My spam Blocklist has been slowly growing since I created it in order to stem the tide of comment spam coming from Nobis/Ubiquity Server-owned address blocks. Ultimately I made the choice to block all the netblocks that they had allocated from ARIN and that seemed to have worked, up until today when I started getting comment spam from some brand new Nobis/Ubiquity addresses.
It would seem that they’ve got themselves a netblock from RIPE and started using that for spamming as well; the range in question is 184.108.40.206/27 but given their apparent dedication to illegal activity, it wouldn’t surprise me if others start popping up here and there as well. Thankfully, the relative scarcity of available IPv4 blocks is making it much tougher for these spamming fuckers to evade blocking mechanisms without resorting to botnets.
That said, when you’re getting more than 10 times as many spam comments as legitimate ones, it doesn’t exactly fill you with confidence that we’ll ever get a real handle on the problem.
Given that my blog is relatively low traffic, it’s remarkable just how many spam comments and hacking attempts I log daily. A good 50% or more of all the spam comments I get originate from the same place: Ubiquity Server Solutions/Nobis Technology Group, who share a couple of overlapping IP ranges and are somewhat notorious if my brief Googling is anything to go by. I’m a big fan of Hanlon’s Razor, but in this case I’m really not sure either way.
So, as of today, their entire ranges are blacklisted:
Deny from 220.127.116.11/22 #Ubiquity Server Solutions
Deny from 18.104.22.168/16 #Nobis Technology Group
I don’t like having to block entire /16 ranges because I know there are bound to be false positives in there somewhere, but frankly it’s the only way to make things manageable right now.
I expect to see my error.log grow exponentially over the next few days.
Update: And another range of theirs that was still spamming me…
Deny from 22.214.171.124/16 #Nobis Technology Group
Update: And yet another…
Deny from 126.96.36.199/16 #Nobis Technology Group
Update: Guess who…
Deny from 188.8.131.52/17 #Nobis Technology Group
Update: Right, let’s make this simple; courtesy of ARIN’s WHOIS Database
#All Nobis/Ubiquity ARIN Netblocks
Deny from 184.108.40.206/20
Deny from 220.127.116.11/23
Deny from 18.104.22.168/24
Deny from 22.214.171.124/17
Deny from 126.96.36.199/22
Deny from 188.8.131.52/18
Deny from 184.108.40.206/16
Deny from 220.127.116.11/16
Deny from 18.104.22.168/21
Deny from 22.214.171.124/16
Deny from 126.96.36.199/24
Deny from 188.8.131.52/23
Deny from 184.108.40.206/23
Deny from 220.127.116.11/24
Deny from 18.104.22.168/21
Deny from 22.214.171.124/23
Deny from 126.96.36.199/24
Deny from 188.8.131.52/23
Deny from 184.108.40.206/20
Deny from 220.127.116.11/24
Deny from 18.104.22.168/23
Deny from 22.214.171.124/17
Update: My complete comment spam blocklist is now available here.