[Imc-web] Re: [IMC-Tech] 301 IP's banned

David Gehrig zemblan at earthlink.net
Sat Jan 28 10:51:58 CST 2006 

I've just added a few lines to Dada to reject posts titled "meridia"  
"celebrex" "fioricet" "ionamin" "slot" "cialis" "enlargement"
which is most of what I've seen.  I've got the captain this weekend  
so I'm not going to be in constant contact, but I'll
keep doing this when I have connectivity.

If this continues to be a problem, I'd recommend temporarily  
disabling comments, with a razorwire banner explaining
why.

On Jan 28, 2006, at 9:55 AM, Mike Lehman wrote:

> Unfortunately, the spam keeps coming. I deleted hundreds of spam  
> comments this morning, many of them posted after the mass banning,  
> so they still have plenty of zombies.
>
> We're in desparate need of a solution on this, as they just keep  
> coming at the rate fo several per minute.
> Mike Lehman
>
> Zachary C. Miller wrote:
>
>> The server has been under a distributed spamming attack all day
>> long. I identified 301 IP addresses involved in the attack and banned
>> them all.
>> These IPs belong to random systems around the net, probably all  
>> zombie
>> machines infected with viruses which allow a coordinated distributed
>> attack. All of these are systems that have accessed our system with a
>> referal URL of a poker spam site and attempted to post to the
>> newswire. None of the systems that I could get reverse DNS data for
>> are local so I haven't locked out any community users (really I'm
>> certain that I haven't locked out any users at all since these
>> machines are all probably zombies). Most of these systems are outside
>> the US.
>> I haven't looked into whether all these requests were actually  
>> posting
>> spam to our site or not. Someone should look into whether the  
>> newswire
>> has been flooded with spam. But banning these IP addresses seems to
>> have stemmed the tide of extreme load on our server.
>> These are the banned IPs (this ban will be lifted the next time the
>> server reboots):
>> 131.109.225.138
>> 131.179.136.159
>> 134.173.117.152
>> 139.223.14.40
>> 140.134.208.93
>> 140.134.4.80
>> 145.253.178.18
>> 150.165.111.250
>> 159.61.240.143
>> 165.229.159.240
>> 168.234.157.226
>> 192.114.168.142
>> 192.165.166.4
>> 193.120.103.205
>> 193.194.84.198
>> 193.251.135.124
>> 193.251.78.116
>> 193.252.53.22
>> 193.252.63.24
>> 194.133.131.69
>> 194.228.73.64
>> 194.90.18.14
>> 195.144.125.183
>> 195.184.37.21
>> 195.245.208.25
>> 195.246.6.222
>> 196.36.12.146
>> 196.40.43.74
>> 199.2.119.62
>> 200.118.125.110
>> 200.122.153.250
>> 200.176.226.82
>> 200.176.240.198
>> 200.177.75.33
>> 200.204.121.196
