Sakura - I have others, total 11...

49.212.0.0 - 49.212.255.255
59.106.0.0 - 59.106.255.255
112.78.112.0 - 112.78.127.255
112.78.192.0 - 112.78.223.255
133.242.0.0 - 133.242.255.255
160.16.0.0 - 160.16.255.255
182.48.0.0 - 182.48.63.255
202.181.96.0 - 202.181.111.255
210.188.192.0 - 210.188.223.255
210.188.224.0 - 210.188.255.225
219.94.128.0 - 219.94.255.255

Relentless bots come to mind while reading here: [webmasterworld.com...] regarding the latest server patch.

dstiles - thanks for the additional 5 ranges

not2easy - who knows? Sometimes I get 5 or 6 thousand fast redundant hits for a file but my server admin says it's not a DDoS (maybe a keyboard key got stuck?) Not sure what constitutes a DDoS on their end but it sure is a PITA trying to process my log after that.

The SEARCH panel shows this result [google.com] (what a freaking waste of time.
Went through the seven pages without finding (what an additional waste of time) these threads are USELESS with the forum search in its present state!

Colocation America Corporation
CAC-BLOCK9 104.143.96.0 - 104.143.111.255 104.143.96.0/20
CAC-BLOCK10 104.224.64.0 - 104.224.95.255 104.224.64.0/19
CAC-BLOCK7 173.211.0.0 - 173.211.127.255 173.211.0.0/17
CAC-BLOCK6 174.140.192.0 - 174.140.255.255 174.140.192.0/18
CAC-BLOCK8 184.174.0.0 - 184.174.127.255 184.174.0.0/17
CAC-BLOCK1 208.70.248.0 - 208.70.255.255 208.70.248.0/21
CAC-BLOCK2 208.76.248.0 - 208.76.255.255 208.76.248.0/21
CAC-BLOCK11 45.73.160.0 - 45.73.191.255 45.73.160.0/19
CAC-BLOCK4 67.203.0.0 - 67.203.63.255 67.203.0.0/18
CAC-BLOCK3 67.207.160.0 - 67.207.191.255 67.207.160.0/19
CAC-BLOCK5 67.227.0.0 - 67.227.127.255 67.227.0.0/17
COLOAM6-BLOCK1 2607:F188:: - 2607:F188:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF

Thanks wilderness, I didn't have a couple of those.

I haven't been posting too many server farm ranges lately because most of my effort has been put to *allowing* more access to my site. I've even stopped working on client projects for a while until I get this under control.

Over the last several years I've amassed hundreds of blocked server ranges. With the recent mobile mania, many of these companies have developed cloud services for mobile connectivity as well as desktop in many cases. Also, the thousands of mobile apps also need connectivity. Very few take their business to ISPs. Most cut deals with colos, data centers & large hosting companies that have a solid global presence.

So with all these ranges blocked I now have several hundred rewrite lines allowing conditions to many of those blocked ranges. However just when I feel I've got most of the work done, another "friendly" shows up from a blocked range - add that to the fact that dynamic cloud computing can have this agent coming from multiple distributed ranges.

No longer can a webmaster just block a range because it is assigned to a hosting company or colo. Chances are you'll be blocking human traffic. If you block ranges you now need to include conditions to that rule to allow humans through. That can be the tricky part.

keyplr,
This particular request was repetitious over multiple IP's and UA's all for the same page.
Three were blank UA's, one from a RIPE, two from LACNIC and two from ARIN.
Hardly the cloud activity your referring to.

I was making a general statement why I was not posting server farm ranges lately, not directed at the activity associated with your colo post.
__________________________________________________

Maybe I should have separated the two with a horizontal line :)

Believe I'll just cease (since I began this thread) adding new colo's (especially give the lame search capabilities) and there won't be any confusion.
This thread has grown too long for any usefulness anyway.

I disagree. I get quite a lot if important info from this thread, always have.

Same here. I'd missed three of those colo ranges.

I find very few reasons to unblock ranges but what reasons I do find are usually proposed in here (eg amazon and mobiles) and there is usually a way (at least for me) to let goodies through while blocking baddies from server ranges.

I've only actually *unblocked* several ranges - those that have been reassigned to an unrelated company from the earlier inhabitant, and only when it is for human traffic.

But as I said earlier, I've poked holes in a large number of server farms/colos/datacenter ranges. Not all holes are for humans, some are for bots I deem beneficial, example: a 3rd party venture gathering data for advertisers, who then buy ads through MS Ads or Adsense, increasing competition, driving up bids & resulting in more ka-ching for me.

Not an IP range, but rather than start a separate thread, this is my latest referer-based lockout:

^http://[\w.]+(--|xx)

Meaning: if it claims to come from a domain whose name includes two consecutive hyphens, or two-or-more x, it's a robot. Unless, ahem, you've got the kind of site where referers from xxx domains are legitimate and welcome.

Well yes... much like the infamous cigarette, after watching p0rn, a lot of people like to visit my site. I think this trend started in California, probably Northern California.

