Page 2 of 2 FirstFirst 12
Results 21 to 37 of 37

Thread: Digital Ocean?

  1. #21
    -Shay- is offline Public Member
    Join Date
    November 2012
    Posts
    3,062
    Thanks
    12,211
    Thanked 3,133 Times in 1,686 Posts

    Default

    Drake Holdings LLC as well should be added to the list of things to block. 204.79.180.86. Plenty of visits with no useful purpose.

  2. The Following User Says Thank You to -Shay- For This Useful Post:

    TheGooner (22 March 2016)

  3. #22
    -Shay- is offline Public Member
    Join Date
    November 2012
    Posts
    3,062
    Thanks
    12,211
    Thanked 3,133 Times in 1,686 Posts

    Default

    Getting a number of hits "similar to" the ones I mentioned in the original post. This time, the logs show addresses assigned to "GOOGLE-CLOUD".
    Last edited by -Shay-; 8 April 2016 at 7:17 am.

  4. #23
    -Shay- is offline Public Member
    Join Date
    November 2012
    Posts
    3,062
    Thanks
    12,211
    Thanked 3,133 Times in 1,686 Posts

    Default

    On a somewhat related note to this thread I started, I put in a range of ip's to block. Despite setting this block up via htaccess, I still receive traffic from within the blocked range. How is this possible - assuming I've set htaccess correctly?

  5. #24
    TheGooner's Avatar
    TheGooner is offline Private Member
    Join Date
    March 2007
    Location
    New Zealand
    Posts
    4,264
    Thanks
    1,952
    Thanked 4,213 Times in 2,005 Posts

    Default

    Shay, it shouldn't be ... the server should detect the IP range and then act on instructions ...

    So let's check some basics ....

    1/ Correct format ?

    I assume that you are using the follow in .htaccess:

    order allow,deny
    allow from all
    deny from xxx.xx.xx.xx

    The more specific deny range should take precedence and block access ...

    2/ How are you detecting the traffic ?
    How are you detecting the ip address as accessing your site?
    If it's in your server error log as being denied - then you did block it ...

  6. The Following User Says Thank You to TheGooner For This Useful Post:

    universal4 (8 May 2016)

  7. #25
    Sherlock's Avatar
    Sherlock is offline Public Member
    Join Date
    December 2013
    Location
    WC
    Posts
    4,181
    Thanks
    1,262
    Thanked 3,282 Times in 1,824 Posts

    Default

    I am blocking this **** for long time, using all rows with "digital ocean" here: http://bgp.he.net/search?search%5Bse...&commit=Search

    There are much more (cloud)hosting networks worth of blocking, e.g. Hetzner.
    We are all bloodsucking ticks, hungry, devious
    each one latched on to the ass of the previous
    when the last and the first latch on it can be shown
    ass-blood sucked by the first from the last is his own

  8. #26
    universal4's Avatar
    universal4 is online now Forum Administrator
    Join Date
    July 2003
    Location
    Courage is being scared to death...and saddling up anyway. John Wayne
    Posts
    28,096
    Thanks
    2,251
    Thanked 7,943 Times in 5,010 Posts

    Default

    It is interesting you mentioned Hetzner. I do see some bad actors some times there but not as often as a handful of others (example OVH)

    They are a fairly well know host in Germany, South Africa as well as a few other countries.

    Are you saying you have blocked all of Hetzner's subnets, or have you defined a handful of their worst offenders?

    Rick
    Universal4


    But for digital ocean, I am interested to see if shay maybe catches a syntax error, after he takes another look based upon Gooner's suggested syntax.

    let us know Shay, maybe you have defined the subnet incorrectly, the /24 (slash 24) would be a class c, although if you are using the list googner or I sent if I recall there were a handful of larger blocks. If you look at the link Sherlock posted, you can verify the subnets by clicking the ASxxxx link and then choosing the prefix v4 tab.

    This will show you the subnet cidr, as an example 45.55.100.0/22 which is 4 class c's 100.xxx, 101.xxx, 102.xxx and 103.xxx

  9. #27
    Sherlock's Avatar
    Sherlock is offline Public Member
    Join Date
    December 2013
    Location
    WC
    Posts
    4,181
    Thanks
    1,262
    Thanked 3,282 Times in 1,824 Posts

    Default

    Yes OVH is another one. Blocked them all, including our own database on OVH Guys did not like me.

    Yes, I block also all Hetzner. It is possible I am overdoing it, but I do.
    We are all bloodsucking ticks, hungry, devious
    each one latched on to the ass of the previous
    when the last and the first latch on it can be shown
    ass-blood sucked by the first from the last is his own

  10. #28
    universal4's Avatar
    universal4 is online now Forum Administrator
    Join Date
    July 2003
    Location
    Courage is being scared to death...and saddling up anyway. John Wayne
    Posts
    28,096
    Thanks
    2,251
    Thanked 7,943 Times in 5,010 Posts

    Default

    Thanks Sherlock,

    I certainly took an aggressive attitude with OVH on some servers and others I just block subnets as needed.....the abuse department at OVH and I are certainly not real good friends....but I still file reports there regularly and document the abuse.

