85.25.0.0/16 - serverloft DE. Block the lot. :)

Seems there are many server farms inside 85.25.0.0/16 including Hurricane.

Although I have the range tagged since May 2010 as serverloft it now appears to belong to PlusServer and managed by Intergenia (same company?).

Hadn't noticed hurricane but a lot of US companies are using RIPE services now. Part of the world take-over bid, I suppose. :)

I have mostly garbage in that range (most of it is blocked). 85.25.176.x and 85.25.138.x I have legit users from.

I assume those users are bots from servers? Taking an IP at random at 176.88 I got three open ports including http, ftp and something called mythtv. In my book, that's a server.

From two long time and respected members of one of my forums with hundreds of posts each. Out of the dozens of IPs they've each used over the years, those are listed. I have no *recent* data, so it may have been a proxy at some point in the past they used.

I show nothing in my logs from either of those IPs from the last 60 days so its probably a safe bet to block the IPs.

Proxy IPs would be a good bet if the servers' users were that way inclined. If you have specific IPs then run a port check of them (I use linux umit) to see if there are any open ports that could be used for any purpose such as http, ftp. If so, it's a fair bet they could also be used as proxies.

I monitor all proxies that hit my servers (check the headers). Many are harmless and are let through, others are blocked.