homepage Welcome to WebmasterWorld Guest from 54.204.64.152
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld

Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL

Search Engine Spider and User Agent Identification Forum

    
How to find all the IP ranges of a hosting co
Megaclinium




msg:4264028
 3:09 am on Feb 8, 2011 (gmt 0)

I don't seem to see the IP ranges when I lookup on ripe the hosting companies.

I saw in this article:
[technologyreview.com...]

that steephost in Ukraine is major source of malware so wanted to block them ahead of time.

this is all that shows:
[db.ripe.net...]


Is there a way to easily find all their ranges so I can deep-six them?

 

wilderness




msg:4264175
 3:37 pm on Feb 8, 2011 (gmt 0)

No clue of the required procedure at RIPE-Whois, there may be a method, however and over the years I've been unable to determine same.

At ARIN-Whois, you take the acquired IP in hand, 1) do a search and the registered name of Steephost would appear; 2) take that appeared registered name and perform a second search, which results in ALL IP ranges (this procedure fails at RIPE).

It's a possibility that at RIPE one of the many flags are required.

thetrasher




msg:4264198
 4:19 pm on Feb 8, 2011 (gmt 0)

Use "Free Text Search"

or

[db.ripe.net...]
and
[db.ripe.net...]

dstiles




msg:4264423
 10:56 pm on Feb 8, 2011 (gmt 0)

Robtex will give you a starting point - follow links for the IP ranges from there.

If it's any help, I have the range 195.190.0.0 - 195.190.31.255 blocked. That range contains servers for several countries in blocks of /24.

Steephost also has the range 91.207.4.0 - 91.207.9.255

wilderness




msg:4264503
 2:49 am on Feb 9, 2011 (gmt 0)

Using the links provided by thetrasher (many thanks).

195.190.13.0 - 195.190.13.255
91.207.4.0 - 91.207.9.255
91.217.10.0 - 91.217.11.255
93.186.109.130 - 93.186.109.130

Megaclinium




msg:4265466
 1:46 am on Feb 11, 2011 (gmt 0)

Thanks everyone!

:)

blend27




msg:4266208
 7:45 pm on Feb 12, 2011 (gmt 0)

Here is a plephora Hosting Ranges of LV, UA and RU that got flagged as either Content Scrapers, Scrapped content hosting and/or hacking attempts(SQL Injections) in a past 6 month on one of my sites:



79.143.177.0 ---- 79.143.177.255 -- LV -- VDHOST
91.203.68.0 ---- 91.203.71.255 -- LV -- NANOIT-NET2
78.157.143.128 ---- 78.157.143.255 -- LV -- VDHOST
195.3.144.0 ---- 195.3.147.255 -- LV -- CRONOSIT
217.28.255.0 ---- 217.28.255.255 -- LV -- LINX-RIX-PETITS
188.92.72.0 ---- 188.92.79.255 -- LV -- ADTECHNOLOGY-LV-NET
193.46.236.0 ---- 193.46.236.255 -- LV -- NANOIT-NET1
92.240.68.149 ---- 92.240.68.159 -- LV -- ADDIO-LTD-20080414
94.142.128.128 ---- 94.142.128.255 -- LV -- CSSGROUP-NET
94.142.134.0 ---- 94.142.134.255 -- LV -- CSSGROUP-NET
89.208.32.0 ---- 89.208.47.255 -- RU -- DINETHOSTING
92.38.192.0 ---- 92.38.255.255 -- RU -- DINETHOSTING-NEXT2
81.177.32.0 ---- 81.177.35.255 -- RU -- ARBATEK
92.243.64.0 ---- 92.243.127.255 -- RU -- INFOBOX
91.201.64.0 ---- 91.201.67.255 -- RU -- MHOST
109.120.143.0 ---- 109.120.144.255 -- RU -- INFOBOX-HYPER-V
81.177.22.0 ---- 81.177.23.255 -- RU -- NETPLACE
82.146.56.0 ---- 82.146.63.255 -- RU -- ISPSYSTEM
84.252.133.0 ---- 84.252.133.255 -- RU -- AZZ1-NET
87.242.64.0 ---- 87.242.127.255 -- RU -- RU-MASTERHOST-20050722
82.146.52.0 ---- 82.146.55.255 -- RU -- ISPSYSTEM
95.169.190.0 ---- 95.169.191.254 -- RU -- RU-KEYWEB
195.190.12.0 ---- 195.190.12.255 -- RU -- KOSMOHOST
90.156.168.0 ---- 90.156.175.255 -- RU -- MAXHOSTING-NET
90.156.128.0 ---- 90.156.255.255 -- RU -- RU-MASTERHOST-20061117
81.177.26.0 ---- 81.177.27.255 -- RU -- ERIX-COLO
77.222.40.0 ---- 77.222.43.255 -- RU -- SPACEWEB

