Given that my blog is relatively low traffic, it’s remarkable just how many spam comments and hacking attempts I log daily. A good 50% or more of all the spam comments I get originate from the same place: Ubiquity Server Solutions/Nobis Technology Group, who share a couple of overlapping IP ranges and are somewhat notorious if my brief Googling is anything to go by. I’m a big fan of Hanlon’s Razor, but in this case I’m really not sure either way.
So, as of today, their entire ranges are blacklisted:
Deny from 220.127.116.11/22 #Ubiquity Server Solutions Deny from 18.104.22.168/16 #Nobis Technology Group
I don’t like having to block entire /16 ranges because I know there are bound to be false positives in there somewhere, but frankly it’s the only way to make things manageable right now.
I expect to see my error.log grow exponentially over the next few days.
Update: And another range of theirs that was still spamming me…
Deny from 22.214.171.124/16 #Nobis Technology Group
Update: And yet another…
Deny from 126.96.36.199/16 #Nobis Technology Group
Update: Guess who…
Deny from 188.8.131.52/17 #Nobis Technology Group
Update: Right, let’s make this simple; courtesy of ARIN’s WHOIS Database
#All Nobis/Ubiquity ARIN Netblocks Deny from 184.108.40.206/20 Deny from 220.127.116.11/23 Deny from 18.104.22.168/24 Deny from 22.214.171.124/17 Deny from 126.96.36.199/22 Deny from 188.8.131.52/18 Deny from 184.108.40.206/16 Deny from 220.127.116.11/16 Deny from 18.104.22.168/21 Deny from 22.214.171.124/16 Deny from 126.96.36.199/24 Deny from 188.8.131.52/23 Deny from 184.108.40.206/23 Deny from 220.127.116.11/24 Deny from 18.104.22.168/21 Deny from 22.214.171.124/23 Deny from 126.96.36.199/24 Deny from 188.8.131.52/23 Deny from 184.108.40.206/20 Deny from 220.127.116.11/24 Deny from 18.104.22.168/23 Deny from 22.214.171.124/17
Update: My complete comment spam blocklist is now available here.