[Imc-web] Re: [IMC-Tech] 301 IP's banned

Mike Lehman rebelmike at earthlink.net
Sat Jan 28 09:55:53 CST 2006 

Unfortunately, the spam keeps coming. I deleted hundreds of spam 
comments this morning, many of them posted after the mass banning, so 
they still have plenty of zombies.

We're in desparate need of a solution on this, as they just keep coming 
at the rate fo several per minute.
Mike Lehman

Zachary C. Miller wrote:

> The server has been under a distributed spamming attack all day
> long. I identified 301 IP addresses involved in the attack and banned
> them all.
> 
> These IPs belong to random systems around the net, probably all zombie
> machines infected with viruses which allow a coordinated distributed
> attack. All of these are systems that have accessed our system with a
> referal URL of a poker spam site and attempted to post to the
> newswire. None of the systems that I could get reverse DNS data for
> are local so I haven't locked out any community users (really I'm
> certain that I haven't locked out any users at all since these
> machines are all probably zombies). Most of these systems are outside
> the US.
> 
> I haven't looked into whether all these requests were actually posting
> spam to our site or not. Someone should look into whether the newswire
> has been flooded with spam. But banning these IP addresses seems to
> have stemmed the tide of extreme load on our server.
> 
> These are the banned IPs (this ban will be lifted the next time the
> server reboots):
> 
> 131.109.225.138
> 131.179.136.159
> 134.173.117.152
> 139.223.14.40
> 140.134.208.93
> 140.134.4.80
> 145.253.178.18
> 150.165.111.250
> 159.61.240.143
> 165.229.159.240
> 168.234.157.226
> 192.114.168.142
> 192.165.166.4
> 193.120.103.205
> 193.194.84.198
> 193.251.135.124
> 193.251.78.116
> 193.252.53.22
> 193.252.63.24
> 194.133.131.69
> 194.228.73.64
> 194.90.18.14
> 195.144.125.183
> 195.184.37.21
> 195.245.208.25
> 195.246.6.222
> 196.36.12.146
> 196.40.43.74
> 199.2.119.62
> 200.118.125.110
> 200.122.153.250
> 200.176.226.82
> 200.176.240.198
> 200.177.75.33
> 200.204.121.196
> 200.233.74.99
> 200.242.105.131
> 200.31.137.58
> 200.42.214.178
> 200.42.225.199
> 200.45.71.52
> 200.61.164.228
> 200.62.152.67
> 200.69.243.137
> 200.85.68.8
> 201.147.199.205
> 201.16.232.37
> 201.17.212.101
> 201.17.49.87
> 201.248.142.91
> 201.248.63.126
> 201.38.195.135
> 201.38.219.8
> 201.38.54.126
> 202.110.131.54
> 202.129.20.14
> 202.141.148.18
> 202.155.218.91
> 202.28.27.3
> 202.29.136.140
> 202.47.247.157
> 202.60.234.68
> 202.75.41.46
> 202.83.173.44
> 203.115.152.111
> 203.131.80.158
> 203.165.187.147
> 203.172.137.70
> 203.177.50.98
> 203.187.223.9
> 203.229.187.29
> 203.229.6.110
> 203.229.6.70
> 203.246.84.32
> 203.251.187.218
> 203.92.81.74
> 204.131.46.200
> 204.131.48.193
> 204.249.97.5
> 206.74.121.90
> 210.105.128.92
> 210.105.248.210
> 210.105.80.42
> 210.110.86.77
> 210.17.238.165
> 210.223.134.94
> 210.245.22.48
> 210.71.187.53
> 211.105.100.135
> 211.191.7.136
> 211.213.36.202
> 211.214.45.5
> 211.218.109.166
> 211.222.184.89
> 211.223.74.227
> 211.227.87.235
> 211.23.201.210
> 211.230.27.133
> 211.232.102.237
> 211.242.93.44
> 211.254.150.193
