IP bans for botnets
BotB Academy Bug Reports and Feature Requests
Level 27 Renderist
post #100823 :: 2018.06.12 4:27pm :: edit 2018.06.19 7:05am
  Tilde, garvalf, sc, Salsaraujo, lanzhing, tennisers, malmen, tothejazz, VirtualMan, ipi, gotoandplay, kinkinkijkin, petet, anewuser, kleeder, MiDoRi and Slimeball liēkd this
The botnet range of "54.36.14*.*" is generating a lot of traffic on the site. Which in turn is likely creating a lot of lag that we're experiencing right now. I think it's the same botnet from before; but they're diversifying their tactics and even continually scraping the site from tangent links.

puke: Please look into blocking that range of IPs. See for yourself in the Admin section.

Think anything you would like to do so admin/sysops have a way of creating IP based ailments/bans?

Edit: More botnetworks:

"17.58.96-97-98-99-100.*" (good thing this can be done bitwise)
54" 36" 149" ?!?!?! Thems sexy measurements!!

I looked into .htaccess blocking and seems it doesn't exactly support wildcards, but I added:


The last one was a china bot I noticed

OMG thanks b00d for figuring this pattern out!! <3
the site is loading fast again!
Level 28 Hostist
post #100857 :: 2018.06.13 3:52pm
  Tilde, Melon, b00daw and kleeder liēkd this
also I just updated the ip2country lookup table for the first time since March 2016 :shrug:
Level 23 Mixist
post #100858 :: 2018.06.13 4:10pm
  Xaser, Quirby64, mk7, VirtualMan, Savestate, Robyn, VinCMG, Slimeball, pigdevil2010, kleeder and puke7 liēkd this
no , my dear pirate flag
Level 17 Chipist
post #100861 :: 2018.06.13 7:25pm
  Jimmyoshi liēkd this
get phased botnets! ha
Level 28 Hostist
post #100902 :: 2018.06.15 1:57pm :: edit 2018.06.18 12:03pm
  Melon, petet, Apsarah, Sintel, anewuser and b00daw liēkd this
here's what I've got so far since we started this thread

updated 18.06.18
Deny from 5.45.207
Deny from 54.36.148
Deny from 54.36.149
Deny from 87.250.224
Deny from 141.8.132
Deny from 141.8.142
Deny from 178.154.171
Deny from 180.76.15
Deny from
Deny from
Deny from
Deny from 207.46.13

Also slightly rearranged the admin page layout so the IPs are easier to see patterns.

Is there any reason an ISP would be giving a user multiple addresses using the least significant byte? There are some showing that, looking like they could be bots, but they stay on a single page and don't cause the site to slow down.
Level 27 Renderist
post #100903 :: 2018.06.15 5:19pm
  sleeparrow, Apsarah, Sintel, Slimeball, Baron Knoxburry and anewuser liēkd this
often the scenario is colocated machines or virtual machines supplied by an ISP.

site is super fast right now!
Level 9 Mixist
post #100905 :: 2018.06.15 8:33pm
  Apsarah liēkd this
Level 17 Chipist
post #100920 :: 2018.06.17 5:06am
Remove from X! Deny!
Level 31 chipist
post #101002 :: 2018.06.19 12:16pm :: edit 2018.06.19 1:51pm
  Slimeball liēkd this
i know strobe is back and it's summer chip time but the site has been slow as shit the past few days. revenge of teh bots?
Level 31 Chipist
post #101003 :: 2018.06.19 1:07pm
  Jangler, sc, mk7, nostalgia junkie, anewuser, Chip Champion and Slimeball liēkd this
unfair, i've only been targetting your profile and entries, unsure if that would have any impact of the rest of the site.
Level 28 Hostist
post #101004 :: 2018.06.19 1:12pm
  Tilde, anewuser, raphaelgoulart, kleeder and Slimeball liēkd this
I've been trying to do my best to pinpoint what IPs are causing lag on the site when it's lagging, but it's not the easiest thing to do. I don't want to accidentally block any normal users. Sometimes I'll see an ip range, but they're not changing what pages they're viewing fast enough to really look like bots. Considering we're on shared hosting, it could be another site on the same server hogging resources. Or its just my horrible code being inefficient. Or dreamhost is throttling us because they really want me to upgrade to a VPS.
Level 27 Renderist
post #101012 :: 2018.06.19 5:37pm :: edit 2018.06.19 6:17pm
don't think you need to be too concerned about a range of ips within the last octet to ban; and therange within the second to last just need discriminative CIDR bitmask.
Level 23 Renderist
post #101222 :: 2018.06.25 10:31pm
Level 27 Renderist
post #111684 :: 2019.06.18 1:52pm
  MiDoRi and Baron Knoxburry liēkd this
Please add:

Deny from 46.229.168
Deny from 40.77.167

Site has been DDoS'd a couple times due to some of their traffic. They are spiderbotnets.
Level 8 Mixist
post #111687 :: 2019.06.18 7:03pm
  raphaelgoulart, Quirby64, Savestate, puke7, charlotte and Xyz liēkd this
  Slimeball hæitd this
das crazy man
any inkling of a motive? a burned botb'r seeking revenge? gxscc users?
Level 27 Renderist
post #115281 :: 2019.11.02 9:49am
  Modus Ponens, Chip Champion and tfx liēkd this
huawei singaporean botnet is slowing down our site from "159.138.15*.*"
Level 19 Chipist
post #115298 :: 2019.11.02 8:22pm
  Modus Ponens liēkd this
b00daw out here bein' robocop, you have my approval and tax boons.
Level 28 Hostist
post #115336 :: 2019.11.03 1:19pm
  b00daw liēkd this
there's like a gazillion of them from 2010 xD
Level 27 Renderist
post #115701 :: 2019.11.16 8:18pm :: edit 2019.11.16 8:19pm
  Yung Gotenks liēkd this
ban didn't stick... presently there are 23 of them on the site. :/

see if you can just ban 159.138.*.* dunno if many botbrs are running clients from hwawei singapore/hk cloudnet anyway.
Level 23 Chipist
post #115711 :: 2019.11.17 9:09am
down with singapore
Level 27 Renderist
post #115736 :: 2019.11.18 9:38am
82 hwawei singapore/hk bots on right now from 159.138.*.*

they accidentally ddos'd the site a few minutes ago doing their scraping.
Level 27 Renderist
post #116979 :: 2020.01.13 4:03pm
  Savestate and Doxic liēkd this
between 10 and 20+ bots from 10.179.3.* use a high level of traffic time to time. seems they are listed as bogons in other lists as well.
Level 15 Chipist
post #116992 :: 2020.01.14 7:26am
Sorry I'm a GOTH, bright things scare me.

LOGIN or REGISTER to add your own comments!