Bewenched
msg:4511544 | 4:41 am on Oct 24, 2012 (gmt 0) |
208.115.111.68 they stopped by today on this ip
|
wilderness
msg:4511553 | 5:34 am on Oct 24, 2012 (gmt 0) |
Another:
216.176.176.0 - 216.176.191.255
Aren't wowrack and Wide Open West, one in the same?
|
keyplyr
msg:4511814 | 5:13 pm on Oct 24, 2012 (gmt 0) |
Wide Open West = WOW?
|
wilderness
msg:4511835 | 5:21 pm on Oct 24, 2012 (gmt 0) |
Aye.
|
OnThePike
msg:4512279 | 2:34 pm on Oct 25, 2012 (gmt 0) |
# WowRack/Swift Communications/AllHostShop/Revelation Hostile Networks - AS23033/AS33569
deny from 64.79.201.0/24
deny from 64.79.202.0/23
deny from 64.79.212.0/24
deny from 64.79.222.0/24
deny from 64.246.167.0/24
deny from 64.246.179.0/24
deny from 64.246.180.0/24
deny from 64.246.186.0/24
deny from 64.246.190.0/24
deny from 66.228.199.0/24
deny from 66.228.219.0/24
deny from 66.228.222.0/24
deny from 66.249.2.0/24
deny from 66.249.6.0/24
deny from 66.249.26.0/23
deny from 74.117.172.0/23
deny from 74.121.184.0/21
deny from 76.191.81.0/24
deny from 76.191.82.0/23
deny from 192.147.164.0/24
deny from 199.66.140.0/22
deny from 204.8.32.0/24
deny from 204.8.34.0/24
deny from 204.13.164.0/22
deny from 204.14.120.0/22
deny from 204.15.224.0/21
deny from 207.14.112.0/20
deny from 208.90.168.0/22
deny from 208.99.192.0/19
deny from 208.115.96.0/19
deny from 209.40.200.0/24
deny from 209.59.192.0/19
deny from 216.18.224.0/20
deny from 216.176.176.0/20
deny from 216.223.28.0/22
deny from 216.244.64.0/19
|
Bewenched
msg:4516695 | 7:03 am on Nov 7, 2012 (gmt 0) |
OMG my htaccess is HUGE.
|
keyplyr
msg:4516698 | 7:13 am on Nov 7, 2012 (gmt 0) |
My htaccess is larger (25kb) than several of my web pages, but since it's a flat file it processes very, very fast.
Helps to group rules by mod w/ redirects last IMO.
|
keyplyr
msg:4516708 | 7:25 am on Nov 7, 2012 (gmt 0) |
@ OnThePike
Thanks for the IP list. Some however don't (or no longer) look like servers.
Others can be condensed. Example, these three:
deny from 66.249.2.0/24
deny from 66.249.6.0/24
deny from 66.249.26.0/23
Are all inside of:
66.249.0.0 - 66.249.31.255
So they can be written as:
deny from 66.249.0.0/19
|
lucy24
msg:4516723 | 9:11 am on Nov 7, 2012 (gmt 0) |
| WowRack/Swift Communications/AllHostShop/Revelation Hostile Networks |
|
That is one ### of a lot of /24s for the US. It's what you'd expect to see from RIPE. Detour to WhoIs results in:
64.79.192.0/19
64.246.160.0/19 (best guess here because WhoIs got snarky)
66.228.192.0/19 (ditto)
66.249.0.0/19
74.117.172.0/22 (really, darn it)
74.121.184.0/21 (looks like that's really all there is-- I randomly checked .182.)
There's a
76.191.64.0/18
umbrella but it's not clear if all the occupants are servers.
192.147.160.0/21 and 192.147.168.0/24 (really: .169. is someone else)
... and at this point whois started getting grumpy and acting as if it was considering throwing a captcha at me. But I'd be suspicious of anything in ARIN that comes through as smaller than /21. Maybe /22 at the outside. You're generally looking at subletting. Some of those sublessors may be perfectly harmless schools or small towns, but in that case they're probably not buying your expensive custom-made widgets anyway so it's no risk.
216 always catches my attention. It's such a mix.
|
|
