LITTLEBLACKDOG.COM

Posted: Tue Aug 29, 2006 2:56 am Post subject:

Current domain banlist.

Code: Select all




# email domains banlist as of 28 August 2006


*@163.com      # Netease.com, Inc, Guangdong, CN


*@aichyna.com      # Aichyna Ltd, Minsk, BY (ipblock banned too)


*@berahe.info      # Leo Varsell, Miami, FL (probably faked)


*@bi-dating.info   # ESTDOMAINS spammers registry of choice


*@bk.ru         # part of MAIL.RU (also banned)


*@bookee.com      # Koreans


*@cashette.com      # Leon Zuo, Fremont, CA 


*@ccxt.info      # ESTDOMAINS spammers registry of choice


*@chcb.info      # ESTDOMAINS spammers registry of choice


*@corsa-tuning.info   # ESTDOMAINS spammers registry of choice


*@deo-vindice.info   # ESTDOMAINS spammers registry of choice


*@domain141.com      # domain removed


*@europe.com      # Gerald Gorman, Piscataway NJ


*@fanaticars.info   # ESTDOMAINS spammers registry of choice


*@faza.ru      # masterhost.ru


*@find-love.info   # ESTDOMAINS spammers registry of choice


*@for-fun.info      # ESTDOMAINS spammers registry of choice


*@foteret.info      # Tim Kromson, Miami FL (kerasifo.info) prob faked


*@freefreemail.info   # Russian, affiliated with mail.ru?


*@gawab.com      # Ali Meheilba, Alexandria EG (stupid scam amateurs)


*@gold2world.biz   # ESTDOMAINS spammers registry of choice


*@grifon.info      # ESTDOMAINS spammers registry of choice


*@inbox.ru      # mail.ru synonym


*@korsun.pp.ru      # "Private Person's domain"


*@list.ru      # synonym for mail.ru


*@mail.ru      # "Lycoski" infested with spammers


*@mail333.com      # RANET.RU/POCHTA.RU also banned IPblocks


*@moyareklama.ru   # yet another banned russian domain


*@msk.su      # RELCOM.RU synonym


*@muuh.info      # ESTDOMAINS spammers registry of choice


*@myxost.com      # Ilya Maltsev (probably faked)off mail.ru


*@ne-quid-nimis.info   # ESTDOMAINS spammers registry of choice


*@nil-admirari.info   # ESTDOMAINS spammers registry of choice


*@octivian.com      # SAV Inc. Praha, CZ


*@pisem.net      # Ranet.Ru - notorious


*@pochta.ru      # legendary


*@pooperduperz@gmail.com # some persistent wanker


*@porn.com      # World Bridge Corp, Panama City, Panama


*@portsaid.cc      # Gawab.com spinoff, same amateurs


*@prescrip.pl      # Polish registered Russian pill spammers


*@punkass.com      # HotPOP, Newton MA. Jerky.net/ HotPOP


*@qlfg.com      # ESTDOMAINS spammers registry of choice


*@rambler.ru      # spamhosters


*@sibmail.com      # tomtel.ru Tomsk, RU


*@skim.com      # net working AG, Zurich CH


*@smeh.info      # ESTDOMAINS spammers registry of choice


*@spambob.net      # ProtectFly.com


*@tele-vision.info   # ESTDOMAINS spammers registry of choice


*@tut.by      # hijacked by Russians


*@ukr.net      # Kiev UA


*@vxaz.com      # ESTDOMAINS spammers registry of choice


*@yandex.ru      # legendary


*@yufz.com      # nightmail.ru


cellphoneworldinc*@gmail.com


test@cpicvirac.com

Posted: Tue Aug 29, 2006 6:34 am Post subject:

There is a really crappy bug in the phpBB ban control. It substitutes 255 to be "*". So these fine people at Inhoster, who occupy an IP netblock at 85.255.112.0/19 can't be properly blocked. Bollocks. I bet they knew this.

Posted: Tue Aug 29, 2006 6:37 am Post subject:

EdisonRex wrote:
There is a really crappy bug in the phpBB ban control. It substitutes 255 to be "*". So these fine people at Inhoster, who occupy an IP netblock at 85.255.112.0/19 can't be properly blocked. Bollocks. I bet they knew this.