    Rick
    Universal4

  11. #29
    Sherlock's Avatar
    Sherlock is offline Public Member
    Join Date
    December 2013
    Location
    WC
    Posts
    4,181
    Thanks
    1,262
    Thanked 3,282 Times in 1,824 Posts

    Default

    yes i forgot to mention that the reason why i posted the digital ocean is that they have either recently added new blocks or i did not block everything before; it is just few days when i discovered new IPs of them
    We are all bloodsucking ticks, hungry, devious
    each one latched on to the ass of the previous
    when the last and the first latch on it can be shown
    ass-blood sucked by the first from the last is his own

  12. #30
    universal4's Avatar
    universal4 is online now Forum Administrator
    Join Date
    July 2003
    Location
    Courage is being scared to death...and saddling up anyway. John Wayne
    Posts
    28,096
    Thanks
    2,251
    Thanked 7,943 Times in 5,010 Posts

    Default

    Good point I will keep this in mind.

    Rick
    Universal4

  13. #31
    -Shay- is offline Public Member
    Join Date
    November 2012
    Posts
    3,062
    Thanks
    12,211
    Thanked 3,133 Times in 1,686 Posts

    Default

    Quote Originally Posted by TheGooner View Post
    Shay, it shouldn't be ... the server should detect the IP range and then act on instructions ...

    So let's check some basics ....

    1/ Correct format ?

    I assume that you are using the follow in .htaccess:

    order allow,deny
    allow from all
    deny from xxx.xx.xx.xx

    The more specific deny range should take precedence and block access ...

    2/ How are you detecting the traffic ?
    How are you detecting the ip address as accessing your site?
    If it's in your server error log as being denied - then you did block it ...

    The format I am using is as follows:

    Order Deny,Allow
    #Start of blocking code for IP range: xxx.xxx.x.x - yyy.yyy.yyy.yyy
    Deny from xxx.xxx.x.x/zz
    #End of blocking code for IP range: xxx.xxx.x.x - yyy.yyy.yyy.yyy

    with zz being the appropriate range.

    I am going through and comparing my server log, error log, and external stats programs, which I do somewhat regularly. For some of the AFRINIC ip ranges that are blocked, I see traffic (post block) on my server logs and my external stats program - but no matches on my error logs. This leads me to believe that the ips I've already blocked are still able to access my site. Am I misunderstanding or misinterpreting perhaps?

  14. #32
    TheGooner's Avatar
    TheGooner is offline Private Member
    Join Date
    March 2007
    Location
    New Zealand
    Posts
    4,264
    Thanks
    1,952
    Thanked 4,213 Times in 2,005 Posts

    Default

    No - I think you are right - based on that you are not blocking them correctly.

    What you might have is a problem with the comments ...

    I had a similar issue - and was scratching my head over it when I read that the the comments in .htaccess files are VERY fussy and the best recommendation is to keep them very simple (# is character 1 in comment lines and no addresses or special characters in comments).

    I was dubious - but made the changes and immediately the blocking was working better / correctly

  15. The Following 2 Users Say Thank You to TheGooner For This Useful Post:

    -Shay- (9 May 2016), universal4 (9 May 2016)

  16. #33
    universal4's Avatar
    universal4 is online now Forum Administrator
    Join Date
    July 2003
    Location
    Courage is being scared to death...and saddling up anyway. John Wayne
    Posts
    28,096
    Thanks
    2,251
    Thanked 7,943 Times in 5,010 Posts

    Default

    Wow that is a good point Gooner.

    Were you able to determine which characters caused the problems? I wonder if it is the dot (.)

    Great information regardless.

    Rick
    Universal4

  17. #34
    -Shay- is offline Public Member
    Join Date
    November 2012
    Posts
    3,062
    Thanks
    12,211
    Thanked 3,133 Times in 1,686 Posts

    Default

    Quote Originally Posted by TheGooner View Post
    No - I think you are right - based on that you are not blocking them correctly.

    What you might have is a problem with the comments ...

    I had a similar issue - and was scratching my head over it when I read that the the comments in .htaccess files are VERY fussy and the best recommendation is to keep them very simple (# is character 1 in comment lines and no addresses or special characters in comments).

    I was dubious - but made the changes and immediately the blocking was working better / correctly
    I've made this adjustment and will monitor to see if I still experience the same issues. Thank you for the tip!

  18. The Following 2 Users Say Thank You to -Shay- For This Useful Post:

    TheGooner (10 May 2016), universal4 (10 May 2016)

  19. #35
    ACE1 is offline Public Member
    Join Date
    October 2014
    Posts
    22
    Thanks
    0
    Thanked 3 Times in 3 Posts

    Default

    Can you please tell us more about Digital Ocean?

  20. #36
    TheGooner's Avatar
    TheGooner is offline Private Member
    Join Date
    March 2007
    Location
    New Zealand
    Posts
    4,264
    Thanks
    1,952
    Thanked 4,213 Times in 2,005 Posts

    Default

    If people are in a banning mood - then GHOSTnet GmbH from Germany are a good option.
    A server farm with spammers / harvesters that just runs through all your pages as fast as possible.

    #GHOSTnet GmbH
    deny from 5.231.0.0/16
    deny from 5.230.0.0/16
    deny from 5.175.128.0/17

    That's not all of them - but it is the major offenders

  21. The Following User Says Thank You to TheGooner For This Useful Post:

    -Shay- (16 May 2016)

  22. #37
    universal4's Avatar
    universal4 is online now Forum Administrator
    Join Date
    July 2003
    Location
    Courage is being scared to death...and saddling up anyway. John Wayne
    Posts
    28,096
    Thanks
    2,251
    Thanked 7,943 Times in 5,010 Posts

    Default

    Thanks, I too have seen a rather large increase from some of their subnets lately too.

    Rick
    Universal4

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •