banning the whole RIPE network. yes, the WHOLE network

Forum Moderators: phranque

Message Too Old, No Replies

banning the whole RIPE network. yes, the WHOLE network

MWpro

11:33 pm on Nov 25, 2008 (gmt 0)

I run a forum. Its purposes are only relevant for North America.

Every spam bot that continually hits my message board is from the RIPE network. EVERY ONE. I have implemented anti-spam measures but they still are on my site, using bandwidth.

I have no need for traffic outside of North America. How can I ban the whole entire RIPE Network? If there is some collateral banning of people outside of North America not associated with the RIPE Network, that is fine. It will be worth it, especially since their traffic wouldn't help me anyway.

So.. how can I do this?

Samizdata

1:04 am on Nov 26, 2008 (gmt 0)

The main RIPE blocks begin with 62, 80-91, 193-195, 212-213, and 217.

They are used by many US citizens living, working, vacationing or stationed abroad.

The world's leading producer of spam and viruses is reportedly the USA.

...

MWpro

4:02 am on Nov 26, 2008 (gmt 0)

They are used by many US citizens living, working, vacationing or stationed abroad.

I have such a small niche that this does not matter to me. I do not ship my products overseas to Europe.

The world's leading producer of spam and viruses is reportedly the USA.

That may be true, but for the purposes of my message board, all the troubling activity is coming from the RIPE network.

wilderness

4:56 am on Nov 26, 2008 (gmt 0)

So.. how can I do this?

1) go to a website which offers downloads of the database for IP ranges by country.
2) do this for RIPE, APNIC, LACNIC, AFRIC
3) then merge the ranges into a systematic-numerical order
4) create the Rewrites or denys
5) add them to your htaccess
6) You should also deny refers based on the two-letter country code before or after the domain name.

Please note; You'll find the entire process quite time consuning (into the weeks for limited restriction 70-80%)

Additionally, you'll need to deny all the tools (translators and "others") that many of the major SE's are offering.

wilderness

3:14 pm on Nov 26, 2008 (gmt 0)

As a follow up, here's a good beginning.

Please note; these are all NOT restricted to RIPE ranges (your inquiry), rather non-North American ranges.
the list is far from complete

The following Class A's and all their sub-Classes:
114-126
144
20
200-203
210-213
217-222
41
43
57-62
67
77-95

MWpro

11:07 pm on Nov 28, 2008 (gmt 0)

Thank you. What is the format for banning a whole range? I know how to ban one IP, but not a range.

wilderness

12:47 am on Nov 29, 2008 (gmt 0)

What is the format for banning a whole range? I know how to ban one IP, but not a range.

#example 114-126 (denies Class A's)
RewriteCond %{REMOTE_ADDR} ^(11[4-9]¦12[0-6])\. [OR]

Please note; the forum breaks the pipe character and requires correction before use.

Do not use [OR] on last line of mutiple conditions.
Do not use [OR] on single conditions.

g1smd

1:05 am on Nov 29, 2008 (gmt 0)

You could also use the DENY FROM syntax rather than a RewriteRule.

wilderness

2:27 am on Nov 29, 2008 (gmt 0)

You could also use the DENY FROM syntax rather than a RewriteRule.

Try doing that on a single line for the 114-126 Class A's ;)