Grrrr......
83.222.22.0 ---- 83.222.23.255 -- RU -- MASTERHOST-HST
78.129.202.0 ---- 78.129.203.255 -- RU -- LIMT_GROUP-1
89.108.64.0 ---- 89.108.255.255 -- RU -- AGAVA-DATACENTER-NET
213.219.244.0 ---- 213.219.245.255 -- RU -- DINET-COLO
89.111.176.0 ---- 89.111.191.255 -- RU -- JSC CENTROHOST
84.252.148.0 ---- 84.252.149.255 -- RU -- MCHOST
213.219.241.0 ---- 213.219.243.255 -- RU -- EASYHOST
80.87.34.0 ---- 80.87.34.255 -- RU -- HOSTING
80.93.56.0 ---- 80.93.59.255 -- RU -- PETERHOST-MOSCOW
87.242.116.0 ---- 87.242.117.255 -- RU -- INTERNET-SERVICES-VPS-NET
92.241.160.0 ---- 92.241.191.255 -- RU -- RU-WEBALTA-20071217
193.151.88.0 ---- 193.151.91.255 -- UA -- VK-NET
85.255.112.0 ---- 85.255.127.255 -- UA -- INHOSTER
195.189.226.0 ---- 195.189.227.255 -- UA -- SERVERUA-DEDICATED
62.149.0.0 ---- 62.149.31.255 -- UA -- UA-COLOCALL-20000713
194.110.160.0 ---- 194.110.163.255 -- ua -- EXTHOST-NET
78.109.16.0 ---- 78.109.31.255 -- UA -- UA-HOSTING-20070703
91.203.4.0 ---- 91.203.7.255 -- UA -- TUTHOST
91.212.65.0 ---- 91.212.65.255 -- UA -- EUROHOST-NET
195.189.246.0 ---- 195.189.247.255 -- UA -- PRO100-NET
195.190.13.0 ---- 195.190.13.255 -- UA -- STEEPHOST-DC-UA
91.217.153.0 ---- 91.217.153.255 -- UA -- UAHOSTER-NET

wilderness




msg:4266224
 8:32 pm on Feb 12, 2011 (gmt 0)

blend,
rather than keep record of all those RIPE ranges?
It's a far less cumbersome task to simply
deny the Class A's ;)

Don

blend27




msg:4266234
 9:29 pm on Feb 12, 2011 (gmt 0)

can't do that on this site, lots of customers/visitors/links from those countries, I do A' all day long on several other sites without thinking about it for 2 seconds a year ;)

dstiles




msg:4266247
 10:09 pm on Feb 12, 2011 (gmt 0)

Anything that can be determined to be a server range should be banned in my book. It may be as small as /24 or it can occasionally be as big as /15 but if it's servers it's blocked.

Which is not to say I have all of them: I'm still picking up one or two server ranges a day but usually these are either very small ranges (less than /21) or are very well managed so do not get infected or abused.

wilderness




msg:4266264
 11:12 pm on Feb 12, 2011 (gmt 0)

Anything that can be determined to be a server range should be banned in my book.


I agree, as I'm sure most longtime participants here do as well.

A long while back, I even expanded my personal definition on 3rd party users.
Some Universities turn into real pests.

blend27




msg:4266313
 3:35 am on Feb 13, 2011 (gmt 0)

Anything that can be determined to be a server range should be banned in my book.

The cover of my book says that in VERY BERRY BIG RED Letters as well, however I tend to serve a soft 403 when the amount of attempts is below an allowable threshold, meaning the visitor is server a blank page(with a 403) that contains a single <div> that includes linked JQuery file that populates that <div> with a form that needs to be submitted to gain the access to the site. Call it Cloaking, don't care, if the range's been spotted as HOSTING/Colo ---> cold beans served then.

This way if the range in question gets transfer to a diff company I could make a decision whether unblocking it is the right thingy to do.

Just a thought.

dstiles




msg:4266578
 8:19 pm on Feb 13, 2011 (gmt 0)

I feed a 403 - mine is an ASP server - with no form. I do serve a form if a "broadband" IP has been auto-blocked, which happens a LOT because of compromised "home" machines. They get blocked on the IP for a few days with a form asking for deliverance, but almost no one submits one nowadays.

Megaclinium




msg:4266677
 4:44 am on Feb 14, 2011 (gmt 0)

Wow,
thanks everyone for these ideas
and thanks blend27 for ranges

Bewenched




msg:4293987
 3:15 am on Apr 8, 2011 (gmt 0)

Yes, thanks blend27 for those ranges, there was a bunch I didnt have blocked already.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved