Monday, May 29, 2006

ServePath to more IPs

Just after I blocked the last batch of IPs from ServePath someone popped up on yet a new location ranging from 69.59.128.0 to 69.59.191.255 . All of their reverse DNS starts with "customer-reverse-entry." so I think I'll just zap them by that host address phrase and save some trouble here.

2 comments:

Anonymous said...

Along with the other ServePath range you mentioned a couple of days ago, that's a big range of IPs to block in one go! Something I've been thinking about whilst reading your site for a while is what do you do if you make a mistake and block off a whole load of IPs and actually prevent legitimate traffic hitting your site, and don't realise for a few weeks after- are you cataloging and appending decent notes with each ban? Just trying to get my ead around your system since mine is pretty simplistic (.htaccess Deny from aaa.bbb.ccc.ddd; omitting ccc or ddd if its a large range etc).

IncrediBILL said...

First, before I ban a big block like that I check their web site to verify it's hosting only, no humans should be involved.

Next, I monitor the activity daily and every site that comes from a banned range of IPs pops up an error in real time and I go look to see what they did.

If it's legit traffic I'll revise what I'm doing, but so far so good in that I'm not seeing anything but crap from the ranges I've discussed.

To be fair, I don't even post them unless I'm pretty sure it's crap. I have a BUNCH that I'm monitoring that you people aren't even aware of at this time.

Before I drop the hammer on them, I look at the historical activity log to make sure they've been bad more than once, then I put them on double secret probation and wait and see what happens, and usually it's nonsense hitting my server non-stop.

I will assume eventually we'll find some legitimate company like a link checker service or something hosting with a bunch of wackos, and exceptions will have to be made.