Revised IP Address Block List in htaccess

#who has access who doesnt
order allow,deny
deny from 58.78.6.60
deny from 80.234.5.164
deny from 80.234.5.225
deny from 80.234.10.70
deny from 87.118.112.50
deny from 88.200.147.73
deny from 89.149.241.229
deny from 89.149.227.193
deny from 89.207.216.212
deny from 91.76.104.227
deny from 91.77.254.201
deny from 92.113.91.196
deny from 193.46.236.152
deny from 195.3.146.12
deny from 195.3.146.13
deny from 203.162.2.134
deny from 203.162.2.136
deny from 208.110.81.154
deny from 218.26.219.186
deny from 219.148.206.37
allow from all

Following my previous experiments with htaccess, IP address blocking & SABRE, I’ve remade my list as seen above.  Other sorts of spam are blocked using different plugins – usually they feed into Akismet.

Currently, the false user registrations are tending to come from these IP addresses above.  The “supposed” mail domains being chosen, are listed in descending order of instances below:

komatoz.net (6)
mail.ru (6)
yandex.ru (4)
atlaskit.com (1)
mail.com (1)
autocitychannel.com (1)
bk.ru (1)

This isn’t many, I know, because of the various blocks I’ve in place.  These have appeared because I purposely removed most IP address blocks as an experiment to see which were the current “bad boys”.  I mentioned this in a post a few weeks back, so these are the results.

The domains with only ONE instance are all new to me, so it looks like the bad guys could be shifting their bases and string patterns to a new batch.  I’ll come back to this in time, after things have developed a bit.  However, for a fully updated WordPress installation, I recommend using the htaccess file as a first line of defence and then the supplied Akismet plugin in combination with SABRE, Login Lockdown, Simple Trackback Validation, WP-SpamFree.  This combination has cut down the bad stuff to virtually zero.  I’ve heard people mention the “Bad Behaviour” plugin because it does a lot of stuff at once and is supposed to be a one click does all affair, however, I can’t recommend it as my personal experience over several versions has been that it locks me out as well!  This is not to say that I won’t try it again at some future date, but my current plugin mix works so as the phrase goes “if it ain’t broke, don’t fix it”.

Constant monitoring is the key to effective defences though, while at the same time striving to maintain an open blog that users can post or comment to without much trouble.

By Strangely

Founding member of the gifted & talented band, "The Crawling Chaos" from the North-East of England.

8 comments

    1. Thanks Bill. I don’t block any IP addresses now as life’s too short. However, I block bad queries and the like, plus lock out IP addresses temporarily that keep hitting at non-existent pages. This has made things a lot smoother.

      1. Thanks for the update. I wondered about the amount of work behind it and if it was worth it. I think you can block known spammers within the WP backend. I know I have copied and pasted a list in there. I would like to block junk like that so I know that my stats are accurate although it is also suppose to not track bots and the like.
        Thanks again

        1. Hi Bill.
          Try Block Bad Queries (BBQ) for blocking bad pings to your website, PHPEnkoder to protect email addresses from scrapers, Secure WordPress to tie a lot of things down, and maybe BulletProof Security. Watch the last two as they’re quite brutal, but if they work they’ll work well. The recent update to Akismet has also had a sea change in spam I’m getting now – zero!
          For front-end management, I’ve been using Sabre for a long time now, and recently added SweetCaptcha which is cute and works well.

          So far so good, but the bad-guy goalposts are always on the move so I’m always trying new plugins….

          Perishable Press (link above) are still using a customised block list, which is huge, but for me I don’t think I need it……yet…..!

  1. I’ve noticed some people looking at these lists with the aim of personalised blocking…

    FYI, I stopped bothering for a bit using this for a while because the spammers etc change IP address so often. The time involved in keeping track of the addresses, removing ones that don’t get used etc is just not worth it, IMHO. If I worked out the time at my normal hourly rate I could pay someone to do it – and give the car a service – and decorate the house!

    After a while, the spams started coming in (leaving SABRE|Akismet| Tan Tan Noodles to do all the blocking) so I got a different bunch of similar IP addresses to block. This is the current crop. I’ve noticed I’m getting a few more Russian & Chinese comment spams (which are trapped by the plugins) so it may be time to have another go.

