[Imc-web] 301 IP's banned

Zachary C. Miller zach at chambana.net
Sat Jan 28 01:41:21 CST 2006 

The server has been under a distributed spamming attack all day
long. I identified 301 IP addresses involved in the attack and banned
them all.

These IPs belong to random systems around the net, probably all zombie
machines infected with viruses which allow a coordinated distributed
attack. All of these are systems that have accessed our system with a
referal URL of a poker spam site and attempted to post to the
newswire. None of the systems that I could get reverse DNS data for
are local so I haven't locked out any community users (really I'm
certain that I haven't locked out any users at all since these
machines are all probably zombies). Most of these systems are outside
the US.

I haven't looked into whether all these requests were actually posting
spam to our site or not. Someone should look into whether the newswire
has been flooded with spam. But banning these IP addresses seems to
have stemmed the tide of extreme load on our server.

These are the banned IPs (this ban will be lifted the next time the
server reboots):

131.109.225.138
131.179.136.159
134.173.117.152
139.223.14.40
140.134.208.93
140.134.4.80
145.253.178.18
150.165.111.250
159.61.240.143
165.229.159.240
168.234.157.226
192.114.168.142
192.165.166.4
193.120.103.205
193.194.84.198
193.251.135.124
193.251.78.116
193.252.53.22
193.252.63.24
194.133.131.69
194.228.73.64
194.90.18.14
195.144.125.183
195.184.37.21
195.245.208.25
195.246.6.222
196.36.12.146
196.40.43.74
199.2.119.62
200.118.125.110
200.122.153.250
200.176.226.82
200.176.240.198
200.177.75.33
200.204.121.196
200.233.74.99
200.242.105.131
200.31.137.58
200.42.214.178
200.42.225.199
200.45.71.52
200.61.164.228
200.62.152.67
200.69.243.137
200.85.68.8
201.147.199.205
201.16.232.37
201.17.212.101
201.17.49.87
201.248.142.91
201.248.63.126
201.38.195.135
201.38.219.8
201.38.54.126
202.110.131.54
202.129.20.14
202.141.148.18
202.155.218.91
202.28.27.3
202.29.136.140
202.47.247.157
202.60.234.68
202.75.41.46
202.83.173.44
203.115.152.111
203.131.80.158
203.165.187.147
203.172.137.70
203.177.50.98
203.187.223.9
203.229.187.29
203.229.6.110
203.229.6.70
203.246.84.32
203.251.187.218
203.92.81.74
204.131.46.200
204.131.48.193
204.249.97.5
206.74.121.90
210.105.128.92
210.105.248.210
210.105.80.42
210.110.86.77
210.17.238.165
210.223.134.94
210.245.22.48
210.71.187.53
211.105.100.135
211.191.7.136
211.213.36.202
211.214.45.5
211.218.109.166
211.222.184.89
211.223.74.227
211.227.87.235
211.23.201.210
211.230.27.133
211.232.102.237
211.242.93.44
211.254.150.193
211.36.171.235
211.38.2.66
211.42.197.65
211.51.142.229
211.54.175.130
211.59.135.75
211.61.186.176
211.90.167.10
211.97.156.50
