List your banned IP's / domains and why

Forum Moderators: open

Message Too Old, No Replies

List your banned IP's / domains and why

icehousedesigns

1:48 pm on Jun 11, 2001 (gmt 0)

I figured I'd list my banned IP's / domains for you guys to see, feel free to add what you want to yours...and feel free to list what you have as well..and why. I figured SE spider ID would probably be the best place to list this.

64.208.166.11 - Static IP E-mail Siphon user
209.17.181.33 - Malicious spider at [antarcti.ca...]
198.4.83.49 - Malicious spider at [ibm.com...] research lab
alexa.com - Yet another POS spider at [alexa.com...]
64.43.10.20 - Yet ANOTHER POS spider from [t-systemsus.com...]
193.251.190.3 - A known e-mail harvester at wanadoo.fr, I'm tempted to ban the whole domain since I've had *many* harvester users from that ISP..
213.162.24.94 - Some freeware spider software user trying to build a POS search engine.
202.108.250.226- Out of control .ch SE spider
63.171.232.248 - Some character sending about 10 http requests a second for different pages
66.7.131.131 - Out of control spider for openfind.com.tw

mivox

10:46 pm on Jun 11, 2001 (gmt 0)

The newest two:

-212.135.130.130 obnoxiously fast requests, and generates stupid 404s by trying to read URLs in javascript commands...
-63.96.157.203 obnoxiously fast requests

The rest of the list:

-198.4.83.49 - same reason as you :)
-.almaden.ibm.com - more very rude IBM research spiders
-spiderman.energyecomm.com - not an important enough site to justify the spider bandwidth hogging
-singingfish.com - see above
-grub-crawler.vistavdi.com - simultaneous file requests

tigger

6:37 am on Jun 13, 2001 (gmt 0)

could you give me some more information on this address 212.135.130.130 it crawled a client of mine yesterday but I don't seem to be able to find out much about it and spent most of the afternoon doing it

Edited. looks like the owner is Computer Solutions & Finance Group PLC, but why spider a site?

mark_roach

12:33 pm on Jun 14, 2001 (gmt 0)

>212.135.130.130

This little b*gger has been all over my sites in the last couple of days generating thousands of 404 errors.

bobriggs

12:49 pm on Jun 14, 2001 (gmt 0)

I can't find the original post, but I think in March that site was defaced (obscene message put up on site) by a group called PoisonBox. I believe they still have control over the IP. I have banned it but I thought the address was 212.135.130.134 ...

tigger

12:56 pm on Jun 14, 2001 (gmt 0)

mark.

Know the feeling! I did try to find out some information on this address and in the end went over to the "dark side" SEW (only joking) and can across a similar posting after dropping an e-mail she came back with several e-mails relating the owner of this IP.

They are very long so drop me a sticky with your e-mail address and I�ll forward them on, but needless to say it's a computer company based in Scotland, the md knows of no reason why this is happening but is looking into this.

but if you want the full story let me know.

bobriggs

1:06 pm on Jun 14, 2001 (gmt 0)

I found this also:
[cert.org...]

'Solaris systems compromised by this worm are being used to scan and compromise other Solaris and IIS systems. IIS systems compromised by this worm can suffer modified web content'