    #who has access who doesn’t
    order allow,deny
    deny from 12.178.36.25
    deny from 124.237.86.62
    deny from 125.34.226.234
    deny from 125.45.115.120
    deny from 125.83.89.68
    deny from 131.107.65.41
    deny from 144.229.34.5
    deny from 144.229.34.5
    deny from 160.114.38.82
    deny from 190.2.0.2
    deny from 190.69.75.27
    deny from 192.68.112.136
    deny from 192.116.79.226
    deny from 193.144.34.242
    deny from 193.167.80.3
    deny from 193.205.184.13
    deny from 193.46.236.152
    deny from 194.25.146.4
    deny from 194.186.188.47
    deny from 194.186.53.226
    deny from 194.6.220.83
    deny from 195.2.114.31
    deny from 195.2.114.32
    deny from 195.2.114.33
    deny from 195.225.178.15
    deny from 195.245.119.76
    deny from 195.3.146.12
    deny from 195.3.146.13
    deny from 196.203.190.226
    deny from 200.27.73.12
    deny from 200.35.147.20
    deny from 200.63.40/22
    deny from 200.63.42.136
    deny from 200.71.199.86
    deny from 201.27.161.218
    deny from 202.10.64/15
    deny from 203.112.90.136
    deny from 203.162.2.133
    deny from 203.162.2.134
    deny from 203.162.2.136
    deny from 203.162.2.137
    deny from 204.9.184.229
    deny from 205.158.160.76
    deny from 206.53.61.4
    deny from 208.110.81.154
    deny from 208.187.80.135
    deny from 209.190.4.34
    deny from 210.0.198.81
    deny from 210.14.128.172
    deny from 210.22.158.132
    deny from 210.41.224.237
    deny from 212.115.225.21
    deny from 212.175.13.169
    deny from 212.23.21.100
    deny from 212.45.52.221
    deny from 212.45.52.221
    deny from 216.24.128.0/19
    deny from 216.24.131.152
    deny from 216.240.152.9
    deny from 217.146.246.8
    deny from 217.20.115.118
    deny from 217.75.158.160
    deny from 218.26.219.186
    deny from 218.61.16.8
    deny from 218.80.237.90
    deny from 219.117.216.130
    deny from 219.133.45.202
    deny from 219.148.206.37
    deny from 219.157.196.243
    deny from 219.157.196.243
    deny from 220.241.79.178
    deny from 24.1.39.117
    deny from 24.109.237.94
    deny from 38.99.101.151
    deny from 58.65.235.195
    deny from 58.65.235.196
    deny from 58.65.237.113
    deny from 58.65.239.146
    deny from 58.78.6.60
    deny from 59.165.2.234
    deny from 59.93.209.205
    deny from 59.95.182.210
    deny from 61.152.95.162
    deny from 62.12.137.20
    deny from 62.149.67.49
    deny from 64.233.178.136
    deny from 64.233.179.101
    deny from 64.86.69.6
    deny from 64.94.4.196
    deny from 66.232.124.243
    deny from 66.235.180.189
    deny from 67.18.18.122
    deny from 67.180.173.189
    deny from 67.225.205.53
    deny from 68.227.127.221
    deny from 68.230.199.205
    deny from 72.219.149.226
    deny from 72.249.100.188
    deny from 72.48.170.214
    deny from 74.6.22.174
    deny from 75.126.3.177
    deny from 76.108.136.168
    deny from 77.70.106.4
    deny from 78.110.160.130
    deny from 78.157.143.140
    deny from 78.157.143.249
    deny from 79.189.230.227
    deny from 79.69.159.210
    deny from 80.234.10.228
    deny from 80.234.10.70
    deny from 80.234.3.150
    deny from 80.234.5.164
    deny from 80.234.5.225
    deny from 80.234.8.204
    deny from 80.234.8.56
    deny from 80.45.54.27
    deny from 81.156.125.244
    deny from 81.63.140.37
    deny from 81.88.210.27
    deny from 82.237.112.123
    deny from 83.105.26.98
    deny from 84.16.252.90
    deny from 85.140.66.78
    deny from 85.194.127.11
    deny from 85.225.117.179
    deny from 85.84.53.127
    deny from 86.96.227.70
    deny from 87.118.102.146
    deny from 87.118.112.50
    deny from 87.118.118.146
    deny from 87.118.120.127
    deny from 87.118.122.2
    deny from 87.118.122.58
    deny from 87.118.70.5
    deny from 87.118.70.17
    deny from 88.200.145.197
    deny from 88.200.147.73
    deny from 88.200.253.47
    deny from 88.255.69.10
    deny from 88.83.59.3
    deny from 88.83.59.3
    deny from 88.84.200.121
    deny from 88.84.200.121
    deny from 89.149.227.193
    deny from 89.149.236.176
    deny from 89.149.241.229
    deny from 89.149.241.231
    deny from 89.149.254.13
    deny from 89.169.36.190
    deny from 89.18.166.90
    deny from 89.207.216.211
    deny from 89.207.216.212
    deny from 89.248.162.146
    deny from 91.76.104.227
    deny from 91.77.254.201
    deny from 92.100.125.189
    deny from 92.113.91.196
    deny from 92.241.169.168
    deny from 92.241.176.200
    deny from 92.48.84.209
    deny from 93.123.3.132
    deny from 93.174.93.221
    deny from 93.174.93.224
    deny from 93.189.56.218
    deny from 94.102.49.81
    deny from 94.0.0.0/8
    deny from 98.211.211.102
    deny from 98.215.105.161
    allow from all
    #end access blocking list