Domaincrawler Hosting (resilans.se )
194.103.51.0/24
194.103.51.0 - 194.103.51.255

ettnet.se
151.248.0.0/21
151.248.0.0 - 151.248.7.255

epldt.com
125.5.0.0/16
125.5.0.0 - 125.5.255.255

194.103.51.0/24 - I have the complete /16 blocked for a variety of servers and bots, including (my notes say) spotify. Might be worth checking.

Microsoft
40.64.0.0/10
40.64.0.0 - 40.127.255.255

I've had a few smaller subnets of this server farm blocked for a while but could never determine the larger range. Finally got the info:

GhostnetHosting (ghostnet.de)
5.230.0.0/15
5.230.0.0 - 5.231.255.255
___

I do not block Microsoft's 40.64/10

New (August) Digital Ocean...

159.203.0.0 - 159.203.255.255
159.203.0.0/16
Simple Cloud Host

Not worth starting a separate thread so let me toss this in here. For the Deny list (BrowserMatch or formulation of your choice, case sensitive):

^WWW-Mechanize

Several different version numbers, so no closing anchor, but casing is always the same. Primarily used for referer spam; most are from IP ranges you'd block anyway, but why take chances. The current run showed up about a week ago, but archived logs show a flurry of them in October 2013. (All of those must have been from blocked ranges, because I never even noticed the UA.)

Blocked for yonks, regardless of source. Exactly that string except for opening anchor.

Yup WWW-Mechanize is from last century.

Agree, not alway a start.

-------

Simple Cloud is the mobile range for Digital Ocean. I filter (block) it but let through mobile UAs.

Mobile UAs as in "I wonder what I will find if I plug this mobile UA into curl" or a real UA with proper headers?

Well isn't that always the case? We attempt to make a valid judgement whether the UA is an actual human, but only watching future behavior will tell for sure.

----

equant.com (biz services for Orange ISP France)
206.48.0.0/16
206.48.0.0 - 206.48.255.255

*New Iliad (as of Sept 17, 2015) bringing list to:

62.4.0.0/19
62.210.0.0/16
163.172.0.0/16 *
195.154.0.0/16
212.47.224.0/19
212.83.128.0/18
212.129.0.0/18

Note: also named Online or Dedibox, but owned by Iliad, France

Equant - I have three ranges for them (last courtesy of keyplr above), all based in US but providing "business" services in US and elsewhere.

206.48.0.0 - 206.48.255.255
209.88.0.0 - 209.88.255.255
216.72.0.0 - 216.72.255.255

Met a familiar botnet today from 104.223.40.112 which turns out to be
104.223.0.0/17
QuadraNet.

For those who like the sum 17+17 = 16 for a savings of at least seven bytes,
104.223.128.0/17
was listed in an earlier chapter of this thread as Global Frag.

I have not seen anything super nasty from these ranges. Until recently :(

Total Server Solutions L.L.C.

98.142.208.0 - 98.142.223.255
98.142.208.0/20

74.119.144.0 - 74.119.147.255
74.119.144.0/22

66.71.240.0 - 66.71.255.255
66.71.240.0/20
208.78.40.0 - 208.78.43.255
208.78.40.0/22

206.220.172.0 - 206.220.175.255
206.220.172.0/22

199.58.184.0 - 199.58.187.255
199.58.184.0/22

199.36.220.0 - 199.36.223.255
199.36.220.0/22

199.229.248.0 - 199.229.255.255
199.229.248.0/21

199.187.211.255 - 199.187.211.255
199.187.208.0/22

199.116.112.0 - 199.116.119.255
199.116.112.0/21

198.8.80.0 - 198.8.95.255
198.8.80.0/20

198.147.20.0 - 198.147.23.255
198.147.20.0/22

192.40.56.0 - 192.40.59.255
192.40.56.0/22

192.252.208.0 - 192.252.223.255
192.252.208.0/20

192.111.128.0 - 192.111.143.255
192.111.128.0/20

184.170.240.0 - 184.170.255.255
184.170.240.0/20

172.98.64.0 - 172.98.95.255 L
172.98.64.0/19

162.216.44.0 - 162.216.47.255
162.216.44.0/22

107.181.160.0 - 107.181.191.255
107.181.160.0/19

107.152.96.0 - 107.152.111.255
107.152.96.0/20

104.200.128.0 - 104.200.159.255
104.200.128.0/19

@blend27 - I had almost all those tagged as Colo55 or WireSix. Looks like totalserversolutions.com has been shopping.

zayo.com (formerly Abovenet) biz services. Note: As always nowadays, blocking without poking holes may cause collateral damage. I have found apps & mobile traffic from several of the cloud ranges... also the bored office worker looking for excitement :)

64.124.0.0/15
64.124.0.0 - 64.125.255.255

208.123.64.0/19
208.123.64.0 - 208.123.95.255

208.184.0.0/15
208.184.0.0 - 208.185.255.255

209.66.64.0/18
209.66.64.0 - 209.66.127.255

209.133.0.0/17
209.133.0.0 - 209.133.127.255

209.249.0.0/16
209.249.0.0 - 209.249.255.255

213.152.0.0/19
213.152.0.0 - 213.152.31.255