homepage Welcome to WebmasterWorld Guest from 54.161.190.9
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL

Search Engine Spider and User Agent Identification Forum

    
A comprehensive list of EC2 IP ranges
bakedjake




msg:4431325
 2:45 pm on Mar 20, 2012 (gmt 0)

I'm stopping them one by one but it seems new ones pop up every day. Let's build a list - here's what I've got so far:

204.236.128.0/17
75.101.128.0/17
50.16.0.0/14
184.72.0.0/15
174.129.0.0/16
107.20.0.0/14
66.40.52.0/24 (*)

That last one isn't ec2 - it's some provider in Florida - but it has crawled me with bots with the exact same signature of the rotating made up UA ec2 bots (you know, the Opera 9.90 guys) and I think owner of the bots live in that netblock and test from there, so I've got it down as a related netblock.

 

iamzippy




msg:4431376
 4:23 pm on Mar 20, 2012 (gmt 0)

Here's my current state of the EC2. I last updated it in early Feb 2012. These things are subject to periodic change.

[Amazon EC2 - US East - Northern Virginia]
23.20.0.0/14 (23.20.0.0 23.23.255.255)
50.16.0.0/15 (50.16.0.0 - 50.17.255.255)
50.19.0.0/16 (50.19.0.0 - 50.19.255.255)
67.202.0.0/18 (67.202.0.0 - 67.202.63.255)
72.44.32.0/19 (72.44.32.0 - 72.44.63.255)
75.101.128.0/17 (75.101.128.0 - 75.101.255.255)
107.20.0.0/15 (107.20.0.0 - 107.21.255.255)
107.22.0.0/16 (107.22.0.0 - 107.22.255.255)
174.129.0.0/16 (174.129.0.0 - 174.129.255.255)
184.72.64.0/18 (184.72.64.0 - 184.72.127.255)
184.72.128.0/17 (184.72.128.0 - 184.72.255.255)
184.73.0.0/16 (184.73.0.0 184.73.255.255)
204.236.192.0/18 (204.236.192.0 - 204.236.255.255)
216.182.224.0/20 (216.182.224.0 - 216.182.239.255)

[Amazon EC2 - US West - Northern California]
50.18.0.0/16 (50.18.0.0 - 50.18.255.255) NEW
184.72.0.0/18 (184.72.0.0 184.72.63.255)
184.169.128.0/17 (184.160.128.0 - 184.169.255.255) NEW
204.236.128.0/18 (216.236.128.0 - 216.236.191.255)

[Amazon EC2 - US West - Oregon]
50.112.0.0/16 (50.112.0.0 - 50.112.255.255)

[Amazon EC2 - EU - Ireland]
46.51.128.0/18 (46.51.128.0 - 46.51.191.255)
46.51.192.0/20 (46.51.192.0 - 46.51.207.255)
46.137.0.0/17 (46.137.0.0 - 46.137.127.255)
46.137.128.0/18 (46.137.128.0 - 46.137.191.255) NEW
79.125.0.0/17 (79.125.0.0 - 79.125.127.255)
176.34.64.0/18 (176.34.64.0 176.34.127.255) NEW
176.34.128.0/17 (176.34.128.0 - 176.34.255.255)

[Amazon EC2 - Asia Pacific - Singapore]
46.51.216.0/21 (46.51.216.0 - 46.51.223.255)
46.137.224.0/19 (46.137.224.0 - 46.137.255.255) NEW
122.248.192.0/18 (122.248.192.0 - 122.248.255.255)
175.41.128.0/18 (175.41.128.0 - 175.41.191.255)

[Amazon EC2 - Asia Pacific - Tokyo]
46.51.224.0/19 (46.51.224.0 - 46.51.255.255)
46.137.192.0/18 (46.137.192.0 - 46.137.255.255)
103.4.8.0/21 (103.4.8.0 - 103.4.15.255)
175.41.192.0/18 (175.41.192.0 - 175.41.255.255)
176.32.64.0/19 (176.32.64.0 - 176.32.95.255)
176.34.0.0/18 (176.34.0.0 - 176.34.63.255) NEW

[Amazon EC2 - South America - Sao Paulo]
177.71.128.0/17 (177.71.128.0 - 177.71.255.255) NEW

wilderness




msg:4431452
 7:31 pm on Mar 20, 2012 (gmt 0)

I guess annie's been twiddling her thumbs for everyone's benefit [webmasterworld.com]

keyplyr




msg:4431455
 7:40 pm on Mar 20, 2012 (gmt 0)


Of course all these will start to change in a few weeks when IP6 gets fully implemented across the networks, so get ready to redo your entire defense strategy.

wilderness




msg:4431463
 7:55 pm on Mar 20, 2012 (gmt 0)

keyplr,
There's an old thread either here or in the Apache Forum, where somebody explained the simplicity of converting IPV4 to IPVG ranges.

