# Blocks from here down deny from 173.233.66.97 # gen spam deny from 98.172.14.5 deny from 83.10.82.97 # romania spam deny from 94.60.175.88 # poland finance deny from 89.68.29.30 # usa - many from this block deny from 74.221.208. #nz spam deny from 110.55.85.148 # dating deny from 217.174.60.140 # usa deny from 98.203.27.194 deny from 74.108.162.89 # unknown (proxy?) deny from 124.6.181.185 # ukrain deny from 46.33.241.195 # proxy servers 1 attack deny from 188.215.32.206 deny from 119.252.163.90 deny from 110.139.118.31 deny from 180.247.218.143 deny from 180.241.88.88 deny from 203.172.196.24 deny from 61.43.137.197 deny from 208.62.150.164 deny from 64.255.110.220 deny from 204.196.190.132 deny from 122.225.68.122 deny from 59.172.208.186 deny from 59.77.15.40 deny from 116.68.250.50 deny from 118.139.176.173 deny from 200.161.98.142 deny from 204.196.190.132 deny from 182.68.101.126 deny from 85.13.253.18 # gen idiot deny from 204.124.182.226 deny from 188.165.209.132 deny from 88.230.98.129 deny from 83.7.183.209 # Any ubiquity servers, anywwher # this seems to slow the system down and f's up the logse # deny from rdns.ubiquityservers.com # ubiquity server proxy - may be more to come in this block - yes! deny from 23.19.158. # usa deny from 68.175.1.222 #singapore deny from 218.186.15.10 # canada deny from 70.67.245.41 #fresno deny from 109.230.244.146 deny from 109.230.246. #philipines deny from 121.96.213.87 deny from 125.212.49.121 deny from 210.4.61.119 deny from 121.96.212.202 # russian deny from 91.210.106. # unbiquity added 2/9/2011 deny from 173.234. deny from 173.208.19 # unbiquity added 2/9/2011 deny from 64.120. # ubiquiry deny from 173.208.40. deny from 173.208.8. deny from 173.237.178.164 # dynamic.hinet added 2/9/2011 deny from 111.243. # bb.netbynet.ru added 2/9/2011 deny from 46.73. # Threespamattempts deny from 94.192.41.67 # One logged attempt,but many prev deny from 203.122.32.213 # unbiquity added 2/9/2011 deny from 69.147.240.102 # unbiquity added 2/9/2011 deny from 173.208.56. deny from 173.208.57. ## Unique ips from here on # sock puppet / walks like duck deny from 76.172.9.84 # korean spam deny from 221.139.104.110 # russian (2 ips from same spam, same day) deny from 109.254.49.8 109.254.49.8 # northernpower username deny from 82.0.138.158 # berlin hearing aids deny from 31.214.169.97 # gold spam added 2/9/2011 deny from 211.217.187.36 # misc junk added 2/9/2011 deny from 119.161.238.90 # casino spam added 2/9/2011 deny from 109.230.220.24 # gen spam added 2/9/2011 deny from 221.148.81.36 # gen spam added 2/9/2011 deny from 115.241.116.166 # gen spam added 2/9/2011 deny from 115.167.113.43 # gen spam added 2/9/2011 deny from 119.111.124.194 # gen spam added 2/9/2011 deny from 122.49.210.50 # gen spam added 2/9/2011 deny from 203.122.32.213 # drug spam added 4/9/11 deny from 94.218.177.75 # Forexroboterer name deny from 173.242.116.220 # cheap leccy deny from 184.22.156.6 # Forextradingstrategie deny from 178.63.231.71 # 4 reg attempts 22/9/11 deny from 173.73.26.9 # Apape spam attempt deny from 109.230.251.132 # german spam deny from 85.25.100. # Tot co Thailand - noteable spammers # Anbieterstrom gmx email # Lotto gmx email deny from 180.180.70. deny from 180.180.71. deny from 180.180.72. deny from 180.180.73. deny from 180.180.64. deny from 180.180.224. deny from 118.173.75. deny from 64.71.124.132 deny from 88.200.145.6 deny from 180.180.238. deny from 118.173.70. # Preisvergleichstrom deny from 184.22.156.6 #Strompreise deny from 118.173.64. deny from 118.173.67. # Uniquity / NOBISTECH deny from 108.62.160. deny from 108.62.163. deny from 108.62.167. deny from 108.62.152. deny from 108.62.64 deny from 173.208.12 # gen spam deny from 89.42.108.210 deny from 188.146.255.153 deny from 65.49.68.160 deny from 87.182.98.112 deny from 122.165.226.233 deny from 89.73.136.20 deny from 109.169.69.111 deny from 196.1.178.254 deny from 112.135.71.205 deny from 69.171.160.210 deny from 199.15.234. deny from 