upside
msg:4413121 | 4:28 pm on Feb 1, 2012 (gmt 0) |
webair.com is a hosting provider. I block them and all hosting provider ranges. I've seen a typical pattern of bad traffic from them such as fake Googlebots and the like.
|
wilderness
msg:4413196 | 6:57 pm on Feb 1, 2012 (gmt 0) |
I've this denied since 2008
RewriteCond %{REMOTE_ADDR} ^209\.200\.([0-9]|[1-5][0-9]|6[0-3])\.
|
dstiles
msg:4413251 | 9:36 pm on Feb 1, 2012 (gmt 0) |
The point isn't blocking webair - I've been doing that for years.
My point is: they are using compromised broadband IPs as proxies - ie the IP only shows in the FWD_FOR header. Which I've also been blocking for a long time, depending on the FWD IP, but which I've noticed quite a bit for this one company (found another IP from them just after posting).
I reported elsewhere that this is a general problem, with a variety of (probably) compromised servers calling the shots. This is a specific persistent source: WebAir.
|
wilderness
msg:4413265 | 10:11 pm on Feb 1, 2012 (gmt 0) |
dstiles,
There are quite a few major internet providers in the US that have open proxies, and despite the providers being aware of the issues it creates for spammers and botnets, the proxies remain open. Go figure!
|
|