>> 200.233.74.99
>> 200.242.105.131
>> 200.31.137.58
>> 200.42.214.178
>> 200.42.225.199
>> 200.45.71.52
>> 200.61.164.228
>> 200.62.152.67
>> 200.69.243.137
>> 200.85.68.8
>> 201.147.199.205
>> 201.16.232.37
>> 201.17.212.101
>> 201.17.49.87
>> 201.248.142.91
>> 201.248.63.126
>> 201.38.195.135
>> 201.38.219.8
>> 201.38.54.126
>> 202.110.131.54
>> 202.129.20.14
>> 202.141.148.18
>> 202.155.218.91
>> 202.28.27.3
>> 202.29.136.140
>> 202.47.247.157
>> 202.60.234.68
>> 202.75.41.46
>> 202.83.173.44
>> 203.115.152.111
>> 203.131.80.158
>> 203.165.187.147
>> 203.172.137.70
>> 203.177.50.98
>> 203.187.223.9
>> 203.229.187.29
>> 203.229.6.110
>> 203.229.6.70
>> 203.246.84.32
>> 203.251.187.218
>> 203.92.81.74
>> 204.131.46.200
>> 204.131.48.193
>> 204.249.97.5
>> 206.74.121.90
>> 210.105.128.92
>> 210.105.248.210
>> 210.105.80.42
>> 210.110.86.77
>> 210.17.238.165
>> 210.223.134.94
>> 210.245.22.48
>> 210.71.187.53
>> 211.105.100.135
>> 211.191.7.136
>> 211.213.36.202
>> 211.214.45.5
>> 211.218.109.166
>> 211.222.184.89
>> 211.223.74.227
>> 211.227.87.235
>> 211.23.201.210
>> 211.230.27.133
>> 211.232.102.237
>> 211.242.93.44
>> 211.254.150.193
>> 211.36.171.235
>> 211.38.2.66
>> 211.42.197.65
>> 211.51.142.229
>> 211.54.175.130
>> 211.59.135.75
>> 211.61.186.176
>> 211.90.167.10
>> 211.97.156.50
>> 212.122.76.212
>> 212.176.17.5
>> 212.49.85.94
>> 212.8.198.138
>> 213.172.37.190
>> 213.249.155.239
>> 213.41.128.40
>> 216.127.80.62
>> 216.154.243.212
>> 216.187.69.168
>> 216.189.194.231
>> 216.231.165.134
>> 216.60.21.5
>> 217.150.116.141
>> 217.195.26.63
>> 217.199.184.64
>> 217.67.197.38
>> 217.91.107.98
>> 218.107.238.36
>> 218.114.192.86
>> 218.145.15.243
>> 218.149.7.228
>> 218.150.108.182
>> 218.154.121.27
>> 218.155.163.150
>> 218.155.231.209
>> 218.209.143.163
>> 218.232.252.31
>> 218.234.132.55
>> 218.237.133.248
>> 218.237.180.168
>> 218.248.1.13
>> 218.25.39.50
>> 218.28.14.70
>> 218.36.232.213
>> 218.37.119.190
>> 218.37.209.112
>> 218.39.176.37
>> 218.4.73.211
>> 218.40.221.68
>> 218.48.240.160
>> 218.53.68.161
>> 218.65.251.126
>> 218.90.145.6
>> 219.120.28.12
>> 219.136.230.59
>> 219.142.40.82
>> 219.21.44.35
>> 219.232.9.180
>> 219.241.211.156
>> 219.26.66.111
>> 219.94.45.38
>> 220.113.45.37
>> 220.120.117.22
>> 220.121.221.184
>> 220.121.67.42
>> 220.127.155.83
>> 220.160.203.83
>> 220.189.208.188
>> 220.233.127.154
>> 220.76.66.178
>> 220.82.111.179
>> 220.83.152.92
>> 220.84.67.64
>> 220.84.68.167
>> 220.87.109.86
>> 220.87.74.97
>> 220.92.8.13
>> 221.10.124.34
>> 221.145.6.176
>> 221.152.126.203
>> 221.156.130.219
>> 221.156.138.118
>> 221.156.50.202
>> 221.157.180.232
>> 221.158.170.166
>> 221.160.165.175
>> 221.160.67.37
>> 221.160.91.136
>> 221.163.174.33
>> 222.101.147.53
>> 222.103.89.18
>> 222.103.89.30
>> 222.107.94.197
>> 222.113.65.23
>> 222.117.216.10
>> 222.118.103.68
>> 222.118.74.62
>> 222.120.168.60
>> 222.121.223.70
>> 222.140.81.67
>> 222.151.197.129
>> 222.168.132.58
>> 222.180.64.52
>> 222.190.96.25
>> 222.233.43.113
>> 222.239.21.128
>> 222.72.125.11
>> 222.79.188.150
>> 222.96.36.8
>> 222.99.112.131
>> 24.199.143.228
>> 24.20.151.169
>> 24.244.150.152
>> 58.140.28.180
>> 58.141.206.121
>> 58.141.243.36
>> 58.225.244.196
>> 58.227.229.89
>> 58.233.116.153
>> 58.234.51.169
>> 58.236.140.165
>> 58.236.20.231
>> 58.239.16.230
>> 58.73.220.161
>> 59.0.111.236
>> 59.13.154.8
>> 59.187.222.58
>> 59.19.244.111
>> 59.20.191.130
>> 59.21.90.60
>> 59.27.209.99
>> 59.7.162.247
>> 60.191.248.83
>> 60.197.248.16
>> 60.248.157.241
>> 61.101.99.214
>> 61.103.197.72
>> 61.111.103.66
>> 61.128.100.116
>> 61.135.132.202
>> 61.145.126.114
>> 61.152.153.179
>> 61.157.153.148
>> 61.159.227.93
>> 61.17.92.36
>> 61.182.66.53
>> 61.192.172.17
>> 61.199.156.53
>> 61.221.52.177
>> 61.252.207.213
>> 61.254.204.4
>> 61.32.131.70
>> 61.32.182.71
>> 61.33.123.11
>> 61.33.51.49
>> 61.35.203.148
>> 61.35.71.66
>> 61.36.68.102
>> 61.37.73.98
>> 61.73.225.19
>> 61.78.65.146
>> 61.79.111.181
>> 61.80.235.151
>> 61.82.47.190
>> 61.82.56.224
>> 61.83.172.101
>> 61.96.169.8
>> 62.139.175.102
>> 62.153.135.35
>> 62.197.126.10
>> 62.87.154.123
>> 63.231.248.204
>> 64.110.74.244
>> 65.30.188.211
>> 65.84.245.158
>> 65.98.32.16
>> 66.14.180.235
>> 67.100.121.150
>> 67.9.188.119
>> 68.216.148.66
>> 68.88.173.106
>> 71.9.39.10
>> 72.9.242.58
>> 80.162.37.187
>> 80.237.145.76
>> 80.53.103.138
>> 80.53.171.122
>> 80.59.28.77
>> 80.81.24.33
>> 81.4.168.52
>> 82.189.216.151
>> 82.210.128.9
>> 82.67.11.110
>> 82.99.202.138
>> 83.100.149.29
>> 83.18.66.154
>> 83.19.66.226
>> 84.10.106.40
>> 84.204.192.179
>> 84.247.24.127
>> Here are hostnames for the 97 that have reverse DNS:  
>> Web100.CS.UCLA.EDU
>> s-info216.nsc.ufpb.br
>> abeek.yeungnam.ac.kr
>> remote157-226.gua.net
>> hermitage.adsl.esat.net
>> maestrale.eutelsat.net
>> LAubervilliers-151-11-45-116.w193-251.abo.wanadoo.fr
>> LAubervilliers-151-12-76-22.w193-252.abo.wanadoo.fr
>> LAubervilliers-151-12-84-24.w193-252.abo.wanadoo.fr
>> zs.pribramub.indos.cz
>> mail.nsbdemo.nextra.cz
>> mail-gw02.songnetworks.dk
>> ContentTelepuerto1.racsa.co.cr
>> Static-IP-cr200118125110.cable.net.co
>> ContentPrincipal.racsa.co.cr
>> cm-virtua-poa-C8B0E252.dynamic.brdterra.com.br
>> cm-virtua-poa-C8B0F0C6.dynamic.brdterra.com.br
>> cm-tvcidade-rec-C8B14B21.dynamic.brdterra.com.br
>> 200-204-121-196.dialdata.net.br