212.122.76.212
212.176.17.5
212.49.85.94
212.8.198.138
213.172.37.190
213.249.155.239
213.41.128.40
216.127.80.62
216.154.243.212
216.187.69.168
216.189.194.231
216.231.165.134
216.60.21.5
217.150.116.141
217.195.26.63
217.199.184.64
217.67.197.38
217.91.107.98
218.107.238.36
218.114.192.86
218.145.15.243
218.149.7.228
218.150.108.182
218.154.121.27
218.155.163.150
218.155.231.209
218.209.143.163
218.232.252.31
218.234.132.55
218.237.133.248
218.237.180.168
218.248.1.13
218.25.39.50
218.28.14.70
218.36.232.213
218.37.119.190
218.37.209.112
218.39.176.37
218.4.73.211
218.40.221.68
218.48.240.160
218.53.68.161
218.65.251.126
218.90.145.6
219.120.28.12
219.136.230.59
219.142.40.82
219.21.44.35
219.232.9.180
219.241.211.156
219.26.66.111
219.94.45.38
220.113.45.37
220.120.117.22
220.121.221.184
220.121.67.42
220.127.155.83
220.160.203.83
220.189.208.188
220.233.127.154
220.76.66.178
220.82.111.179
220.83.152.92
220.84.67.64
220.84.68.167
220.87.109.86
220.87.74.97
220.92.8.13
221.10.124.34
221.145.6.176
221.152.126.203
221.156.130.219
221.156.138.118
221.156.50.202
221.157.180.232
221.158.170.166
221.160.165.175
221.160.67.37
221.160.91.136
221.163.174.33
222.101.147.53
222.103.89.18
222.103.89.30
222.107.94.197
222.113.65.23
222.117.216.10
222.118.103.68
222.118.74.62
222.120.168.60
222.121.223.70
222.140.81.67
222.151.197.129
222.168.132.58
222.180.64.52
222.190.96.25
222.233.43.113
222.239.21.128
222.72.125.11
222.79.188.150
222.96.36.8
222.99.112.131
24.199.143.228
24.20.151.169
24.244.150.152
58.140.28.180
58.141.206.121
58.141.243.36
58.225.244.196
58.227.229.89
58.233.116.153
58.234.51.169
58.236.140.165
58.236.20.231
58.239.16.230
58.73.220.161
59.0.111.236
59.13.154.8
59.187.222.58
59.19.244.111
59.20.191.130
59.21.90.60
59.27.209.99
59.7.162.247
60.191.248.83
60.197.248.16
60.248.157.241
61.101.99.214
61.103.197.72
61.111.103.66
61.128.100.116
61.135.132.202
61.145.126.114
61.152.153.179
61.157.153.148
61.159.227.93
61.17.92.36
61.182.66.53
61.192.172.17
61.199.156.53
61.221.52.177
61.252.207.213
61.254.204.4
61.32.131.70
61.32.182.71
61.33.123.11
61.33.51.49
61.35.203.148
61.35.71.66
61.36.68.102
61.37.73.98
61.73.225.19
61.78.65.146
61.79.111.181
61.80.235.151
61.82.47.190
61.82.56.224
61.83.172.101
61.96.169.8
62.139.175.102
62.153.135.35
62.197.126.10
62.87.154.123
63.231.248.204
64.110.74.244
65.30.188.211
65.84.245.158
65.98.32.16
66.14.180.235
67.100.121.150
67.9.188.119
68.216.148.66
68.88.173.106
71.9.39.10
72.9.242.58
80.162.37.187
80.237.145.76
80.53.103.138
80.53.171.122
80.59.28.77
80.81.24.33
81.4.168.52
82.189.216.151
82.210.128.9
82.67.11.110
82.99.202.138
83.100.149.29
83.18.66.154
83.19.66.226
84.10.106.40
84.204.192.179
84.247.24.127

Here are hostnames for the 97 that have reverse DNS: 

