You could start here: [ipinfo.io ]

Yep, thanks, I've already done all those!

Are you using any CDN services such as cloudflare, or blocking via htaccess using CIDRs? It helps to know the method you're using. I know they show up in many posts in this (Search Engine Spider and User Agent Identification) forum. There is a list from 2015 here, posted by keyplyr on May 23, 2015 about 2/3 of the way down this page: [webmasterworld.com...]

It lists most of these:
5.133.176.0 - 5.133.183.255
5.133.176.0/21

78.129.250.0 - 78.129.250.255
78.129.128.0/17

82.145.60.128 - 82.145.60.255
82.145.32.0/19

83.142.224.0 - 83.142.231.255
83.142.224.0/21

87.117.192.0 - 87.117.255.255
87.117.192.0/18

88.150.168.0 - 88.150.168.255
88.150.168.0/22

95.154.192.0 - 95.154.255.255
95.154.192.0/18

109.169.62.0 - 109.169.63.255
109.169.0.0/18

109.169.64.0 - 109.169.95.255
109.169.64.0/19

185.17.149.128 - 185.17.149.191
185.17.148.0/22

212.38.176.0 - 212.38.191.255
212.38.160.0/19

217.147.80.0 - 217.147.95.255
217.147.80.0/20

Go to the RIPE page.
left side of screen 'Full text search'
Iomart

Not ideal, but many many listings.

Blocking with htaccess ... thanks for the list there were a few I was missing.

I did try using the search function however couldn't get anything with Iomart etc :-(

Why, after 25 years, have they suddenly decided to pi$$ me off?

I have hundreds / thousands of Iomart Cloud Services Limited IP addresses I am blocking

Even big providers like iomart do not have hundreds, let alone thousands, of separate ranges. You’re blocking too narrowly. Blocking exact-to-the-last-digit IP addresses should be reserved for times when you’re temporarily afflicted with a botnet using an infected computer from an otherwise legitimate human ISP range. (At any given time I have a few of these. I check every couple of months and clear the ones no longer active.)

You’re blocking too narrowly.

Any recommendations / suggestions on what / how to do it?

See not2easy's post above, which gives full IP ranges. That's the format to use. Exact wording will, of course, vary depending on your server type, but I should hope that all of them can recognize the a.b.c.d/18 format as the argument to whatever command is used.

Hi lucy, that's what I've always done and seemingly successfully, when I wrote I had hundreds / thousands I meant in this format, not individually :-)

This is as good a place as any to ask: is there any way to emulate mod_asn within an .htaccess file?

This is as good a place as any to ask

Mmmm, well, not really. How 'bout the Apache subforum?

:: wandering off to find out what the heck mod_asn is and does ::

when I wrote I had hundreds / thousands I meant in this format

But surely not hundreds or thousands belonging to a single host?

But surely not hundreds or thousands belonging to a single host?

Please correct me if I am wrong however I have always assumed:

185.17.149.128 - 185.17.149.191

This is 64 IPs?

Likewise:

185.17.148.0/22

This is 23 IPs?

I have a lot of similar lines for Iomart, I can't tell you how many since I list all IPs in numerical order in my htaccess file and have no way of knowing which belongs to whoever.

Have I got the wrong end of this altogether?

Thinking about this, is there anywhere I can test if my IPs are correctly blocked?

But surely not hundreds or thousands belonging to a single host?

I just pulled 587 netblocks/CIDRs assigned to Digital Ocean AS14061 from the particular resource I linked above, by individual CIDR entry far too much up-front server load for my episodic sniper problem, leaving me only blocking the CIDRs of the demonstrated offenders after the fact.

Hence my question about the possibility of using a subsequent level of efficiency relative to the CIDR that the CIDR provides relative to the individual IP.

@RedBar

is there anywhere I can test if my IPs are correctly blocked?

Your raw access logs will show the server response. You may still see those IPs listed because you can't block IPs from trying, but the logs will show a 403 response if they have been correctly blocked. Eventually they may stop asking.

---

@JamesSC - When you have enough data, yes it can be more efficiently blocked. BUT it is not always useful for everyone to block the same traffic so it is not a frequent topic. For the same reason it is a bad idea to copy lists of 'which IPs to block' you don't see it suggested often. Folks can easily block their best traffic with copy/paste solutions. The IOMart CIDRs are not very broad and unless you want to research further, I don't know who shares those ranges. People have been known to find stuff on search engines and copy and paste it without any clue of what they are doing. ;)

Here's one idea: (2014)

The list of CIDRs below was compiled from the Iana IPv4 Address Space Registry report [iana.org]. The list is a compact version of all Allocated non-ARIN /8 blocks (from APNIC, RIPE NCC, AFRINIC, and LACNIC). For example, 58.0.0.0/7 actually merges 58.0.0.0/8 and 59.0.0.0/8 into a single CIDR. The largest block in this list is 80.0.0.0/4 which merges the 80.0.0.0 through 95.255.255.255 address range.

See the discussion here: [webmasterworld.com...]

Thanks not2easy, I'll check through those.

I've spent a couple of hours this morning simply throwing these IPs into Google and seeing the results. All were valid ranges and I'd forgotten how many Kyivstar IPs I'd blocked in the noughties.

Does anyone create an up-to-date blocklist to purchase for a server rather than having to do it by htaccess?

This is 64 IPs?

Oh, OK, if that’s how you’re counting to arrive at “hundreds or thousands” then yes, all is well :) I was thinking hundreds of separate "Deny" or "Require" lines, or non-Apache equivalent. Just make sure you’ve got the entire range; it’s rare for major hosts or colos to have ranges as narrow as /22. Look them up and you’re likely to find, at a minimum, four consecutive /22 = a single /20.

Does anyone create an up-to-date blocklist to purchase for a server rather than having to do it by htaccess?

This seems like two unrelated questions. If it is your own server, then of course you can set up global access controls. (There's even an htaccess equivalent: I have four sites sharing a userspace in shared hosting, and most access controls are in an htaccess file in this userspace.)

Buying someone else’s blocklist is almost certainly not going to be an appropriate use of your money, since no two sites will have identical access control rules. I block {country} unconditionally, while others get significant amounts of their business there; I welcome {robot} while others slam the door in its face.

Ah yeah, good points lucy, I was only thinking of those spammy hosts!

Some more iomart ip ranges (sorry I don't know how to convert these to ip ranges):

80.75.64.0/21

185.17.148.0/22
185.17.148.0 - 185.17.151.255

80.84.48.0/20
37.220.0.0/19
5.152.192.0/19

109.169.64.0/19
109.169.0.0 - 109.169.95.255

I use an online converter/calculator (www.ipaddressguide.com) when I need the range.
It gives me these results:

5.152.192.0 - 5.152.223.255
5.152.192.0/19

37.220.0.0 - 37.220.31.255
37.220.0.0/19

80.75.64.0 - 80.75.71.255
80.75.64.0/21

80.84.48.0 - 80.84.63.255
80.84.48.0/20

109.169.0.0 - 109.169.95.255
109.169.64.0/19

185.17.148.0 - 185.17.151.255
185.17.148.0/22

Thanks, a couple there I didn't have, hopefully my updates seem to have worked.

109.169.0.0 - 109.169.95.255

109.169.0.0/18
109.169.64.0/19