Welcome to WebmasterWorld Guest from 3.234.210.89

Forum Moderators: Ocean10000

Thinking of blocking 40.64.0.0/10 and 51.140.0.0/14 (MSFT)

Seen some bot stuff recently

     
2:00 am on Sep 24, 2019 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:Sept 8, 2016
posts:99
votes: 0


Thinking of blocking 40.64.0.0/10 and 51.140.0.0/14 (MSFT) at the router because of some not-nice behavior.

Is there a legit reason to keep those CIDR's open? Anyone ever see legit (or wanted/desirable) hits from there?
5:53 am on Sept 24, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 5, 2005
posts: 2067
votes: 2


This is going to sound corny but have you tried reporting any of the undesirables when they strike? Some months ago I figured what the heck and when IPs are particularly egregious, I fire off an e-mail a la:

-----
To: abuse@microsoft.com
Subject: Abuse from: 104.211.62.xyz
Message:

Multiple WordPress-specific exploit probes.

IP Location: USA
IP Reverse DNS (Host): 104.211.62.xyz
IP Owner: Microsoft Corporation

[My IP here] ACCESS LOG:

[Ten lines or so of raw log.]
-----

Reporting momentarily relieves my ire, even though I've never received so much as a canned response.

You can also report a CIDR but the log specifics help the other end nail down if the problem's with an Azure account, etc.

Then again, I never get any wanted/desirable hits from any MS addresses any more -- only relentless and rude bingbot; never any legit referral traffic -- so no big loss if you were to axe 'em, imho.