IP bans for botnets
BotB Academy Bug Reports and Feature Requests
Level 27 Renderist
post #100823 :: 2018.06.12 4:27pm :: edit 2018.06.19 7:05am
  malmen, tothejazz, VirtualMan, ipi, gotoandplay, kinkinkijkin, petet, anewuser, kleeder, MiDoRi and Slimeball liēkd this
The botnet range of "54.36.14*.*" is generating a lot of traffic on the site. Which in turn is likely creating a lot of lag that we're experiencing right now. I think it's the same botnet from before; but they're diversifying their tactics and even continually scraping the site from tangent links.

puke: Please look into blocking that range of IPs. See for yourself in the Admin section.

Think anything you would like to do so admin/sysops have a way of creating IP based ailments/bans?

Edit: More botnetworks:

"17.58.96-97-98-99-100.*" (good thing this can be done bitwise)
Level 27 Hostist
54" 36" 149" ?!?!?! Thems sexy measurements!!

I looked into .htaccess blocking and seems it doesn't exactly support wildcards, but I added:


The last one was a china bot I noticed

OMG thanks b00d for figuring this pattern out!! <3
the site is loading fast again!
Level 27 Hostist
post #100857 :: 2018.06.13 3:52pm
  Melon, b00daw and kleeder liēkd this
also I just updated the ip2country lookup table for the first time since March 2016 :shrug:
Level 22 Chipist
post #100858 :: 2018.06.13 4:10pm
  VirtualMan, Savestate, Robyn, VinCMG, Slimeball, pigdevil2010, kleeder and puke7 liēkd this
no , my dear pirate flag
Level 17 Chipist
post #100861 :: 2018.06.13 7:25pm
  Jimmyoshi liēkd this
get phased botnets! ha
Level 27 Hostist
post #100902 :: 2018.06.15 1:57pm :: edit 2018.06.18 12:03pm
  Melon, petet, Apsarah, Sintel, anewuser and b00daw liēkd this
here's what I've got so far since we started this thread

updated 18.06.18
Deny from 5.45.207
Deny from 54.36.148
Deny from 54.36.149
Deny from 87.250.224
Deny from 141.8.132
Deny from 141.8.142
Deny from 178.154.171
Deny from 180.76.15
Deny from
Deny from
Deny from
Deny from 207.46.13

Also slightly rearranged the admin page layout so the IPs are easier to see patterns.

Is there any reason an ISP would be giving a user multiple addresses using the least significant byte? There are some showing that, looking like they could be bots, but they stay on a single page and don't cause the site to slow down.
Level 27 Renderist
post #100903 :: 2018.06.15 5:19pm
  sleeparrow, Apsarah, Sintel, Slimeball, Baron Knoxburry and anewuser liēkd this
often the scenario is colocated machines or virtual machines supplied by an ISP.

site is super fast right now!
Level 9 Mixist
post #100905 :: 2018.06.15 8:33pm
  Apsarah liēkd this
Level 17 Chipist
post #100920 :: 2018.06.17 5:06am
Remove from X! Deny!
Level 30 chipist
post #101002 :: 2018.06.19 12:16pm :: edit 2018.06.19 1:51pm
  Slimeball liēkd this
i know strobe is back and it's summer chip time but the site has been slow as shit the past few days. revenge of teh bots?
Level 30 Chipist
post #101003 :: 2018.06.19 1:07pm
  anewuser, Chip Champion and Slimeball liēkd this
unfair, i've only been targetting your profile and entries, unsure if that would have any impact of the rest of the site.
Level 27 Hostist
post #101004 :: 2018.06.19 1:12pm
  anewuser, raphaelgoulart, kleeder and Slimeball liēkd this
I've been trying to do my best to pinpoint what IPs are causing lag on the site when it's lagging, but it's not the easiest thing to do. I don't want to accidentally block any normal users. Sometimes I'll see an ip range, but they're not changing what pages they're viewing fast enough to really look like bots. Considering we're on shared hosting, it could be another site on the same server hogging resources. Or its just my horrible code being inefficient. Or dreamhost is throttling us because they really want me to upgrade to a VPS.
Level 27 Renderist
post #101012 :: 2018.06.19 5:37pm :: edit 2018.06.19 6:17pm
don't think you need to be too concerned about a range of ips within the last octet to ban; and therange within the second to last just need discriminative CIDR bitmask.
Level 22 Renderist
post #101222 :: 2018.06.25 10:31pm

LOGIN or REGISTER to add your own comments!