    This website works on WordPress (always the latest version!!!), there are loads of plugins that are very effective at keeping the crap out.

    It can be argued that it’s better to block at the web server level rather than after the queries are passed to the next levels in the software onion. This is true.

    It can also be argued that I need a life, and the WordPress software with over 600k downloads since Xmas and all it’s peer reviewed plugins fulfill this function for me. In tandem with my “lazy” approach to IP address blocking, this works well.

    There are a few key Apache statements that I’ve used over time in .htaccess to keep out certain sorts of nasties. Trial and error has led me to stick with a few core ones.

    I may list them, or maybe not. Sometimes it pays to be circumspect. Whatever, they are all widely available on the net, say on “Ask Apache” etc. The key things are to stop directory traversing/listing (noindexes), to only allow certain file types in certain folders (e.g. just gif|jpg in a picture folder), to use the minimum permissions (CHMOD) you can get away with (644,705 & 755 work well for me, depending on the folder) and to make .htaccess unwritable after it’s made. For WordPress, make sure /wp-admin/ has an .htaccess file of it’s own.

    Suggested WordPress Plugins to use, excl those above:
    WP – Security Scan,
    Wassup, dump the database for analyis and easy copy and paste of IP addresses into htaccess,
    wp-scanner activator

  2. So i get attached via my comment form…these are the ones i filtered…

    deny from 195.5.132.17
    deny from 210.17.23.201
    deny from 66.199.244.34
    deny from 217.141.250.204
    deny from 217.141.250.0/24
    deny from 80.75.6.70
    deny from 217.141.109.0/25
    deny from 217.141.109.128/26
    deny from 217.141.109.192/29
    deny from 217.141.109.200/30
    deny from 217.141.109.204/31
    deny from 72.249.182.43
    deny from 89.236.0.0/16
    deny from 216.195.0.0/16
    deny from 195.2.253.70
    deny from 58.65.234.33
    deny from 66.232.117.81
    deny from 58.65.234.121
    deny from 222.127.228.6
    deny from 58.65.237.197

  3. Current list at beginning September, 2008. I also use TanTanNoodles Spam Filter, Akismet, SABRE, wp-HashCash as well. I’m always twiddling to get the best mix/performance ratio for various plugins and techniques!