> 211.36.171.235
> 211.38.2.66
> 211.42.197.65
> 211.51.142.229
> 211.54.175.130
> 211.59.135.75
> 211.61.186.176
> 211.90.167.10
> 211.97.156.50
> 212.122.76.212
> 212.176.17.5
> 212.49.85.94
> 212.8.198.138
> 213.172.37.190
> 213.249.155.239
> 213.41.128.40
> 216.127.80.62
> 216.154.243.212
> 216.187.69.168
> 216.189.194.231
> 216.231.165.134
> 216.60.21.5
> 217.150.116.141
> 217.195.26.63
> 217.199.184.64
> 217.67.197.38
> 217.91.107.98
> 218.107.238.36
> 218.114.192.86
> 218.145.15.243
> 218.149.7.228
> 218.150.108.182
> 218.154.121.27
> 218.155.163.150
> 218.155.231.209
> 218.209.143.163
> 218.232.252.31
> 218.234.132.55
> 218.237.133.248
> 218.237.180.168
> 218.248.1.13
> 218.25.39.50
> 218.28.14.70
> 218.36.232.213
> 218.37.119.190
> 218.37.209.112
> 218.39.176.37
> 218.4.73.211
> 218.40.221.68
> 218.48.240.160
> 218.53.68.161
> 218.65.251.126
> 218.90.145.6
> 219.120.28.12
> 219.136.230.59
> 219.142.40.82
> 219.21.44.35
> 219.232.9.180
> 219.241.211.156
> 219.26.66.111
> 219.94.45.38
> 220.113.45.37
> 220.120.117.22
> 220.121.221.184
> 220.121.67.42
> 220.127.155.83
> 220.160.203.83
> 220.189.208.188
> 220.233.127.154
> 220.76.66.178
> 220.82.111.179
> 220.83.152.92
> 220.84.67.64
> 220.84.68.167
> 220.87.109.86
> 220.87.74.97
> 220.92.8.13
> 221.10.124.34
> 221.145.6.176
> 221.152.126.203
> 221.156.130.219
> 221.156.138.118
> 221.156.50.202
> 221.157.180.232
> 221.158.170.166
> 221.160.165.175
> 221.160.67.37
> 221.160.91.136
> 221.163.174.33
> 222.101.147.53
> 222.103.89.18
> 222.103.89.30
> 222.107.94.197
> 222.113.65.23
> 222.117.216.10
> 222.118.103.68
> 222.118.74.62
> 222.120.168.60
> 222.121.223.70
> 222.140.81.67
> 222.151.197.129
> 222.168.132.58
> 222.180.64.52
> 222.190.96.25
> 222.233.43.113
> 222.239.21.128
> 222.72.125.11
> 222.79.188.150
> 222.96.36.8
> 222.99.112.131
> 24.199.143.228
> 24.20.151.169
> 24.244.150.152
> 58.140.28.180
> 58.141.206.121
> 58.141.243.36
> 58.225.244.196
> 58.227.229.89
> 58.233.116.153
> 58.234.51.169
> 58.236.140.165
> 58.236.20.231
> 58.239.16.230
> 58.73.220.161
> 59.0.111.236
> 59.13.154.8
> 59.187.222.58
> 59.19.244.111
> 59.20.191.130
> 59.21.90.60
> 59.27.209.99
> 59.7.162.247
> 60.191.248.83
> 60.197.248.16
> 60.248.157.241
> 61.101.99.214
> 61.103.197.72
> 61.111.103.66
> 61.128.100.116
> 61.135.132.202
> 61.145.126.114
> 61.152.153.179
> 61.157.153.148
> 61.159.227.93
> 61.17.92.36
> 61.182.66.53
> 61.192.172.17
> 61.199.156.53
> 61.221.52.177
> 61.252.207.213
> 61.254.204.4
> 61.32.131.70
> 61.32.182.71
> 61.33.123.11
> 61.33.51.49
> 61.35.203.148
> 61.35.71.66
> 61.36.68.102
> 61.37.73.98
> 61.73.225.19
> 61.78.65.146
> 61.79.111.181
> 61.80.235.151
> 61.82.47.190
> 61.82.56.224
> 61.83.172.101
> 61.96.169.8
> 62.139.175.102
> 62.153.135.35
> 62.197.126.10
> 62.87.154.123
> 63.231.248.204
> 64.110.74.244
> 65.30.188.211
> 65.84.245.158
> 65.98.32.16
> 66.14.180.235
> 67.100.121.150
> 67.9.188.119
> 68.216.148.66
> 68.88.173.106
> 71.9.39.10
> 72.9.242.58
> 80.162.37.187
> 80.237.145.76
> 80.53.103.138
> 80.53.171.122
> 80.59.28.77
> 80.81.24.33
> 81.4.168.52
> 82.189.216.151
> 82.210.128.9
> 82.67.11.110
> 82.99.202.138
> 83.100.149.29
> 83.18.66.154
> 83.19.66.226
> 84.10.106.40
> 84.204.192.179
> 84.247.24.127
> 
> Here are hostnames for the 97 that have reverse DNS: 
> 
> Web100.CS.UCLA.EDU
> s-info216.nsc.ufpb.br
> abeek.yeungnam.ac.kr
> remote157-226.gua.net
> hermitage.adsl.esat.net
> maestrale.eutelsat.net
> LAubervilliers-151-11-45-116.w193-251.abo.wanadoo.fr
> LAubervilliers-151-12-76-22.w193-252.abo.wanadoo.fr
> LAubervilliers-151-12-84-24.w193-252.abo.wanadoo.fr
> zs.pribramub.indos.cz
> mail.nsbdemo.nextra.cz
> mail-gw02.songnetworks.dk
> ContentTelepuerto1.racsa.co.cr
> Static-IP-cr200118125110.cable.net.co
> ContentPrincipal.racsa.co.cr
> cm-virtua-poa-C8B0E252.dynamic.brdterra.com.br
> cm-virtua-poa-C8B0F0C6.dynamic.brdterra.com.br
> cm-tvcidade-rec-C8B14B21.dynamic.brdterra.com.br
> 200-204-121-196.dialdata.net.br
> WLL-23-pppoe058.t-net.net.ve
> cmodem-214-178.telecable.com.do
> adsl-225-199.tricom.net
> host52.200-45-71.telecom.net.ar
> customer164-228.iplannetworks.net
> host-200-62-152-67.telmex.com.pe
> customer243-137.iplannetworks.net
> ccom8.comsatven.net
> customer-201-147-199-205.uninet-ide.com.mx
> c911d465.bhz.virtua.com.br
> c9113157.rjo.virtua.com.br
> 201-248-142-91.genericrev.cantv.net
> 201-248-63-126.genericrev.cantv.net
> c926367e.bsb.virtua.com.br
> ip-202-60-234-068.cyberec.com
> ntc.net.pk
> DSL-NBAS111.BTI.NET.PH
> 203-165-187-147.rev.home.ne.jp
> 9-223-187-203.static.iqara.net
> host-203-92-81-74.lga.net.sg
> www4.rkymtnhi.com
> webserver.rkymtnhi.com
> host-204.249.97.5.multidatahn.net
> host-22-xx.hcm.fpt.vn
> 211-23-201-210.HINET-IP.hinet.net
> 211-232-102-237.nexg.net
> mail.popez.org
> www
> altij.net2.nerim.net
> ev1s-216-127-80-62.ev1servers.net
> oregon.codeit.com
> 134gis165.gulftel.com
> 216-60-21-5.pisp.net
> shellchem.rufusleonard.com
> 63.26.195.217.in-addr.arpa
> ns.dawba.net
> 217067197038.u.mcnet.pl
> www.inet-solution.org
> softbank218114192086.bbtec.net
> yzm0324.yzmcr4.thn.ne.jp
> 219x120x28x12.ap219.ftth.ucom.ne.jp
> softbank219021044035.bbtec.net
> softbank219026066111.bbtec.net
> undefined.bjgwbn.net.cn
> 154.127.233.220.exetel.com.au
> wr.n3s-eval-unet.ocn.ne.jp
> rrcs-24-199-143-228.midsouth.biz.rr.com
> c-24-20-151-169.hsd1.or.comcast.net
> 60-248-157-241.HINET-IP.hinet.net
> unisono.com
> 61.17.92-36.ip-dsl-ngp.eth.net
> 17.172.192.61.tokyo.flets.alpha-net.ne.jp
> cobalt.trend-one.co.jp
> 61-221-52-177.HINET-IP.hinet.net
> alece01.teledis.be
> CLIENT-karr-27.jgora.dialog.net.pl
> ns2.bwbr.com
> host-64-110-74-244.leuk.ses-americom.net
> CPE-65-30-188-211.wi.res.rr.com
> 65-84-245-158.client.dsl.net
> bdsl.66.14.180.235.gte.net
> h-67-100-121-150.phlapafg.covad.net
> cpe-67-9-188-119.austin.res.rr.com
> adsl-68-88-173-106.dsl.wchtks.swbell.net
> 71-9-39-10.static.lsan.ca.charter.com
> atlanta.swissnex.org
> x1-6-00-08-0e-33-af-5d.k228.webspeed.dk
> d80-237-145-76.dds.hosteurope.de
> hz138.internetdsl.tpnet.pl
> an122.internetdsl.tpnet.pl
> 77.Red-80-59-28.staticIP.rima-tde.net
> adslb-168-52.cytanet.com.cy
> host151-216.pool82189.interbusiness.it
> 9-pra-1.acn.waw.pl
> lal69-1-82-67-11-110.fbx.proxad.net
> awo154.internetdsl.tpnet.pl
> cuk226.internetdsl.tpnet.pl
> chello084010106040.chello.pl
>

More information about the IMC-Web mailing list