Wish I'd saved the info and URL ;)

keyplyr




msg:4431503
 9:01 pm on Mar 20, 2012 (gmt 0)


AFAIK there's no way to "convert" IP4 to IP6 on the receiving end - it doesn't make sense.

You won't even see IP6 until your server changes to support them. Then, there will be no relation to the old IP4, they will be all new. The good news is, IP6 is backward supportive, meaning when your server does switch, you will still see the old IP4 from those servers that haven't switched yet, so we can still block those IP4 addresses, but we'll need to again trace the IP6 addresses.

FWIW - I already have most of mine ready, just waiting for the witching hour.

dstiles




msg:4431504
 9:03 pm on Mar 20, 2012 (gmt 0)

bakedjake - you can begin by blocking our lists of IPs given in pfui's latest amazon thread at [webmasterworld.com...] - I think that covers all known ranges up to a month or so ago. If anyone can add to those lists I'd be interested.

iamzippy - some of your ranges are incorrectly assigned. 46.most things are Europe not Asia and 46.51.224.0/19, for example, is registered to the Dublin, Ireland branch of amazon; as is 46.137.224.0/19 although actually registered in france, according to my registry checks. In reality, though, I don't suppose location really matters: it's the existence that's important.

iamzippy




msg:4431511
 9:25 pm on Mar 20, 2012 (gmt 0)

dstiles - thanks for that, point taken. I never got round to doing the necessary per-RIR, all I know is they work ;)

I'll get on to it.

DeeCee




msg:4431697
 12:59 pm on Mar 21, 2012 (gmt 0)

FYI,

Current catch list. Extracted from my database, and all networks looked up manually again this morning for validation of ranges and location.

Some of @iamzippy's ranges were smaller subnets. They are embedded in the below registrations.
They (likely) have more than these, but I have not seen and added them yet.

The European ones are (formally) spread across NL, FR, an IE. Although only Amazon's internal routing can tell where individual pieces are actually being used.


'Amazon_EC2_Asia', '103.4.12.0/22'
'Amazon_EC2_Asia', '103.4.8.0/22'
'Amazon_EC2_N_America', '107.20.0.0/14'
'Amazon_EC2_N_America', '107.22.0.0/16'
'Amazon_EC2_S_America', '122.248.192.0/19'
'Amazon_EC2_N_America', '174.129.0.0/16'
'Amazon_EC2_S_America', '175.41.128.0/19'
'Amazon_EC2_S_America', '175.41.192.0/19'
'Amazon_EC2_Asia', '175.41.224.0/19'
'Amazon_EC2_Europe', '176.32.64.0/21'
'Amazon_EC2_Europe', '176.34.0.0/21'
'Amazon_EC2_S_America', '177.71.128/17'
'Amazon_EC2_N_America', '184.169.128.0/17'
'Amazon_EC2_N_America', '184.72.0.0/15'
'Amazon_EC2_N_America', '204.236.128.0/17'
'Amazon_EC2_N_America', '216.182.224.0/20'
'Amazon_EC2_N_America', '23.20.0.0/14'
'Amazon_EC2_Europe', '46.137.0.0/17'
'Amazon_EC2_Europe', '46.137.128.0/18'
'Amazon_EC2_Europe', '46.137.192.0/21'
'Amazon_EC2_Europe', '46.137.224.0/21'
'Amazon_EC2_Europe', '46.51.192.0/20'
'Amazon_EC2_Europe', '46.51.216.0/21'
'Amazon_EC2_Europe', '46.51.224.0/21'
'Amazon_EC2_N_America', '50.112.0.0/16'
'Amazon_EC2_N_America', '50.16.0.0/14'
'Amazon_EC2_N_America', '67.202.0.0/18'
'Amazon_EC2_N_America', '72.44.32.0/19'
'Amazon_EC2_N_America', '75.101.128.0/17'
'Amazon_EC2_Europe', '79.125.0.0/18'

DeeCee




msg:4431699
 1:08 pm on Mar 21, 2012 (gmt 0)

BTW.. The attached page shows a dynamic Map of the offender IPs across the US.