Shurely a php expert could rewrite the ban control?

Leg Humper Joined: 16 Jan 2002 Posts: 5401

edit the following lines in admin_user_ban.php:

$ip_list[] = encode_ip(str_replace('*', '255', trim($ip_list_temp[$i])));
$ban_ip = str_replace('255', '*', decode_ip($banlist[$i]['ban_ip']));

Posted: Wed Aug 30, 2006 2:32 am Post subject:

New version of IP range banlist. These are all known spammers of this forum, as well as other forums. Many are now cross referenced ipblocks with the domain names in the domain list as well, because it looks like they use the same domains to run the initial spam runs.

Placed here as a public service.

Changes since last:

fixed 85.0.0.0 sorta, don't ban all of 85.0.0.0, it's a pretty big chunk of the planet. You only really want to ban inhoster in that ipblock.
Added cashette.com's ipblock, as well as gawab.com, and all of mtu.ru.

Code: Select all




# IP bans as of 30 Aug 2006


# Banlist for phpBB forums. These are known forum spammers.


24.194.75.165      # ARIN, Roadrunner, Albany NY (net abuser)


59.176.0.0      # APNIC vsnl.net.in ("Indian" - actually Russian spammer)


59.177.0.0      # APNIC vsnl.net.in (full block is 59.176.0.0-59.185.255.255)


61.149.0.0      # APNIC CNCGroup Beijing (61.148.0.0-61.149.255.255)


61.17.213.0      # APNIC vsnl.net.in (61.17.0.0-61.17.255.255)


62.188.0.0      # RIPE MTU.RU (umostel.ru among many)


65.19.167.0      # ARIN Soft Profit Solutions Austin TX (65.19.167.0/27) 


67.18.109.66      # ARIN The Planet (Peaches Group Inc Stateline NV)


67.19.100.0      # ARIN The Planet (CPS Labs)


70.84.176.0      # ARIN The Planet (CPS Labs)


81.176.0.0      # RIPE RTCOMM.RU (81.176.0.0 /15)


81.177.0.0      # RIPE RTCOMM.RU (81.177.0.0 /15)


81.177.28.97      # RIPE RTCOMM.RU (Agava Software Dolgoprudny RU)


81.199.0.0      # RIPE GilatSatcom - Israel (81.199.0.0 /22) -Nigerians


82.179.172.0      # RIPE RUNNET.RU - (Ilca.ru)


82.199.0.0      # RIPE RBNET.NO - (82.199.0.0 /19)


83.229.0.0      # RIPE Skyvision.net (83.229.0.0 /17) -Terracom Rwanda- Nigerians


85.255.112.0 /19   # RIPE INHOSTER.COM (worst of the worst)


194.135.26.0      # RIPE RELCOM.RU Moscow 


196.207.0.210      # AFRINIC (HSE Services Limited, Lagos NG 196.207.0.208 - .211)


196.29.0.0      # AFRINIC big hammer (ZA, ZW, NG, etc) need granularity 


196.3.0.0      # AFRINIC (also Jamaica, more Nigerians)


203.129.0.0      # APNIC - Pakistan/India


207.226.162.0      # Traffman/Hinter etc - spambots


208.21.175.0      # ARIN - Synaptix Domains, Richardson TX (Gawab.com!)


210.50.228.6      # APNIC - IPRIMUS.NET, Sydney, AU (210.50.128.0-210.50.255.255)


212.178.7.0      # RIPE - NLTREE.NL Educatiefnet BV (the /24)


213.184.232.0      # RIPE - AICHYNA.COM - Belarus - 


216.39.90.0      # ARIN - Layered Technologies, Frisco, TX


216.218.158.0      # ARIN - Hurricane (Cashette.com - forum spammers)


216.139.164.0      # ARIN - PanAmSat Corporation Ellenwood GA (numerous nigerians)


217.106.0.0      # RIPE - RTCOMM.RU Moscow RU (massive spamhosters)


217.107.0.0      # RIPE - RTCOMM.RU (217.106.0.0-217.107.255.255)


218.104.134.38      # APNIC - CHINA-NETCOM.COM Xiamen City CN 


221.135.0.0      # APNIC - SIFYCORP.COM - Taramani, Chennai, IN


221.220.0.0      # APNIC - CHINA-NETCOM.COM Beijing (pervasive spamhosting)

Posted: Wed Aug 30, 2006 6:32 am Post subject:

I'm going to ask a total noob question - and I should know this, but:

What does the slash mean in the IP address?

