Tag Archives: Apache

Spamming Bastards: Part Deux

Posted by on 12/12/2011 4 comments

My spam Blocklist has been slowly growing since I created it in order to stem the tide of comment spam coming from Nobis/Ubiquity Server-owned address blocks. Ultimately I made the choice to block all the netblocks that they had allocated from ARIN and that seemed to have worked, up until today when I started getting comment spam from some brand new Nobis/Ubiquity addresses.

It would seem that they’ve got themselves a netblock from RIPE and started using that for spamming as well; the range in question is 176.31.50.64/27 but given their apparent dedication to illegal activity, it wouldn’t surprise me if others start popping up here and there as well. Thankfully, the relative scarcity of available IPv4 blocks is making it much tougher for these spamming fuckers to evade blocking mechanisms without resorting to botnets.

That said, when you’re getting more than 10 times as many spam comments as legitimate ones, it doesn’t exactly fill you with confidence that we’ll ever get a real handle on the problem.

Spamming Bastards

Posted by on 20/06/2011 2 comments

Given that my blog is relatively low traffic, it’s remarkable just how many spam comments and hacking attempts I log daily. A good 50% or more of all the spam comments I get originate from the same place: Ubiquity Server Solutions/Nobis Technology Group, who share a couple of overlapping IP ranges and are somewhat notorious if my brief Googling is anything to go by. I’m a big fan of Hanlon’s Razor, but in this case I’m really not sure either way.

So, as of today, their entire ranges are blacklisted:

Deny from 173.208.100.0/22 #Ubiquity Server Solutions
Deny from 108.62.0.0/16 #Nobis Technology Group

I don’t like having to block entire /16 ranges because I know there are bound to be false positives in there somewhere, but frankly it’s the only way to make things manageable right now.

I expect to see my error.log grow exponentially over the next few days.

Update: And another range of theirs that was still spamming me…

Deny from 173.234.0.0/16 #Nobis Technology Group

Update: And yet another…

Deny from 23.19.0.0/16 #Nobis Technology Group

Update: Guess who…

Deny from 64.120.0.0/17 #Nobis Technology Group

Update: Right, let’s make this simple; courtesy of ARIN’s WHOIS Database

#All Nobis/Ubiquity ARIN Netblocks
Deny from 70.32.32.0/20
Deny from 67.201.48.0/23
Deny from 72.37.145.0/24
Deny from 173.208.0.0/17
Deny from 69.174.60.0/22
Deny from 174.34.128.0/18
Deny from 173.234.0.0/16
Deny from 108.62.0.0/16
Deny from 72.37.224.0/21
Deny from 23.19.0.0/16
Deny from 72.37.237.0/24
Deny from 72.37.218.0/23
Deny from 72.37.222.0/23
Deny from 72.37.221.0/24
Deny from 67.201.0.0/21
Deny from 72.37.242.0/23
Deny from 67.201.40.0/24
Deny from 72.37.246.0/23
Deny from 216.6.224.0/20
Deny from 72.37.204.0/24
Deny from 69.147.224.0/23
Deny from 64.120.0.0/17

Update: My complete comment spam blocklist is now available here.