News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • List of Spambot IPs

    Posted on E Pericoloso Sporgersi Comment on the AskWoody Lounge

    Home Forums Tools List of Spambot IPs

    Tagged: 

    This topic contains 2 replies, has 3 voices, and was last updated by  PKCano 1 week, 4 days ago.

    • Author
      Posts
    • #1949275 Reply

      E Pericoloso Sporgersi
      AskWoody Plus

      About 3 – 4 weeks ago a new spambot must have gone on sale, because since then the forum where I’m assistent moderator, is experiencing an onslaught of registration attempts by spambots.

      I’ve been banning those pesky spambots and compiling a list of their IP addresses (IPv4).
      I include IPs so marked by https://www.stopforumspam.com/search and by http://botscout.com/

      I then wanted to sort the IPv4 addresses in ascending order, to detect possible IP-ranges. To that end, I imported the list in a spreadsheet with the first byte in column A, the second byte in column B, and so on.

      If anybody is interested in that sorted list, you can download the file from: https://app.box.com/shared/static/xmnp1jnagtm6p27hpvo2g8ax4g15i4xi.xls .

      Of course this list will continue to grow. I expect a significant weekly increase. I can refresh that downloadable spreadsheet file every week if desired, but you’ll have to send me a PM to request it each time you want a new file.

      But now there are two questions nagging me:
      1. Is this list actually useful? 

      2. Or do spambots use a proxy and/or a VPN? In which case my list is a waste of time. 

    • #1949432 Reply

      mn–
      AskWoody Lounger

      But now there are two questions nagging me:
      1. Is this list actually useful? 

      2. Or do spambots use a proxy and/or a VPN? In which case my list is a waste of time.

      1. Yes… somewhat. Not conclusive unless you can also classify IPs by type. Also spambots don’t typically use one address very long.

      2. Yes, and some of those addresses seem to be VPN endpoints. Others would seem to be residential subscribers… easy targets for hijack victims. (Hijack as a proxy and they may never even notice.)

      What you really “should” do is take the addresses, then pass them through a whois lookup, then report the spambot to the contact listed there.

      Banning an address for a week and seeing if they keep trying from it before complaining should reduce the list significantly, but then you’re still left with the VPN endpoints, and dynamic IP ranges.

      Such as, taking one address (212.224.112.243) from your list:

      $ whois 212.224.112.243
      % This is the RIPE Database query service.
      % The objects are in RPSL format.
      %
      % The RIPE Database is subject to Terms and Conditions.
      % See http://www.ripe.net/db/support/db-terms-conditions.pdf
      
      % Note: this output has been filtered.
      %       To receive output for a database update, use the “-B” flag.
      
      % Information related to ‘212.224.112.0 – 212.224.112.255’
      
      % Abuse contact for ‘212.224.112.0 – 212.224.112.255’ is ‘abuse@first-colo.net’
      
      inetnum:        212.224.112.0 – 212.224.112.255
      netname:        DE-FORNEX
      descr:          http://www.fornex.com, Fornex Hosting S.L
      country:        DE
      admin-c:        COLO-RIPE
      tech-c:         COLO-RIPE
      remarks:        ——————————————————-
      remarks:        — please report spam/abuse to abuse@first-colo.net —
      remarks:        —- reports to other addresses won’t be processed —-
      remarks:        ——————————————————-
      status:         ASSIGNED PA
      mnt-by:         MNT-FIRSTCOLO
      created:        2011-10-07T09:12:14Z
      last-modified:  2013-07-23T10:07:53Z
      source:         RIPE
      
      role:           First Colo Ripe Coordination
      address:        First Colo GmbH
      address:        Hanauer Landstr. 291b
      address:        D-60314 Frankfurt am Main
      address:        Germany
      phone:          +49-(0)69-120069-0
      fax-no:         +49-(0)69-120069-55
      abuse-mailbox:  abuse@first-colo.net
      remarks:
      remarks:        * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
      remarks:        * Complaints about internet abuse like spam, hack attacks, scans, etc. *
      remarks:        * please mail to: –> abuse [@] first-colo [.] net <– *
      remarks:        * Requests from law enforcement (only!), send fax to: +49 (0) 69 1200 69 55 *
      remarks:        * Inquiries can only be processed, if sent to the correct address. *
      remarks:        * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
      remarks:
      admin-c:        LEKR-RIPE
      tech-c:         LEKR-RIPE
      tech-c:         LEKR-RIPE
      nic-hdl:        COLO-RIPE
      mnt-by:         MNT-FIRSTCOLO
      created:        2007-09-28T19:01:39Z
      last-modified:  2018-09-28T08:47:18Z
      source:         RIPE # Filtered
      
      % Information related to ‘212.224.112.0/20AS44066’
      
      route:          212.224.112.0/20
      descr:          First Colo via AS44066
      origin:         AS44066
      mnt-by:         MNT-FIRSTCOLO
      created:        2011-03-29T22:46:30Z
      last-modified:  2011-03-29T22:46:30Z
      source:         RIPE
      
      % This query was served by the RIPE Database Query Service version 1.94.1 (ANGUS)
      1 user thanked author for this post.
    • #1949436 Reply

      PKCano
      Da Boss

      I have found CleanTalk to be another good source of information.

      2 users thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: List of Spambot IPs

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.