Recent Topics

Knowing what IPs to block?

started by on Oct 17, 2012 – Last touched: Mar 29, 2013

Oct 17, 2012 16:22    

I'm trying to figure out which IP addresses I need to block because of spam. I did a WhoIs search for one of the IPs that showed in my "Stats" and I'm not quite sure what to do.

The WhoIs query came back with the following:

[Querying whois.arin.net]
[Redirected to whois.apnic.net]
[Querying whois.apnic.net]
[whois.apnic.net]
% [whois.apnic.net node-1]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

inetnum: 110.80.0.0 - 110.87.255.255
netname: CHINANET-FJ
descr: CHINANET FUJIAN PROVINCE NETWORK
descr: China Telecom
descr: No.31,jingrong street
descr: Beijing 100032
country: CN
admin-c: CH93-AP
tech-c: CA67-AP
remarks: service provider

The IP in question is - 110.86.186.99. Now, would I want to block just 110.86.186.99? Or the entire range of 110.80.0.0 - 110.87.255.255?

I've been going through and just blocking single IPs of ones that look suspicious. But, if blocking the whole range would be the best way I'll start doing that.

Any info/reply on this would be greatly appreciated. Thanks in advance.

Oct 20, 2012 17:58

If this is a random spammer on a random IP from a Chinese ISP, blocking the address will block him until he gets a new IP. Once he gets a new IP there is no guarantee it's in the same range or not.

If you don't want any comments from China at all, we'll have a solution for that in v5 ;)

Mar 25, 2013 06:31

How far away are we from where it would be okay to run v5 on my main blog (which has two other domains pointed at it.).

My site seem to have gotten unreliable recently...thought the mysql backend wasn't keeping up like I needed it to....but then I noticed that I've been climbing rather quickly to 80,000+ hits per day.

So, I looked at stats....and its all direct browser hits...large clusters of an IP fetching 100+ pages in less than a minute, and then another IP doing the same thing, and so on....and different ones doing different sets of pages, but there's only a few sets among the IPs.

And, 99% of the IPs are from China.

At first I was blocking individual IPs....after a while, I started looking up and blocking the whole ISP....then I thought I could may do an sql query of my hitlog and generate a list of IPs to block...(did a distinct and count type query)...but then how do I figure out which ones are bad. And, which ones are....ok?

#5 on the list is an IP that belongs to google....has google become evil yet?

Ended up going back to figuring out the ip ranges to block....almost feels like I'm blocking all of China now....after a day, direct browser hits had dropped to ~3k, but it has started up again again as I didn't get all the China ISPs....though now I'm starting see some HK and JP ISPs too....

The Dreamer.


Form is loading...

powered by b2evolution – This forum is powered by b2evolution CMS, a complete engine for your website.