Inhosting is just filthy with blog spammers which is bizarre as usually I find a mix of activity on dedicated servers but this place seems to be overflowing with nothing but spammers and just one scraper, Snoopy.
I'm positive they are all spammers as every IP address listed below, except Snoopy, ONLY accessed my post form on a specific server, nothing else.
They host some of the usual garden variety bullshit spammers and Snoopy the scraper:
85.255.116.178 "Snoopy v1.2" "/"Then they have a few of the amazing changing user agent spammers from this IP sorted by user agent for your viewing pleasure:
85.255.117.218 "PussyCat 1.0, Murzillo compatible"
85.255.117.222 "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
85.255.117.226 ""
85.255.118.106 "PussyCat 1.0, Murzillo compatible"
85.255.118.114 "PussyCat 1.0, Murzillo compatible"
85.255.117.250 "Mozilla/4.0 (compatible; MSIE 4.0; MSN 2.6; Windows 95; Gateway2000)"Another of the same rotating user agent shit on a different IP
85.255.117.250 "Mozilla/4.0 (compatible; MSIE 4.0; Windows 95)"
85.255.117.250 "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)"
85.255.117.250 "Mozilla/4.0 (compatible; MSIE 5.01; Windows 95)"
85.255.117.250 "Mozilla/4.0 (compatible; MSIE 5.01; Windows 95; USA On-Site)"
85.255.117.250 "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
85.255.117.250 "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98; 981)"
85.255.117.250 "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98; QXW0332q)"
85.255.117.250 "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
85.255.117.250 "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; DT)"
85.255.117.250 "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"
85.255.117.250 "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.9) Gecko/20020311"
85.255.117.250 "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0rc1) Gecko/20020417"
85.255.117.250 "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0rc2) Gecko/20020510"
85.255.117.250 "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0rc3) Gecko/20020523"
85.255.117.250 "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1a) Gecko/20020611"
85.255.117.250 "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1b) Gecko/20020721"
85.255.117.250 "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.2a) Gecko/20020910"
85.255.117.250 "Opera/6.01 (Windows 98; U) [en]"
85.255.117.250 "Opera/6.04 (Windows 2000; U) [en]"
85.255.117.250 "Opera/6.04 (Windows 98; U) [en]"
85.255.117.250 "Opera/6.04 (Windows XP; U) [en]"
85.255.117.250 "Opera/7.0 (Windows 2000; U) [en]"
85.255.117.250 "Opera/7.0 (Windows NT 5.0; U) [en]"
85.255.117.250 "Opera/7.02 Bork-edition (Windows NT 5.0; U) [en]"
85.255.117.251 "Mozilla/4.0 (compatible; MSIE 5.01; Windows 95; USA On-Site)"And YET another that didn't hit as often
85.255.117.251 "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
85.255.117.251 "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"
85.255.117.251 "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.7) Gecko/20011221"
85.255.117.251 "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.0) Gecko/20020530"
85.255.117.251 "Opera/7.02 Bork-edition (Windows NT 5.0; U) [en]"
85.255.117.253 "Mozilla/4.0 (compatible; MSIE 4.0; MSN 2.6; Windows 95; Gateway2000)"For the grand finale, a D-block of Firefox Linux spammers:
85.255.117.253 "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.7) Gecko/20011221"
85.255.117.253 "Opera/6.04 (Windows 2000; U) [en]"
85.255.118.82 "Mozilla/5.0 (X11; U; Linux i686; ru; rv:1.8.0.3) Gecko/20060425 SUSE/1.5.0.3-7 Firefox/1.5.0.3"Block block block block...
85.255.118.83 "Mozilla/5.0 (X11; U; Linux i686; ru; rv:1.8.0.3) Gecko/20060425 SUSE/1.5.0.3-7 Firefox/1.5.0.3"
85.255.118.84 "Mozilla/5.0 (X11; U; Linux i686; ru; rv:1.8.0.3) Gecko/20060425 SUSE/1.5.0.3-7 Firefox/1.5.0.3"
85.255.118.85 "Mozilla/5.0 (X11; U; Linux i686; ru; rv:1.8.0.3) Gecko/20060425 SUSE/1.5.0.3-7 Firefox/1.5.0.3"
85.255.118.86 "Mozilla/5.0 (X11; U; Linux i686; ru; rv:1.8.0.3) Gecko/20060425 SUSE/1.5.0.3-7 Firefox/1.5.0.3"
85.255.118.130 "Mozilla/5.0 (X11; U; Linux i686; ru; rv:1.8.0.3) Gecko/20060425 SUSE/1.5.0.3-7 Firefox/1.5.0.3"
85.255.118.132 "Mozilla/5.0 (X11; U; Linux i686; ru; rv:1.8.0.3) Gecko/20060425 SUSE/1.5.0.3-7 Firefox/1.5.0.3"
85.255.118.133 "Mozilla/5.0 (X11; U; Linux i686; ru; rv:1.8.0.3) Gecko/20060425 SUSE/1.5.0.3-7 Firefox/1.5.0.3"
85.255.118.134 "Mozilla/5.0 (X11; U; Linux i686; ru; rv:1.8.0.3) Gecko/20060425 SUSE/1.5.0.3-7 Firefox/1.5.0.3"
Here's the range of troublemaker IPs to block
netname: INHOSTERThey also have this range but I don't have any activity that has been tracked from here:
inetnum: 85.255.112.0 - 85.255.127.255
netname: INHOSTEREnjoy the silence with the fucking spammers gone.
netnum: 195.95.218.0 - 195.95.219.255
1 comment:
Bill,
you can't go wrong with blocking their entire ranges as they only seem to host crap sites ranging from spamvertised Malware to pure doorway gibberish sites which attempt to run IE specific exploits.
Inhoster is particularily interesting as when you visit their site, you'll notice that it will say they don't accept any customers (although new sites or spambots do pop up regularily). However you won't see any representatives in forums. That's because the company behind this operation is actually Esthost:
Spamhaus listing Atrivo
Spamhaus listing Esthost
One of the reasons most people have their entire ranges banned on the router level or in their hosts file to prevent from being overrun by malware. and estdomains is their registration service, you probably noticed already, that this service isn't used for legitimate sites and often contains not quite realistic registration infos ;-)
Post a Comment