Tweet
AS's b& log
Right, I'm gonna make a list of IP address bans here so I'll know what's where and why. This is for unbanning at a later date. I'll add to it as shit happens.
-
-
94.142.128.0/21 :: Latvia :: 2,048 :: cssgroup.lv
2009-10-02:
User: D.Odork
email: optodehonsede@gmail.com
IP: 94.142.130.88
hostname: h-130-88.cssgroup.lv
reverse dns: yes
action: 94.142.130. range banned.
reason: spammer
notes: deleted him 3 times, keeps coming back, Banned CSSGROUP-NET/cssgroup.lv (Latvian) Class C range of 94.142.130.0 - 94.142.130.255. This prick also joined plus2.info, deleted his a/c there too.
2009-11-23
User: Valerylar
email: med.va.lery6@gmail.com
IP:94.142.128.140
hostname: h-128-140.cssgroup.lv
reverse dns: yes
action: user deleted
reason: obvious.
notes: Latvia is back. CSSGROUP-NET/cssgroup.lv (Latvian) Class C range of 94.142.128.128 - 94.142.128.255 for this guy. Any more and I'll expand the above ban to cover 94.142.128.0/21, which means 94.142.128.0 - 94.142.135.255 or 2048 IPs will be blanked. Waiting.
user: 908Last edited by ; Mon 23-11-2009, 5:45 PM. -
95.24.0.0/13 :: Russia :: 524,286 :: corbina.ru
2009-10-26:
User: Wyvvern????
email: Wyvvern????@gmail.com
IP: 95.25.247.252
hostname: 95-25-247-252.broadband.corbina.ru
reverse dns: yes
action: user deleted
reason: Spammer
notes: Corbina.ru again. No ban yet but I think there will be. Several corbina.ru class C & B ranges banned last year, this fucker's on different corbina range. Making a note here in case the pricks get frisky.
2009-11-20
User: makotonine
UID: 905
email: johny.my.d.e.pp13.049@gmail.com
IP: 95.28.16.76
hostname: 95-28-16-76.broadband.corbina.ru
reverse dns: yes
action: user deleted
reason: Spammer
notes: Corbina.ru again. This lad is on 95.28.0.0/16 (RU-CORBINA ST. PETERSBURG BROADBAND BLOCK) , a class B of corbina's 95.24.0.0 - 95.31.255.255 (95.24.0.0/13 RU-CORBINA BLOCK #10) AS8402 range.
Still waiting for this to become a problem before I ban 524,286 addresses off the net.Last edited by ; Mon 23-11-2009, 5:40 PM.Comment
-
67.18.0.0/15 :: US :: 131,070 :: theplanet.com
2009-11-10:
User: fragiatFier
email: kimberlysaline@gmail.com
IP: 67.19.136.74
hostname: 4a.88.1343.static.theplanet.com
reverse dns: yes
action: user deleted
reason: clearly a spammer
notes: Up and coming cunt. This one's interesting, IP belongs to big US hosting company ThePlanet.com with a Class B /15 CIDR. Noted here to store IP for future b& action.
join date: 2009-11-09 21:56
last activity: 2009-11-09 23:44
user: 893
2009-11-13
account awaiting moderation with same IP and same email deleted from plus2.info.
user: GergetizZerve
IP: 67.19.136.74
hostname: 4a.88.1343.static.theplanet.com
reverse dns: yes
action: user deleted
reason: clearly a spammer
join date: 2009-11-10 10:40
last activity: 2009-11-10 13:04
user: 137
notes: If I get 3 more from that IP I might well contact abuse@theplanet.com. Account timezone GMT +9:00Last edited by ; Mon 23-11-2009, 5:44 PM.Comment
-
94.102.49.0/24 :: Netherlands :: 256 :: hosted-by.ecatel.net
2009-10-02:
User: none as yet, 20+ inbound connections
email:
IP: 94.102.49.0/24
hostname: hosted-by.ecatel.net
reverse dns: no
action: 94.102.49. range temporarily banned.
reason: alleged botnet
notes: more than suspicious amounts of connections from obscure user-agents are coming in from host hosted-by.ecatel.net. There is no determinable IP for that hostname and reverse DNS fails. Only option open is to temp b& ecatel.net for a few days (as it is the Top Level Domain) and see what happens. Consequently, any IPs starting 94.102.4 will not get in here.
