IP bans for botnets
BotB Academy Bug Reports and Feature Requests
 
 
100823
Level 26 Renderist
post #100823 :: 2018.06.12 4:27pm :: edit 2018.06.19 7:05am
  
  tothejazz, VirtualMan, ipi, gotoandplay, kinkinkijkin, petet, anewuser, kleeder, MiDoRi and Slimeball liēkd this
The botnet range of "54.36.14*.*" is generating a lot of traffic on the site. Which in turn is likely creating a lot of lag that we're experiencing right now. I think it's the same botnet from before; but they're diversifying their tactics and even continually scraping the site from tangent links.

puke: Please look into blocking that range of IPs. See for yourself in the Admin section.

Think anything you would like to do so admin/sysops have a way of creating IP based ailments/bans?

Edit: More botnetworks:

"180.76.1*.*"
"207.46.1*.*"
"141.8.1*.*"
"157.55.3*.*"
"202.46.*.*"
"178.154.*.*"
"37.9.113.*"
"17.58.96-97-98-99-100.*" (good thing this can be done bitwise)
 
 
100853
Level 27 Hostist
54" 36" 149" ?!?!?! Thems sexy measurements!!

I looked into .htaccess blocking and seems it doesn't exactly support wildcards, but I added:

54.36.148
54.36.149
180.76.15

The last one was a china bot I noticed

OMG thanks b00d for figuring this pattern out!! <3
the site is loading fast again!
 
 
100857
Level 27 Hostist
post #100857 :: 2018.06.13 3:52pm
  
  Melon, b00daw and kleeder liēkd this
also I just updated the ip2country lookup table for the first time since March 2016 :shrug:
 
 
100858
Level 20 Mixist
post #100858 :: 2018.06.13 4:10pm
  
  Savestate, Robyn, VinCMG, Slimeball, pigdevil2010, kleeder and puke7 liēkd this
no , my dear pirate flag
 
 
100861
Level 17 Chipist
post #100861 :: 2018.06.13 7:25pm
  
  Jimmyoshi liēkd this
get phased botnets! ha
 
 
100902
Level 27 Hostist
post #100902 :: 2018.06.15 1:57pm :: edit 2018.06.18 12:03pm
  
  Melon, petet, Apsarah, Sintel, anewuser and b00daw liēkd this
here's what I've got so far since we started this thread

updated 18.06.18
Deny from 5.45.207
Deny from 54.36.148
Deny from 54.36.149
Deny from 87.250.224
Deny from 141.8.132
Deny from 141.8.142
Deny from 178.154.171
Deny from 180.76.15
Deny from 202.46.48.0/21
Deny from 202.46.56.0/23
Deny from 202.46.58.0/24
Deny from 207.46.13


Also slightly rearranged the admin page layout so the IPs are easier to see patterns.

Is there any reason an ISP would be giving a user multiple addresses using the least significant byte? There are some showing that, looking like they could be bots, but they stay on a single page and don't cause the site to slow down.
 
 
100903
Level 26 Renderist
post #100903 :: 2018.06.15 5:19pm
  
  sleeparrow, Apsarah, Sintel, Slimeball, Baron Knoxburry and anewuser liēkd this
often the scenario is colocated machines or virtual machines supplied by an ISP.

site is super fast right now!
 
 
100905
Level 9 Mixist
post #100905 :: 2018.06.15 8:33pm
  
  Apsarah liēkd this
Hooray!
 
 
100920
Level 17 Chipist
post #100920 :: 2018.06.17 5:06am
Remove from X! Deny!
 
 
101002
Level 30 chipist
post #101002 :: 2018.06.19 12:16pm :: edit 2018.06.19 1:51pm
  
  Slimeball liēkd this
i know strobe is back and it's summer chip time but the site has been slow as shit the past few days. revenge of teh bots?
 
 
101003
Level 30 Chipist
post #101003 :: 2018.06.19 1:07pm
  
  anewuser, Chip Champion and Slimeball liēkd this
unfair, i've only been targetting your profile and entries, unsure if that would have any impact of the rest of the site.
 
 
101004
Level 27 Hostist
post #101004 :: 2018.06.19 1:12pm
  
  anewuser, raphaelgoulart, kleeder and Slimeball liēkd this
I've been trying to do my best to pinpoint what IPs are causing lag on the site when it's lagging, but it's not the easiest thing to do. I don't want to accidentally block any normal users. Sometimes I'll see an ip range, but they're not changing what pages they're viewing fast enough to really look like bots. Considering we're on shared hosting, it could be another site on the same server hogging resources. Or its just my horrible code being inefficient. Or dreamhost is throttling us because they really want me to upgrade to a VPS.
 
 
101012
Level 26 Renderist
post #101012 :: 2018.06.19 5:37pm :: edit 2018.06.19 6:17pm
don't think you need to be too concerned about a range of ips within the last octet to ban; and therange within the second to last just need discriminative CIDR bitmask.
 
 

LOGIN or REGISTER to add your own comments!