.42.68
deny from 195.47.247.139
deny from 195.47.247.140
deny from 195.47.247.141
deny from 195.47.247.142
deny from 195.47.247.143
deny from 62.
deny from 76.30.*.*
deny from 77.*.*.*
deny from 78.*.*.*
deny from 79.*.*.*
deny from 80.*.*.*
deny from 81.*.*.*
deny from 82.*.*.*
deny from 83.*.*.*
deny from 84.*.*.*
deny from 85.*.*.*
deny from 86.*.*.*
The htaccess method used to block individual IP addresses as presented in the above article may be generalized to block any all access to your domain for the blocked IP. For example, if you place the following code in a working root htaccess file:
<Limit GET POST PUT>
order allow,deny
allow from all
deny from 123.456.789
</LIMIT>
..the IP address “
123.456.789
” will be denied access to your site. Of course, to apply this method on an actual site, replace the example IP address with one that you wish to block. Subsequent IPs may be blocked by replicating the “deny from
” line as demonstrated in the article above.Okay, they might be targeting the comment script directly. Try adding the following code to your root htaccess file:
# DENY ACCESS TO COMMENT SCRIPT FOR SPECIFIC IP
<ifmodule mod_rewrite.c>
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .comment\-script\.
RewriteCond %{REMOTE_ADDR} ^123\.123\.123\.123$
RewriteRule (.*) - [F,L]
</ifmodule>
Replace the “
comment\-script
” with the name of the actual file. Also replace the “123\.123\.123\.123
” with the IP that you wish to block. Once in place, this method will block the specified IP address from posting anything through the comment script. Good luck!Thank you so much for your quick and professional replies. I’m not particularily versed in these processes, but I will try to implement this as soon as possible.
In the meantime, I have had to block all comments, just to block the spammers, and want to return to the default parameters, and allow comments!