The blob on top of Seattle, WA should make it clear why we block EC2. :-)

[riskyinternet.com...]

dstiles




msg:4431906
 10:26 pm on Mar 21, 2012 (gmt 0)

DeeCee - The lines you give are not compacted enough for me. :)

My database lists the following, without countries included:

8.18.144.0 - 8.18.145.255
23.20.0.0 - 23.23.255.255
46.51.128.0 - 46.51.255.255
46.137.0.0 - 46.137.255.255
50.16.0.0 - 50.19.255.255
50.112.0.0 - 50.112.255.255
67.202.0.0 - 67.202.63.255
72.21.192.0 - 72.21.223.255
72.44.32.0 - 72.44.63.255
75.101.128.0 - 75.101.255.255
79.125.0.0 - 79.125.127.255
87.238.80.0 - 87.238.87.255
103.4.8.0 - 103.4.15.255
107.20.0.0 - 107.23.255.255
122.248.192.0 - 122.248.255.255
174.129.0.0 - 174.129.255.255
175.41.128.0 - 175.41.255.255
176.32.64.0 - 176.32.127.255
176.34.0.0 - 176.34.255.255 (latest entry dated Feb 23)
184.72.0.0 - 184.73.255.255
199.255.192.0 - 199.255.195.255
204.236.128.0 - 204.236.255.255
207.171.160.0 - 207.171.191.255
216.182.224.0 - 216.182.239.255

DeeCee




msg:4431931
 12:44 am on Mar 22, 2012 (gmt 0)

:)

Thanks!

You had some tagged on ranges inside yours that I did not have.. Added... Thanks..

A few makes me a little apprehensive. But I added a the couple I did not have, except for your first one.

8.18.144.0 - 8.18.145.255 is

Amazon Inc. LVLT-AMAZON-5-8-18-144 (NET-8-18-144-0-1) 8.18.144.0 - 8.18.144.255
Level 3 Communications, Inc. LVLT-ORG-8-8 (NET-8-0-0-0-1) 8.0.0.0 - 8.255.255.255

I have not seen bots from that net, and the slight issue I have is that I don't really want to block "Amazon" the company (all its networks), but rather just the Amazon EC2 cloud.

So, for example office type IPs there is really no reason to block. Don't want to kick out their people, only the cloud.

Have you seen attacks from all the nets?

keyplyr




msg:4431999
 8:58 am on Mar 22, 2012 (gmt 0)



DeeCee, I block that entire range and all other Level 3 ranges; have for years. I used to be an Amazon affiliate (until they dumped California accounts and reneged on payments owed) and never had an issue with the block.

DeeCee




msg:4432009
 9:32 am on Mar 22, 2012 (gmt 0)

@keyplyr,

Cool. Appreciate the info.

dstiles




msg:4432284
 9:44 pm on Mar 22, 2012 (gmt 0)

DeeCee - I did forget to mention that one or two might not be cloud. Sorry. I block amazon completelty. If any of the ranges I block are office-broadband then tough.

Bewenched




msg:4510280
 11:24 pm on Oct 20, 2012 (gmt 0)

Wish there was a better way to block them without having to keep up with all the blasted IP addresses.

OnThePike




msg:4512280
 2:35 pm on Oct 25, 2012 (gmt 0)

# Amazon AWS/Elastic Cloud
deny from 8.18.144.0/23
deny from 23.20.0.0/14
deny from 46.51.215.0/25
deny from 46.51.215.128/26
deny from 46.51.215.192/27
deny from 46.51.215.224/28
deny from 46.51.215.240/29
deny from 46.51.215.248/30
deny from 46.51.215.252/31
deny from 46.51.215.254/32
deny from 46.51.128.0/18
deny from 46.51.192.0/20
deny from 46.51.208.0/22
deny from 46.51.212.0/23
deny from 46.51.214.0/24
deny from 46.51.216.0/21
deny from 46.51.224.0/20
deny from 46.137.0.0/16
deny from 50.16.0.0/14
deny from 50.112.0.0/16
deny from 54.224.0.0/11
deny from 63.92.12.0/22
deny from 63.238.12.0/22
deny from 63.238.16.0/23
deny from 64.15.138.160/27
deny from 64.15.156.64/27
deny from 66.7.64.0/19
deny from 67.202.0.0/18
deny from 67.205.69.32/27
deny from 70.38.0.0/17
deny from 72.21.192.0/19
deny from 72.29.185.0/24
deny from 72.44.32.0/19
deny from 72.55.128.0/18
deny from 75.101.128.0/17
deny from 79.125.0.0/16
deny from 87.231.235.2/32
deny from 107.20.0.0/14
deny from 174.129.0.0/16
deny from 184.72.0.0/15
deny from 204.74.108.0/24
deny from 204.236.128.0/17
deny from 204.246.160.0/22
deny from 204.246.167.0/24
deny from 204.246.168.0/23
deny from 204.246.176.0/21
deny from 204.246.184.0/22
deny from 207.171.160.0/19
deny from 208.47.248.0/23
deny from 209.201.96.0/22
deny from 216.137.32.0/20
deny from 216.137.48.0/21
deny from 216.182.224.0/20

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved