wilderness
msg:4264175 | 3:37 pm on Feb 8, 2011 (gmt 0) |
No clue of the required procedure at RIPE-Whois, there may be a method, however and over the years I've been unable to determine same.
At ARIN-Whois, you take the acquired IP in hand, 1) do a search and the registered name of Steephost would appear; 2) take that appeared registered name and perform a second search, which results in ALL IP ranges (this procedure fails at RIPE).
It's a possibility that at RIPE one of the many flags are required.
|
thetrasher
msg:4264198 | 4:19 pm on Feb 8, 2011 (gmt 0) |
Use "Free Text Search"
or
[db.ripe.net...]
and
[db.ripe.net...]
|
dstiles
msg:4264423 | 10:56 pm on Feb 8, 2011 (gmt 0) |
Robtex will give you a starting point - follow links for the IP ranges from there.
If it's any help, I have the range 195.190.0.0 - 195.190.31.255 blocked. That range contains servers for several countries in blocks of /24.
Steephost also has the range 91.207.4.0 - 91.207.9.255
|
wilderness
msg:4264503 | 2:49 am on Feb 9, 2011 (gmt 0) |
Using the links provided by thetrasher (many thanks).
195.190.13.0 - 195.190.13.255
91.207.4.0 - 91.207.9.255
91.217.10.0 - 91.217.11.255
93.186.109.130 - 93.186.109.130
|
Megaclinium
msg:4265466 | 1:46 am on Feb 11, 2011 (gmt 0) |
Thanks everyone!
:)
|
blend27
msg:4266208 | 7:45 pm on Feb 12, 2011 (gmt 0) |
Here is a plephora Hosting Ranges of LV, UA and RU that got flagged as either Content Scrapers, Scrapped content hosting and/or hacking attempts(SQL Injections) in a past 6 month on one of my sites:
79.143.177.0 ---- 79.143.177.255 -- LV -- VDHOST
91.203.68.0 ---- 91.203.71.255 -- LV -- NANOIT-NET2
78.157.143.128 ---- 78.157.143.255 -- LV -- VDHOST
195.3.144.0 ---- 195.3.147.255 -- LV -- CRONOSIT
217.28.255.0 ---- 217.28.255.255 -- LV -- LINX-RIX-PETITS
188.92.72.0 ---- 188.92.79.255 -- LV -- ADTECHNOLOGY-LV-NET
193.46.236.0 ---- 193.46.236.255 -- LV -- NANOIT-NET1
92.240.68.149 ---- 92.240.68.159 -- LV -- ADDIO-LTD-20080414
94.142.128.128 ---- 94.142.128.255 -- LV -- CSSGROUP-NET
94.142.134.0 ---- 94.142.134.255 -- LV -- CSSGROUP-NET
89.208.32.0 ---- 89.208.47.255 -- RU -- DINETHOSTING
92.38.192.0 ---- 92.38.255.255 -- RU -- DINETHOSTING-NEXT2
81.177.32.0 ---- 81.177.35.255 -- RU -- ARBATEK
92.243.64.0 ---- 92.243.127.255 -- RU -- INFOBOX
91.201.64.0 ---- 91.201.67.255 -- RU -- MHOST
109.120.143.0 ---- 109.120.144.255 -- RU -- INFOBOX-HYPER-V
81.177.22.0 ---- 81.177.23.255 -- RU -- NETPLACE
82.146.56.0 ---- 82.146.63.255 -- RU -- ISPSYSTEM
84.252.133.0 ---- 84.252.133.255 -- RU -- AZZ1-NET
87.242.64.0 ---- 87.242.127.255 -- RU -- RU-MASTERHOST-20050722
82.146.52.0 ---- 82.146.55.255 -- RU -- ISPSYSTEM
95.169.190.0 ---- 95.169.191.254 -- RU -- RU-KEYWEB
195.190.12.0 ---- 195.190.12.255 -- RU -- KOSMOHOST
90.156.168.0 ---- 90.156.175.255 -- RU -- MAXHOSTING-NET
90.156.128.0 ---- 90.156.255.255 -- RU -- RU-MASTERHOST-20061117
81.177.26.0 ---- 81.177.27.255 -- RU -- ERIX-COLO
77.222.40.0 ---- 77.222.43.255 -- RU -- SPACEWEB
Grrrr......
