Thanks for moving to needed thread. i posted there because i couldn find any better sorry

Here's a similar thread [webmasterworld.com]

Thanks well i blocked all this ip's

isnt there easier way to block ip range than this?
i block like this...

deny from 208.115.96.
deny from 208.115.97.
deny from 208.115.98.
deny from 208.115.99.
...

You may used CIDR in the deny from method:
208.115.96.0 - 208.115.127.255

deny from 208.115.96.0/19

Or in mod_rewrite:

RewriteEngine on
RewriteCond %{REMOTE_ADDR} ^208\.115\.(9[6-9]|1[01][0-9]|12[0-7])\. [OR]
RewriteCond %{REMOTE_ADDR} ^216\.176\.1(7[6-9]|8[0-9]|9[01])\.
RewriteRule .* - [F]

208.115.96.* till 208.115.126.255

Assuming for the sake of discussion that that's a typo and the second piece is really ..127..

You will very soon get these internalized. Chunks of 32 (inclusive) are /19 or /11 or -- shudder -- /27 depending on how deep into the number you go.

so if i write
order allow,deny
deny from 208.115.96.0 - 208.115.127.255
allow from all

thats ok?

thats ok?

NO!

order allow,deny
deny from 208.115.96.0/19
allow from all

Additionally, it's best advised to use the format deny,allow to assure function of ErrerorDocuments ana custom 403's.

Ok please explain me what this 0./19 means?

208.115.96 (96) + 19 ? = 115 ?

I have custom 403 but the default apache is presented to blocked ones.

thanks

Google search: "CIDR notation".

yes i am aware of google existance and its purpose thanks for help g1smd

i checked those poor writen documentations but i still dont understand what those writers want to say and i am sure you didnt 2 and someone explained you better

nevermind i will make htaccess 50MB

I see no point in cutting and pasting the Wikipedia article on CIDR notation into this thread for you to read.

sorry i am just mad as hell, not on you.

all those stu*id competitors and bots killing my busines, last thing i noticed they come from [google.(XXX)...] WITH QUERY and they stay on site <2 secconds MAKES google think my site is not giving good results of what users search for :(

so if i am right i actualy need this:

deny from 208.115.96.0/20
deny from 208.115.112.0/21
deny from 208.115.120.0/22
deny from 208.115.124.0/23
deny from 208.115.126.0/24

Ok please explain me what this 0./19 means?

Sorry, I'm not CIDR user (I use mod_rewrite for those types of expressions.

Just do a WHOIS on 208.115.96.0 and the CIDR range is provided on the second line.

There are numerous CIDR calculator/converters for free use on the www, some even explain the bits and bytes.

This range
208.115.96.0 - 208.115.127.255

and this range
208.115.96.0/19

are identical, and just expressed in a different syntax.

so if i am right i actualy need this:

deny from 208.115.96.0/20
deny from 208.115.112.0/21
deny from 208.115.120.0/22
deny from 208.115.124.0/23
deny from 208.115.126.0/24

NO!
You need the single line I've now provided thrice:

208.115.96.0/19

so if i am right i actualy need this:

deny from 208.115.96.0/20
deny from 208.115.112.0/21
deny from 208.115.120.0/22
deny from 208.115.124.0/23
deny from 208.115.126.0/24

If 208.115.127.n truly is absent from your series, then yes, you would be exactly right. But I really doubt it is.

/19 means, in English: if you put the whole string of numbers into binary notation (total of 32 digits), then the first 19 digits are the same. So
/8 means all of 208
/16 means all of 208.115
/24 means all of 208.114.126

I just re-checked a random wowrack number and landed on

208.115.96.0 - 208.115.127.255
208.115.96.0/19

so I think your original ..126.. was a typo. Or you read too fast. WhoIs and similar lookups will generally do the work for you by including the CIDR range.

How can i redirect all this zombies to another website?

You can't.

You can send a 301 status code but they don't have to obey it, and probably won't.

Also not a good idea even if you can do it. Presumably you would redirect it to a "bad" site which may well detect the hits in their logs and launch a ddos against you. If you direct them to a "good" site they may well complain to your ISP and get you dumped.

no i ment to redirect them to another my server where i can collect informations about them

then use it for protection for year or 2

Not worth it. Redirecting a spammer to something like 127.0.0.1 or to its own originating IP may give you a warm fuzzy feeling. But it will have no real effect, because robots don't have to follow redirects. And unless it's a phenomenally stupid robot* it will stop short and say "127.0.0.1? Isn't that...?" and scratch it off the shopping list, if any.


* We've met them ;) My favorite was the one that interpreted anything immediately after "<a " as a literal link. I've never seen such a collection of 404s.