>> WLL-23-pppoe058.t-net.net.ve
>> cmodem-214-178.telecable.com.do
>> adsl-225-199.tricom.net
>> host52.200-45-71.telecom.net.ar
>> customer164-228.iplannetworks.net
>> host-200-62-152-67.telmex.com.pe
>> customer243-137.iplannetworks.net
>> ccom8.comsatven.net
>> customer-201-147-199-205.uninet-ide.com.mx
>> c911d465.bhz.virtua.com.br
>> c9113157.rjo.virtua.com.br
>> 201-248-142-91.genericrev.cantv.net
>> 201-248-63-126.genericrev.cantv.net
>> c926367e.bsb.virtua.com.br
>> ip-202-60-234-068.cyberec.com
>> ntc.net.pk
>> DSL-NBAS111.BTI.NET.PH
>> 203-165-187-147.rev.home.ne.jp
>> 9-223-187-203.static.iqara.net
>> host-203-92-81-74.lga.net.sg
>> www4.rkymtnhi.com
>> webserver.rkymtnhi.com
>> host-204.249.97.5.multidatahn.net
>> host-22-xx.hcm.fpt.vn
>> 211-23-201-210.HINET-IP.hinet.net
>> 211-232-102-237.nexg.net
>> mail.popez.org
>> www
>> altij.net2.nerim.net
>> ev1s-216-127-80-62.ev1servers.net
>> oregon.codeit.com
>> 134gis165.gulftel.com
>> 216-60-21-5.pisp.net
>> shellchem.rufusleonard.com
>> 63.26.195.217.in-addr.arpa
>> ns.dawba.net
>> 217067197038.u.mcnet.pl
>> www.inet-solution.org
>> softbank218114192086.bbtec.net
>> yzm0324.yzmcr4.thn.ne.jp
>> 219x120x28x12.ap219.ftth.ucom.ne.jp
>> softbank219021044035.bbtec.net
>> softbank219026066111.bbtec.net
>> undefined.bjgwbn.net.cn
>> 154.127.233.220.exetel.com.au
>> wr.n3s-eval-unet.ocn.ne.jp
>> rrcs-24-199-143-228.midsouth.biz.rr.com
>> c-24-20-151-169.hsd1.or.comcast.net
>> 60-248-157-241.HINET-IP.hinet.net
>> unisono.com
>> 61.17.92-36.ip-dsl-ngp.eth.net
>> 17.172.192.61.tokyo.flets.alpha-net.ne.jp
>> cobalt.trend-one.co.jp
>> 61-221-52-177.HINET-IP.hinet.net
>> alece01.teledis.be
>> CLIENT-karr-27.jgora.dialog.net.pl
>> ns2.bwbr.com
>> host-64-110-74-244.leuk.ses-americom.net
>> CPE-65-30-188-211.wi.res.rr.com
>> 65-84-245-158.client.dsl.net
>> bdsl.66.14.180.235.gte.net
>> h-67-100-121-150.phlapafg.covad.net
>> cpe-67-9-188-119.austin.res.rr.com
>> adsl-68-88-173-106.dsl.wchtks.swbell.net
>> 71-9-39-10.static.lsan.ca.charter.com
>> atlanta.swissnex.org
>> x1-6-00-08-0e-33-af-5d.k228.webspeed.dk
>> d80-237-145-76.dds.hosteurope.de
>> hz138.internetdsl.tpnet.pl
>> an122.internetdsl.tpnet.pl
>> 77.Red-80-59-28.staticIP.rima-tde.net
>> adslb-168-52.cytanet.com.cy
>> host151-216.pool82189.interbusiness.it
>> 9-pra-1.acn.waw.pl
>> lal69-1-82-67-11-110.fbx.proxad.net
>> awo154.internetdsl.tpnet.pl
>> cuk226.internetdsl.tpnet.pl
>> chello084010106040.chello.pl
>
> _______________________________________________
> Imc-web mailing list
> Imc-web at lists.ucimc.org
> http://lists.chambana.net/cgi-bin/listinfo/imc-web

More information about the IMC-Web mailing list