    #who has access who doesn’t
    order allow,deny
    deny from 12.178.36.25
    deny from 124.237.86.62
    deny from 125.34.226.234
    deny from 125.45.115.120
    deny from 125.83.89.68
    deny from 131.107.65.41
    deny from 144.229.34.5
    deny from 144.229.34.5
    deny from 160.114.38.82
    deny from 190.2.0.2
    deny from 190.69.75.27
    deny from 192.68.112.136
    deny from 192.116.79.226
    deny from 193.144.34.242
    deny from 193.167.80.3
    deny from 193.205.184.13
    deny from 193.46.236.152
    deny from 194.25.146.4
    deny from 194.186.188.47
    deny from 194.186.53.226
    deny from 194.6.220.83
    deny from 195.2.114.31
    deny from 195.2.114.32
    deny from 195.2.114.33
    deny from 195.225.178.15
    deny from 195.245.119.76
    deny from 195.3.146.12
    deny from 195.3.146.13
    deny from 196.203.190.226
    deny from 200.27.73.12
    deny from 200.35.147.20
    deny from 200.63.40/22
    deny from 200.63.42.136
    deny from 200.71.199.86
    deny from 201.27.161.218
    deny from 203.112.90.136
    deny from 203.162.2.133
    deny from 203.162.2.134
    deny from 203.162.2.136
    deny from 203.162.2.137
    deny from 204.9.184.229
    deny from 205.158.160.76
    deny from 206.53.61.4
    deny from 208.110.81.154
    deny from 208.187.80.135
    deny from 209.190.4.34
    deny from 210.0.198.81
    deny from 210.14.128.172
    deny from 210.22.158.132
    deny from 210.41.224.237
    deny from 212.115.225.21
    deny from 212.175.13.169
    deny from 212.23.21.100
    deny from 212.45.52.221
    deny from 212.45.52.221
    deny from 216.24.128.0/19
    deny from 216.24.131.152
    deny from 216.240.152.9
    deny from 217.146.246.8
    deny from 217.20.115.118
    deny from 217.75.158.160
    deny from 218.26.219.186
    deny from 218.61.16.8
    deny from 218.80.237.90
    deny from 219.117.216.130
    deny from 219.133.45.202
    deny from 219.148.206.37
    deny from 219.157.196.243
    deny from 219.157.196.243
    deny from 220.241.79.178
    deny from 24.1.39.117
    deny from 24.109.237.94
    deny from 38.99.101.151
    deny from 58.65.235.195
    deny from 58.65.235.196
    deny from 58.65.237.113
    deny from 58.65.239.146
    deny from 58.78.6.60
    deny from 59.165.2.234
    deny from 59.95.182.210
    deny from 61.152.95.162
    deny from 62.12.137.20
    deny from 62.149.67.49
    deny from 64.233.178.136
    deny from 64.233.179.101
    deny from 64.86.69.6
    deny from 64.94.4.196
    deny from 66.232.124.243
    deny from 66.235.180.189
    deny from 67.18.18.122
    deny from 67.180.173.189
    deny from 67.225.205.53
    deny from 68.227.127.221
    deny from 68.230.199.205
    deny from 72.219.149.226
    deny from 72.249.100.188
    deny from 72.48.170.214
    deny from 74.6.22.174
    deny from 75.126.3.177
    deny from 76.108.136.168
    deny from 77.70.106.4
    deny from 78.110.160.130
    deny from 78.157.143.140
    deny from 78.157.143.249
    deny from 79.189.230.227
    deny from 79.69.159.210
    deny from 80.234.10.228
    deny from 80.234.10.70
    deny from 80.234.3.150
    deny from 80.234.5.164
    deny from 80.234.5.225
    deny from 80.234.8.204
    deny from 80.234.8.56
    deny from 80.45.54.27
    deny from 81.156.125.244
    deny from 81.63.140.37
    deny from 81.88.210.27
    deny from 82.237.112.123
    deny from 83.105.26.98
    deny from 84.16.252.90
    deny from 85.140.66.78
    deny from 85.194.127.11
    deny from 85.225.117.179
    deny from 85.84.53.127
    deny from 86.96.227.70
    deny from 87.118.102.146
    deny from 87.118.112.50
    deny from 87.118.118.146
    deny from 87.118.120.127
    deny from 87.118.122.2
    deny from 87.118.122.58
    deny from 87.118.70.17
    deny from 88.200.145.197
    deny from 88.200.147.73
    deny from 88.200.253.47
    deny from 88.255.69.10
    deny from 88.83.59.3
    deny from 88.83.59.3
    deny from 88.84.200.121
    deny from 88.84.200.121
    deny from 89.149.227.193
    deny from 89.149.236.176
    deny from 89.149.241.229
    deny from 89.149.241.231
    deny from 89.149.254.13
    deny from 89.169.36.190
    deny from 89.18.166.90
    deny from 89.207.216.211
    deny from 89.207.216.212
    deny from 89.248.162.146
    deny from 91.76.104.227
    deny from 91.77.254.201
    deny from 92.100.125.189
    deny from 92.113.91.196
    deny from 92.241.169.168
    deny from 92.241.176.200
    deny from 92.48.84.209
    deny from 93.123.3.132
    deny from 93.174.93.221
    deny from 93.174.93.224
    deny from 93.189.56.218
    deny from 98.211.211.102
    deny from 98.215.105.161
    allow from all
    #end access blocking list

Comments are closed.