79.218.169.155 deny from 84.54.130. deny from 87.98.142.139 deny from 109.186.46.16 deny from 85.99.159.215 deny from 199.168.137.109 deny from 67.205.96.23 deny from 67.81.112.139 deny from 92.83.158.33 deny from 184.154.203.210 deny from 94.63.4.149 deny from 94.242.211.72 deny from 93.172.191.97 deny from 122.165.226.23 deny from 108.21.103.109 deny from 188.165.112.230 deny from 74.50.107.131 deny from 75.129.230.51 deny from 86.120.148.155 deny from 122.52.12.162 deny from 184.107.247.146 deny from 174.34.170.218 deny from 93.172.168.108 deny from 176.31.155.2 deny from 66.232.112.136 deny from 199.19.109.122 deny from 173.208.208.100 deny from 109.75.201.117 deny from 23.19.34.188 deny from 184.82.67. deny from 176.31.18.219 deny from 50.31.30. deny from 194.44.228.34 deny from 122.179.146.135 deny from 176.31.83. deny from 92.45.140.130 deny from 184.82.21. deny from 65.98.105.5 deny from 193.41.184.91 deny from 188.227.175.184 deny from 24.167.136.15 deny from 176.31.79.182 deny from 122.179.144.67 deny from 74.118.192.251 deny from 80.191.227.248 deny from 187.48.137.2 deny from 205.251.132.51 deny from 173.244.213.125 deny from 122.179.151.81 deny from 115.64.203.34 deny from 221.174.50.137 deny from 46.40.76.206 deny from 79.114.14.237 deny from 122.170.50.142 deny from 109.230.217.155 deny from 180.246.114.50 deny from 50.31.10. # Malay script attack deny from 202.46.116.6 # philipines (idiot) deny from 112.204.45.77 # more than 1 attempt from this block deny from 124.6.181. # Specials? # BELOW UK - might be sky IP - watch this deny from 90.218.37.105 # ABOVE UK - might be sky IP - watch this ####### 2010 additions # Jan 5: 174.127.132.154/26 - Vanoppen.biz - sent harvesters, disregarded robots.txt prohibitions - caught in bad bot trap. # Jan 11: 93.174.88.0/21 - ecatel.net - replacing 93.174.93.0/24 with wider CIDR of parent ISP after spam from colocated servers # Feb 14: 77.240.113.128/26 - Acens.net, in Spain, for exploit attacks # Feb 17: 195.42.102.0/23 - Todayhost, NL - Scraper bots from Purity Search ignored robots.txt and tripped bot trap # Feb 17: 188.92.72.0/21 - Ad Technology datacenter in Latvia - Malware aand exploit servers used by cyber criminals # Feb 22: 213.186.32.0/19 - OVH.net in France - hosting and dedicated servers used for exploit attacks against my server # Mar 10: 212.241.176.0/23 - UK-PIPEX-HOST Dedicated Servers (Donhost - LDC3) # Apr 5: 89.248.168.0/24 - Ecatel in The Netherlands. Blog and forum spam coming from their dedicated servers # Apr 8: Fixed CIDR 72.36.168.153/29 to read 72.36.168.152/29 - fixing a hiccup in Cisco firewalls # Apr 13: Fixed CIDR 174.127.132.154/26 to read 174.127.132.128/26 - fixing a hiccup in Cisco firewalls # Apr 19: 91.205.96.0/22 - 2dayhost.com, in The Netherlands, for repeated exploit attacks from its servers # Apr 26: 95.211.0.0/16 - Leaseweb in The Netherlands - used in exploit attacks from Russia (MRA in user agent) # Apr 30: 80.117.0.0/16 - Interbusiness.it - spam and scam email from botnetted computers # Apr 30: 94.228.209.128/25 in The Netherlands - due to leased servers used by rogue AV criminals to dispense malware # May 10: 188.138.56.0/22 - Serverloft in Germany - due to numerous exploit attacks # May 11: Expanded Server Central to full CIDR: 205.234.128.0/17 # May 16: 93.190.139.0/24 - emarketeasy servers - spam source # May 17: 178.32.40.0/21 - OVH Servers in Belgium - Hillary Kneber exploit attack source # May 25: 95.110.224.0/21 - dedicated servers in Italy, used in attacks # June 9: 64.15.156.64/27 - iWeb Montreal - dedicated servers used in spam attacks # June 9: 69.31.128.0/20 - Pilosoft servers, used for hosting phishing pages and malware # June 27: Expanded Leaseweb.nl CIDR from 94.75.229.0/24 to 94.75.192.0/18, following injection attempts # July 10: 213.180.64.0/19 - ipeer.se shared servers - server attacks # July 10: 213.19.146.0/24 in The Netherlands - ZL Factory - server attacks # July 10: 77.232.72.0/15 - Servage.net servers, in Germany - server attacks # July 11: 213.5.64.0/21 - Altushost Dedicated and VPS hosting- The Netherlands - server attacks # July 15: 64.62.181.32/27 - Ripside Interactive and FileAve free hosting - of malware and server attack files # July 22: Expanded OVH Servers in France from 94.23.0.0/18 to 94.23.0.0/16. They are hosting Russian malware exploits # July 23: 92.43.200.0/21 in Hungary - colocation servers used in blog attacks # July 29: 173.234.28.0/22 - Ubiquity Servers - for exploit probes # Aug 4: 79.175.165.0/24 in Tehran, Iran - for exploit attacks by Casper group hackers # Aug 4: 80.249.173.0/24 in Hungary - static IPs used to attack web servers # Aug 7: 184.107.0.0/16 - iWeb Technologies, in Montral, Canada - unconfigured servers used for numerous exploit attacks. # Aug 10: 173.234.144.0/21 - AS15003 - Ubiquity Server Solutions, L.A. CA - due to Casper gang exploit attacks # Aug 26: Removed 92.56.0.0/16 in Spain, as it includes dynamic IP ISPs. But, I'll be watching for exploited servers. # Aug 26: 213.251.184.0/22 - OVH Dedicated Servers in France, for exploit attacks # Sept 7: 173.234.46.0/24 - Ubiquity Servers and Nobis - exploit attacks from unconfigured servers # Sept 22: 79.142.64.0/20 - Altushost - Belize. Server exploit attacks and malware destinations. # Oct 5: 80.82.208.0/20 - Fastwebserver colocation fcility in Germany - serious exploit attacks # Oct 8: 213.251.128.0/18 - OVH servers in France # Oct 10: Expanded Leaseweb exploited shared, dedicated and colocation servers from 83.149.90.0/24 to 83.149.64.0/18 # Oct 12: 83.243.80.0/21 - DE-ServerCrew-Colo - Germany - for exploit attacks # Oct 19: 95.154.192.0/18 - RapidSwitch - iDealhosting Managed Servers in Turkey - for server attacks # Nov 11: 174.37.61.64/27 - Softlayer - Spam and server exploit attacks # Nov 11: 178.239.48.0/20 - Belize - Server attacks # Dec 26: 173.234.92.0/22 - ubiquityservers.com, unconfigured server exploit attacks # Dec 28: 173.234.120.0/22 -ubiquityservers.com, unconfigured server exploit attacks # Dec 28: 173.208.56.0/22 - ubiquityservers.com, unconfigured server exploit attacks # Dec 31: 173.234.72.0/22 - ubiquityservers.com, unconfigured server exploit attacks # # 2011 # Jan 4: 174.36.60.221 - Static.softlayer.com - hosting redirects to Storm Trojan, via fake Ecard scams # Jan 5: 173.234.228.0/22 -ubiquityservers.com, blog spam attempts from Polish and Russian speaking spammers # Jan 5: 173.234.0.0/16 - all of ubiquityservers.com, server exploit attacks, blog spam attempts from Polish and Russian spammers # Feb 23: 81.3.32.0/19 Hostway, in Germany, for multiple exploit attacks targeting phpmyadmin # Feb 25: 82.195.238.104/30 - Dedicated hosting services in Switzerland - Huge PhpMyAdmin attacks # Mar 1: 66.232.107.140 - Kproxy added to Proxy Servers list # Mar 6: 109.230.208.0/20 and 109.230.240.0/20 - Germany Xsserver.eu Dedicated Servers - Blog spam # Mar 7: 141.76.45.34 Anonymous proxy server in Germany - used in email harvesting attempt # Mar 15: 83.103.64.0/18 - Fastweb in Spain - Server exploit attacks # Mar 24: 178.77.64.0/18 - HostEurope.de - for server attacks # Apr 3: 94.100.16.0/20 - The Netherlands - King Servers - Exploit attacks # Apr 3: 178.32.0.0/15 - OVH VPS Servers, in France - for exploit attacks and spam # Apr 3: 217.172.160.0/19 - SERVER4YOU Dedicated Server Hosting in Germany - Exploit attacks # Apr 4: 46.4.89.32/27 - clients.your-server.de - spam and hacking attacks # Apr 11: 188.40.0.0/16 - Germany - servers used in attack probes # Apr 14: 173.208.56.0/22 replaced with 173.208.0.0/17 - Ubiquity Servers - Noblis Tech - for server attacks # Apr 23: 193.238.228.0/22 - Hostway web hosting in France - for server exploit attacks # Apr 26: 188.138.0.0/17 replaces 188.138.56.0/22 - in Germany, due to further server exploit attempts # May 7: 109.230.220.0/23 - XsServer.eu - Exploit attacks # May 13: 46.4.95.192/27 - clients.your-server.de - for exploit and blog spam attacks # June 10: 94.112.0.0/14 - Mistral.cz - log spam and hosting