For instance:

Quote:
85.255.112.0 /19

How does this differ from an IP range?

Posted: Wed Aug 30, 2006 6:39 am Post subject:

gregw wrote:
I'm going to ask a total noob question - and I should know this, but:

What does the slash mean in the IP address?

For instance:
Quote:
85.255.112.0 /19

How does this differ from an IP range?

http://xtronics.com/reference/ip-subnetmasks.htm

It defines the actual ip range. in their case, their netblock starts at 85.255.112.0 and goes on to 85.255.146.255, a total of 32 subnets. Their subnet mask is 255.255.224.0.

Posted: Wed Aug 30, 2006 6:43 am Post subject:

Thanks Ed.

Posted: Wed Aug 30, 2006 12:30 pm Post subject:

On the domain names to ban, add the following one:

*@uaxc.com (another domain brought to you by estdomains, the choice of spammers)

Oh! and the source of the domains is calpop, Core Express,

64.69.39.140 unassigned.calpop.com (again)

they've probably hijacked them, but block that whole ipblock class C anyway.

So I'm blocking 64.69.39.0 /24

Oh! And this just in:

Abuse line at mailshack wrote:

On 8/28/06, Nerdshack Abuse Staff <abuse@nerdshack.com> wrote:

Thank you for the report. The account val2val is now locked. Please
continue to let us know if you see any additional spam from the
nerdshack.com or mailshack.com domains.

So they're actually good guys.

Posted: Wed Aug 30, 2006 1:19 pm Post subject:

EdisonRex wrote:
On the domain names to ban, add the following two:

*@uaxc.com (another domain brought to you by estdomains, the choice of spammers)

Oh! and the source of the domains is calpop, Core Express,

64.69.39.140 unassigned.calpop.com (again)

they've probably hijacked them, but block that whole ipblock class C anyway.

So I'm blocking 64.69.39.0 /24

How does the block manifest itself? That is, what does the would-be spammer (or unfortunate customer of the spam-friendly ISP) see if he (she?) attempts to get to the site?

Posted: Wed Aug 30, 2006 1:46 pm Post subject:

They get a message saying they have been banned, contact an administrator.

EEps · Posted: Wed Aug 30, 2006 2:36 pm Post subject:

EdisonRex wrote:
They get a message saying they have been banned, contact an administrator.

Muahahahahahahahaha... Evil Smile

Posted: Wed Aug 30, 2006 2:55 pm Post subject:

BamZipPow wrote:
EdisonRex wrote:
They get a message saying they have been banned, contact an administrator.

Muahahahahahahahaha...

I see someone has been playing Evil Genious. Smile

/Akely

Posted: Sat Sep 02, 2006 1:27 am Post subject:

Added 66.232.109.0 /24 today (blackdaddy.net, computercor.biz)
from Detroit, NOC4Hosts Inc. Someone in Detroit wants to look them up, be my guest.

also 209.63.57.0 /24 (freecities.com -> www1.0catch.com -> Electric Lightwave Inc, vancouver wa ??) the nameservers for freecities and their ns authority netgears.com are hosted with Rackspace, which has a reputation.

That was another one of those xanax sites.

Posted: Fri Sep 08, 2006 8:56 am Post subject:

Code: Select all




# IP bans as of 08 Sep 2006


# Banlist for phpBB forums. These are known forum spammers.


59.26.188.0      # Korea Telecom - memberlist spammer


59.176.0.0      # APNIC vsnl.net.in ("Indian" - actually Russian spammer)


59.177.0.0      # APNIC vsnl.net.in (full block is 59.176.0.0-59.185.255.255)


61.149.0.0      # APNIC CNCGroup Beijing (61.148.0.0-61.149.255.255)


61.17.213.0      # APNIC vsnl.net.in (61.17.0.0-61.17.255.255)


62.188.0.0      # RIPE MTU.RU (umostel.ru among many)