There have been no user a/c's created from this net yet, but seeing over 20 connections from same hostname each with DIFFERENT user-agents suggests this is more botnet than bot.
ecatel.net is based in The Hague in NL. Hope Jay doesn't get caught in the crossfire as he's out that direction.
2009-04-11:
action: 94.102.49. range unbanned.
notes: well we killed off all hosted-by.ecatel.net with that IP range so I'll do it again if needs be. Since nothing happened when they were in here (except the "online users" went way up) I'm unbanning this for now.
2009-04-11:
IP: 94.102.49.0/24
hostname: hosted-by.ecatel.net
reverse dns: no
action: 94.102.49. range PERMANENTLY banned.
reason: DEFO a botnet. Holy fuck. The cunts were queueing up to get in like sentinels in The Matrix. 60+ connections all viewing the "No Permission" message since the unbanning of 94.102.49.* at 2am this morning.
That's it. This is bordering on a DDoS (216 users currently online, up from 160 odd at time of unban at 2am (time now is 20:02 on the 11th)) so these cunts are blanked fo laife. Nuff Said.Last edited by ; Sun 11-04-2010, 8:03 PM.Comment
-
91.201.64.0/24 and 91.201.66.0/24 :: Russia :: 512 :: Donekoserv
2009-04-11:
User: none as yet, again 15+ inbound connections
email:
IP: 91.201.66.41 and 2 more on same ISP block
hostname: 91.201.66.41 (30), 91.201.66.70 (2) and 91.201.64.17 (1) (just IP addresses, but at least we have IPs now unlike ecatel.net earlier)
reverse dns: no
action: 91.201.64.0/24 and 91.201.66.0/24 ranges banned.
reason: alleged botnet
notes: 30 connections from 91.201.66.41, and at least 2 more from 91.201.66.70 and 91.201.64.17 nearby. They are russians which is more than enough of an excuse for the ban. Each connection has a different user-agent, they just lurk. I'm not taking the chance that its a fat-pipe of a university full of mr spring fans. I'm b& the lot, same as Corbina.ru.
91.201.66.0/23 (or 91.201.64.0 - 91.201.67.255) is the ISPs block, AS21098 is their autonomous system number, name of ISP is DonEkoService Ltd in ST. Petersburg, abuse emails for that AS go to admin@pinspb.ru, whoever pinspb.ru are.Last edited by ; Sun 11-04-2010, 8:28 PM.Comment
-
hammerlist
95.211.22.8
94.50.100.226
88.204.159.107
88.191.97.93
88.191.16.42
88.191.122.64
86.49.62.241
86.122.122.81
84.50.28.22
84.36.167.28
83.218.120.38
83.18.87.18
8.25.128.70
81.252.196.50
79.38.86.58
78.97.177.47
78.36.217.227
78.138.170.116
78.133.162.2
76.98.90.177
74.231.186.220
70.86.69.138
69.162.117.216
67.136.62.222
66.36.231.90
65.173.95.4
62.193.229.116
61.147.69.136
61.143.178.194
61.138.179.111
61.133.208.210
61.132.244.14
60.31.215.66
60.210.8.234
60.171.75.147
58.221.31.56
222.73.182.217
222.46.19.231
222.168.44.110
221.238.129.108
221.224.53.29
221.224.213.202
221.224.213.198
221.174.25.221
221.143.20.186
221.127.214.189
220.194.56.94
219.153.49.151
219.147.134.22
218.75.79.18
218.64.215.239
218.252.72.95
218.252.190.126
218.234.33.31
218.200.177.148
217.31.51.234
216.139.181.67
213.252.95.233
213.218.142.201
212.156.65.78
211.91.132.149
211.234.122.134
211.100.56.107
210.82.113.24
210.51.180.212
210.51.174.96
209.59.127.45
203.93.28.110
203.254.50.7
203.211.139.219
203.196.149.163
202.46.69.53
202.194.15.192
202.124.75.27
202.112.112.105
202.102.108.11
202.100.85.17
201.72.78.10
201.22.227.12
200.78.201.40
195.242.211.192
194.60.205.200
194.126.101.140
190.242.17.29
190.105.100.175
188.18.69.203
187.44.32.107
178.25.14.137
173.224.208.189
173.208.151.47
143.106.157.34
124.75.29.234
124.232.131.82
124.193.106.107
123.196.112.7
122.225.11.5
122.102.64.54
121.34.248.27
121.190.239.196
121.162.71.219
121.14.104.228
119.247.23.21
118.217.12.34
116.28.64.168
116.214.25.66
116.125.126.40
115.248.49.217
115.238.54.252
115.165.163.55
115.165.162.22
111.67.203.114
109.60.227.44Comment
-
LAWL!!! PAY MEEEE!!!!Comment
-
180.76.5 - 180.76.6 Baidu.com
Chinese search engine with 74 bots searching us as of 2011-12-16.