Web100.CS.UCLA.EDU
s-info216.nsc.ufpb.br
abeek.yeungnam.ac.kr
remote157-226.gua.net
hermitage.adsl.esat.net
maestrale.eutelsat.net
LAubervilliers-151-11-45-116.w193-251.abo.wanadoo.fr
LAubervilliers-151-12-76-22.w193-252.abo.wanadoo.fr
LAubervilliers-151-12-84-24.w193-252.abo.wanadoo.fr
zs.pribramub.indos.cz
mail.nsbdemo.nextra.cz
mail-gw02.songnetworks.dk
ContentTelepuerto1.racsa.co.cr
Static-IP-cr200118125110.cable.net.co
ContentPrincipal.racsa.co.cr
cm-virtua-poa-C8B0E252.dynamic.brdterra.com.br
cm-virtua-poa-C8B0F0C6.dynamic.brdterra.com.br
cm-tvcidade-rec-C8B14B21.dynamic.brdterra.com.br
200-204-121-196.dialdata.net.br
WLL-23-pppoe058.t-net.net.ve
cmodem-214-178.telecable.com.do
adsl-225-199.tricom.net
host52.200-45-71.telecom.net.ar
customer164-228.iplannetworks.net
host-200-62-152-67.telmex.com.pe
customer243-137.iplannetworks.net
ccom8.comsatven.net
customer-201-147-199-205.uninet-ide.com.mx
c911d465.bhz.virtua.com.br
c9113157.rjo.virtua.com.br
201-248-142-91.genericrev.cantv.net
201-248-63-126.genericrev.cantv.net
c926367e.bsb.virtua.com.br
ip-202-60-234-068.cyberec.com
ntc.net.pk
DSL-NBAS111.BTI.NET.PH
203-165-187-147.rev.home.ne.jp
9-223-187-203.static.iqara.net
host-203-92-81-74.lga.net.sg
www4.rkymtnhi.com
webserver.rkymtnhi.com
host-204.249.97.5.multidatahn.net
host-22-xx.hcm.fpt.vn
211-23-201-210.HINET-IP.hinet.net
211-232-102-237.nexg.net
mail.popez.org
www
altij.net2.nerim.net
ev1s-216-127-80-62.ev1servers.net
oregon.codeit.com
134gis165.gulftel.com
216-60-21-5.pisp.net
shellchem.rufusleonard.com
63.26.195.217.in-addr.arpa
ns.dawba.net
217067197038.u.mcnet.pl
www.inet-solution.org
softbank218114192086.bbtec.net
yzm0324.yzmcr4.thn.ne.jp
219x120x28x12.ap219.ftth.ucom.ne.jp
softbank219021044035.bbtec.net
softbank219026066111.bbtec.net
undefined.bjgwbn.net.cn
154.127.233.220.exetel.com.au
wr.n3s-eval-unet.ocn.ne.jp
rrcs-24-199-143-228.midsouth.biz.rr.com
c-24-20-151-169.hsd1.or.comcast.net
60-248-157-241.HINET-IP.hinet.net
unisono.com
61.17.92-36.ip-dsl-ngp.eth.net
17.172.192.61.tokyo.flets.alpha-net.ne.jp
cobalt.trend-one.co.jp
61-221-52-177.HINET-IP.hinet.net
alece01.teledis.be
CLIENT-karr-27.jgora.dialog.net.pl
ns2.bwbr.com
host-64-110-74-244.leuk.ses-americom.net
CPE-65-30-188-211.wi.res.rr.com
65-84-245-158.client.dsl.net
bdsl.66.14.180.235.gte.net
h-67-100-121-150.phlapafg.covad.net
cpe-67-9-188-119.austin.res.rr.com
adsl-68-88-173-106.dsl.wchtks.swbell.net
71-9-39-10.static.lsan.ca.charter.com
atlanta.swissnex.org
x1-6-00-08-0e-33-af-5d.k228.webspeed.dk
d80-237-145-76.dds.hosteurope.de
hz138.internetdsl.tpnet.pl
an122.internetdsl.tpnet.pl
77.Red-80-59-28.staticIP.rima-tde.net
adslb-168-52.cytanet.com.cy
host151-216.pool82189.interbusiness.it
9-pra-1.acn.waw.pl
lal69-1-82-67-11-110.fbx.proxad.net
awo154.internetdsl.tpnet.pl
cuk226.internetdsl.tpnet.pl
chello084010106040.chello.pl

-- 
Zachary C. Miller - @= - http://zach.chambana.net/
IMSA 1995 - UIUC 2000 - Just Another Leftist Muppet - Ya Basta!
 Social Justice, Community, Nonviolence, Decentralization, Feminism,
 Sustainability, Responsibility, Diversity, Democracy, Ecology

More information about the IMC-Web mailing list