malware downloads & Phishing pages # June 27: 176.9.0.0/16 - your-server.de - for exploits # June 28: 174.34.128.0/22 - Nobis Technology/Ubiquity Server Solutions Chicago - Blog spam scripts # Aug 8: 83.169.0.0/18 - HostEurope - Exploit attacks # Aug 19: 64.71.158.168/29 - Hurricane Electric - MaMa CaSpEr exploit attacks # Aug 28: 91.224.160.0/23 - Bergdorf Group - exploited servers sending attack codes to other websites # Sept 9: 174.142.0.0/16 - iWeb in Montreal - hack attacks from iWeb dedicated servers # Sept 15: 46.4.0.0/16 - replacing 2 smaller CIDR's belong to YourServer.de - hosting botnet malware and exploit attacks ################################################################################################### # The web servers blocked here are being used as proxy servers, for attacking other servers, or for harvesting, scraping, spamming, phishing, or hosting hostile scripts used to infect personal computers. As such they are threats to your website, even if you are with a host on this list. # These are not ISPs or PCs. They are website hosting servers, parked domain hosts and datacenters, including Schlund AG and 1&1 Internet AG servers. # Interbusiness.it and Telecom Italia Net. Content Scrapers and scammers use these CIDRs deny from 79.15.0.0/16 79.22.0.0/15 79.29.0.0/16 80.117.0.0/16 80.180.0.0/16 82.184.0.0/16 82.185.0.0/16 85.39.0.0/16 87.8.0.0/15 87.28.0.0/15 94.82.0.0/15 95.234.0.0/15 # Proxy servers and services and hosting companies with proxy server clients, listed by the full CIDR of the hosting company. deny from 61.206.125.0/24 62.171.194.0/23 75.126.0.0/16 80.33.0.0/16 80.58.0.0/16 81.12.0.0/17 83.16.154.152/29 85.10.219.104/29 85.92.130.0/24 85.185.0.0/16 88.198.241.104/29 88.198.252.144/29 145.253.239.8/29 150.188.0.0/15 193.164.131.0/24 194.112.195.202 198.145.112.128/25 198.145.182.0/26 200.30.64.0/20 200.43.108.0/24 200.75.128.0/20 200.126.112.0/20 200.172.222.0/26 200.202.192.0/18 200.210.0.0/16 203.160.0.0/23 207.44.128.0/17 207.210.192.0/18 208.110.68.144/29 216.104.32.0/20 # Individual Proxy Server IPs deny from 64.20.205.251 64.202.161.130 66.6.122.130 66.36.230.163 66.37.153.74 66.63.167.166 66.79.162.102 66.212.18.89 66.232.107.140 69.50.208.74 69.94.124.137 72.55.146.175 72.167.115.164 74.115.6.56 74.208.16.108 75.175.243.195 76.76.15.73 77.235.40.189 85.92.130.117 88.198.5.220 88.214.192.24 91.186.21.78 141.76.45.34 206.221.184.108 208.100.20.148 209.139.208.236 # ThePlanet.com and Everyones Internet; home of many spammers, hackers and trojan horses. I will unblock these CIDRs when Hell freezes over! deny from 64.5.32.0/19 64.246.0.0/18 66.98.128.0/17 67.15.0.0/16 67.18.0.0/15 69.93.0.0/16 70.84.0.0/14 74.52.0.0/14 75.125.0.0/16 174.120.0.0/14 174.132.0.0/15 207.44.128.0/17 209.62.0.0/17 216.127.64.0/19 # Rackspace - Hackers, spammers, scammers and phishers deny from 67.192.0.0/16 69.20.0.0/17 72.3.128.0/17 72.32.0.0/16 74.205.0.0/17 # Performance Systems International (PSI) (Spies) deny from 38.100.41.64/26 ####################################################### # We occasionally move some of the individual proxy IP addresses into the Exploited Servers list, as their host's CIDR is confirmed as not belonging to an ISP. # The IP addresses in this blocklist belong to various types of web hosting companies, server farms and datacenters. # Add other blocked domain names or IP addresses here, starting with "deny from " without quotes # If you find that you need to poke a hole in the blocklist for legitimate visitors, follow this example: allow from 123.456.789.0 # Add "allow from" IP addresses, or CIDR Ranges, after all of the "deny from" items, just before the closing Files tag. # Everything not included within these deny from ranges is PERMITTED by the allow portion of the directive. # If some or all of your own webpages are 403'd by this blocklist, place your server's IP address(es)s after "allow from" below, then remove the comment before it. # allow from #your server's IP allow from all