inetnum: 180.76.0.0 - 180.76.255.255
netname: Baidu
descr: Beijing Baidu Netcom Science and Technology Co., Ltd.
descr: Baidu Plaza, No.10, Shangdi 10th street,Haidian District Beijing,100080
country: CN
Banning offending IPs before the entire class B.
180.76.5 and 180.76.6Last edited by ; Thu 20-02-2014, 8:11 PM.Comment
-
183.0.0.0/10 banned from .net and board due to greedy baidu crawler
Baidu bots requesting too much GET from .net
Banned 183.0.0.0 - 183.63.255.255 (183.0.0.0/10) via mrspring.net cPanel as mrspring (not root).
Banned 183.0* - 183.7* in vBulletin since lately baidu bots use the lower ranges of that block and vBulletin's "Banned IP Addresses" under "User Banning Options" does not all CIDR notation (like 183.0.0.0/10).
IP addresses/globs can be separated by spaces or new lines, so all 8 ranges are on one line for ease of undo.
Whois for 183.0.0.0/10 here at this time.Last edited by ; Thu 20-02-2014, 8:12 PM.Comment
-
host40.server9.vpn999.com
22 connections from host[n].server[n].vpn999.com at 2014-02-20
Same User-Agent (browser "id") of "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)" which appears to be generic IE7 with an old MS .net version of v2.0.
vpn999.com is known on the net as a place for messing (anonymous VPNs). vpn999.com's whois is largely anonomised.
Banning 50.7.50.* because even though 50.7.50.34 is the IP for vpn999.com, the whole netspace of 50.7.50.0/24 address space looks completely dodgy, but IPs for connections like host32.server13.vpn999.com and v41.server17.vpn999.com are missing (no DNS? Anonomised?), so fuck 'em all.Last edited by ; Thu 20-02-2014, 8:13 PM.Comment
-
2014-03-03 18:52
84.52.109.
203.121.71.169
91.76.3*
80.36.160.166
87.242.117.145
66.158.15*
195.244.128.
195.209.37.
81.169.137.209
82.99.30.
194.8.74.
194.8.75.
91.76.
93.92.201.
85.140.
85.141.
89.149.202.
194.8.74.
194.8.75.
89.149.217.82
212.95.54.
94.142.130.
212.235.107.
94.102.49.
91.201.64.
91.201.66.
94.19.191.
173.195.9.
213.5.68.
180.76 180.76.*
183.0* 183.1* 183.2* 183.3* 183.4* 183.5* 183.6* 183.7*
50.7.50.*Comment
-
2014-03-03 18:52
@mail.ru @mail333.com @dfm.com @thesitelink.biz @kinozal.tv @louiswalsh.com @bimgir.net @pornobilder-mal-gratis.com @spambob.net @getamusic.com @gawab.com @list.ru @inbox.ru @yandex.ru @portsaid.cc @ukr.net @formails.com @cashette.com @burnacouplemore.com @xmail.net @e-mail.net @e-mail @krim.ws @meds @fene4ek.net @pibid.net @tennese.bee.pl @dogfishmail.com @southamericacruises.netComment
Comment