83.222.22.0 ---- 83.222.23.255 -- RU -- MASTERHOST-HST
78.129.202.0 ---- 78.129.203.255 -- RU -- LIMT_GROUP-1
89.108.64.0 ---- 89.108.255.255 -- RU -- AGAVA-DATACENTER-NET
213.219.244.0 ---- 213.219.245.255 -- RU -- DINET-COLO
89.111.176.0 ---- 89.111.191.255 -- RU -- JSC CENTROHOST
84.252.148.0 ---- 84.252.149.255 -- RU -- MCHOST
213.219.241.0 ---- 213.219.243.255 -- RU -- EASYHOST
80.87.34.0 ---- 80.87.34.255 -- RU -- HOSTING
80.93.56.0 ---- 80.93.59.255 -- RU -- PETERHOST-MOSCOW
87.242.116.0 ---- 87.242.117.255 -- RU -- INTERNET-SERVICES-VPS-NET
92.241.160.0 ---- 92.241.191.255 -- RU -- RU-WEBALTA-20071217
193.151.88.0 ---- 193.151.91.255 -- UA -- VK-NET
85.255.112.0 ---- 85.255.127.255 -- UA -- INHOSTER
195.189.226.0 ---- 195.189.227.255 -- UA -- SERVERUA-DEDICATED
62.149.0.0 ---- 62.149.31.255 -- UA -- UA-COLOCALL-20000713
194.110.160.0 ---- 194.110.163.255 -- ua -- EXTHOST-NET
78.109.16.0 ---- 78.109.31.255 -- UA -- UA-HOSTING-20070703
91.203.4.0 ---- 91.203.7.255 -- UA -- TUTHOST
91.212.65.0 ---- 91.212.65.255 -- UA -- EUROHOST-NET
195.189.246.0 ---- 195.189.247.255 -- UA -- PRO100-NET
195.190.13.0 ---- 195.190.13.255 -- UA -- STEEPHOST-DC-UA
91.217.153.0 ---- 91.217.153.255 -- UA -- UAHOSTER-NET
|
wilderness
msg:4266224 | 8:32 pm on Feb 12, 2011 (gmt 0) |
blend,
rather than keep record of all those RIPE ranges?
It's a far less cumbersome task to simply
deny the Class A's ;)
Don
|
blend27
msg:4266234 | 9:29 pm on Feb 12, 2011 (gmt 0) |
can't do that on this site, lots of customers/visitors/links from those countries, I do A' all day long on several other sites without thinking about it for 2 seconds a year ;)
|
dstiles
msg:4266247 | 10:09 pm on Feb 12, 2011 (gmt 0) |
Anything that can be determined to be a server range should be banned in my book. It may be as small as /24 or it can occasionally be as big as /15 but if it's servers it's blocked.
Which is not to say I have all of them: I'm still picking up one or two server ranges a day but usually these are either very small ranges (less than /21) or are very well managed so do not get infected or abused.
|
wilderness
msg:4266264 | 11:12 pm on Feb 12, 2011 (gmt 0) |
| Anything that can be determined to be a server range should be banned in my book. |
|
I agree, as I'm sure most longtime participants here do as well.
A long while back, I even expanded my personal definition on 3rd party users.
Some Universities turn into real pests.
|
blend27
msg:4266313 | 3:35 am on Feb 13, 2011 (gmt 0) |
| Anything that can be determined to be a server range should be banned in my book. |
|
The cover of my book says that in VERY BERRY BIG RED Letters as well, however I tend to serve a soft 403 when the amount of attempts is below an allowable threshold, meaning the visitor is server a blank page(with a 403) that contains a single <div> that includes linked JQuery file that populates that <div> with a form that needs to be submitted to gain the access to the site. Call it Cloaking, don't care, if the range's been spotted as HOSTING/Colo ---> cold beans served then.
This way if the range in question gets transfer to a diff company I could make a decision whether unblocking it is the right thingy to do.
Just a thought.
|
dstiles
msg:4266578 | 8:19 pm on Feb 13, 2011 (gmt 0) |
I feed a 403 - mine is an ASP server - with no form. I do serve a form if a "broadband" IP has been auto-blocked, which happens a LOT because of compromised "home" machines. They get blocked on the IP for a few days with a form asking for deliverance, but almost no one submits one nowadays.
|
Megaclinium
msg:4266677 | 4:44 am on Feb 14, 2011 (gmt 0) |
Wow,
thanks everyone for these ideas
and thanks blend27 for ranges
|
Bewenched
msg:4293987 | 3:15 am on Apr 8, 2011 (gmt 0) |
Yes, thanks blend27 for those ranges, there was a bunch I didnt have blocked already.
|
|