64.69.39.0      # ARIN Core Express - Calpop 


65.19.167.0      # ARIN Soft Profit Solutions Austin TX (65.19.167.0/27)


66.232.109.0      # ARIN NOC4HOSTS Inc. Tampa FL 


67.18.109.66      # ARIN The Planet (Peaches Group Inc Stateline NV)


67.19.100.0      # ARIN The Planet (CPS Labs)


69.31.0.0      # ARIN nLayer Communications Ashburn VA 


70.84.176.0      # ARIN The Planet (CPS Labs)


81.176.0.0      # RIPE RTCOMM.RU (81.176.0.0 /15)


81.177.0.0      # RIPE RTCOMM.RU (81.177.0.0 /15)


81.177.28.97      # RIPE RTCOMM.RU (Agava Software Dolgoprudny RU)


81.199.0.0      # RIPE GilatSatcom - Israel (81.199.0.0 /22) -Nigerians


81.208.95.0      # RIPE Fastweb- Hewlett Packard Italy - memberlist spam


82.179.172.0      # RIPE RUNNET.RU - (Ilca.ru)


82.199.0.0      # RIPE RBNET.NO - (82.199.0.0 /19)


83.229.0.0      # RIPE Skyvision.net (83.229.0.0 /17) -Terracom Rwanda- Nigerians


84.23.0.0      # RIPE IMSYS.RU memberlist spammer


85.255.112.0 /19   # RIPE INHOSTER.COM (worst of the worst)


87.245.137.0      # RIPE "Infrastroy Bykovo" comcor.ru memberlist spam attempt


193.252.118.101      # RIPE Wanadoo Portails - memberlist spammer


194.44.141.0      # RIPE UARNet, Ukrainian Academic and Research Network, memberlist spam


194.135.26.0      # RIPE RELCOM.RU Moscow


195.95.218.0      # RIPE INHOSTER Kiev Ukraine spamhoster


195.95.219.0      # RIPE INHOSTER Kiev Ukraine memberlist/content spam malware links 


196.207.0.210      # AFRINIC (HSE Services Limited, Lagos NG 196.207.0.208 - .211)


196.29.0.0      # AFRINIC big hammer (ZA, ZW, NG, etc) need granularity 


196.3.0.0      # AFRINIC (also Jamaica, more Nigerians)


200.30.138.0      # LACNIC Newcom El Salvador memberlist skimmer


202.54.0.0      # APNIC VSNL Forum spammers


202.101.0.0      # APNIC Shanghai-Jiading Telecom Bureau - forum spammers online


203.129.0.0      # APNIC - Pakistan/India


203.190.250.0      # APNIC TOT Intl Internet Gateway forum spammer


207.226.162.0      # Traffman/Hinter etc - spambots


208.21.175.0      # ARIN - Synaptix Domains, Richardson TX (Gawab.com!)


209.63.0.0      # ARIN - Electric Lightwave Vancouver WA Spamhost


210.50.228.6      # APNIC - IPRIMUS.NET, Sydney, AU (210.50.128.0-210.50.255.255)


212.13.99.0      # RIPE - Russian Central Telegraph, Moscow


212.48.153.0      # RIPE - Newhost hosting service, Moscow RU


212.178.7.0      # RIPE - NLTREE.NL Educatiefnet BV (the /24)


213.184.232.0      # RIPE - AICHYNA.COM - Belarus - 


216.39.90.0      # ARIN - Layered Technologies, Frisco, TX


216.218.158.0      # ARIN - Hurricane (Cashette.com - forum spammers)


216.139.164.0      # ARIN - PanAmSat Corporation Ellenwood GA (numerous nigerians)


217.106.0.0      # RIPE - RTCOMM.RU Moscow RU (massive spamhosters)


217.107.0.0      # RIPE - RTCOMM.RU (217.106.0.0-217.107.255.255)


218.0.204.0      # APNIC CHINANET-ZJ Zhejiang memberlist spammers


218.104.134.38      # APNIC - CHINA-NETCOM.COM Xiamen City CN 


221.135.0.0      # APNIC - SIFYCORP.COM - Taramani, Chennai, IN


221.220.0.0      # APNIC - CHINA-NETCOM.COM Beijing (pervasive spamhosting)