Had a really nasty bot that appears to have been attempting to hack our ordering system on our ecommerce site. 23.83.128.0/21
TorontoBoy
5:45 pm on Aug 12, 2019 (gmt 0)
Do you have a UA name? Any info from the header info? I usually like to try to ID the bot, or have as many clues or identifiers as possible, because they can easily move host providers.
jmccormac
6:15 pm on Aug 12, 2019 (gmt 0)
Nobis/Leaseweb servers, I think. Not sure if there are any human users.
Regards...jmcc
Pfui
6:30 am on Aug 13, 2019 (gmt 0)
I've blocked Ubiquity / Nobis / Leaseweb server farms since at least 2010. If you don't need them, lose them.
23.83.128.0 - 23.83.207.255
deny from 23.83.128.0/18 deny from 23.83.192.0/20
Or you can go really big:
23.80.0.0 - 23.83.63.255
deny from 23.80.0.0/15 deny from 23.82.0.0/16 deny from 23.83.0.0/18
lucy24
5:45 pm on Aug 13, 2019 (gmt 0)
I did a casual search for this IP and found a scattering of robotic requests ... every last one of them blocked. That means they're all the generic inept robots that can't be bothered to send humanoid headers. (Before posting, I also checked my htaccess to ensure that I hadn't also denied the IP and then forgot about it. I do have a handful of IP-based lockouts, but this isn't currently one of them.)
