do you block IPXO ranges?

Forum Moderators: open

Message Too Old, No Replies

do you block IPXO ranges?

LifeinAsia

4:39 pm on Feb 9, 2024 (gmt 0)

I've gotten a lot of hacker wannabes and spammers using IPs associated with IPXO and have started blocking their IP ranges when I come across them.

Today I had a user that was unable to get to the site because she's using a VPN that apparently uses one of IPXO's ranges. Sure enough, I had the /16 block on my blacklist (lots of other bad actors in that range as well).

What's been your experiences with traffic from IPXO ranges?

lucy24

7:20 pm on Feb 9, 2024 (gmt 0)

Not exactly what you're asking, but: If the VPN's range is contained within the IPXO range, it should be possible to poke a hole.

:: wondering if this is a good time to start some popcorn ::

tangor

4:57 am on Feb 10, 2024 (gmt 0)

Do you want cinnamon or garlic butter?

All this "fine tuning" is taking up a lot of time.

SumGuy

2:59 am on Feb 15, 2024 (gmt 0)

Yes, I block IPXO.

I posted about IPXO here, maybe a year ago?

https:// bgp.he.net/search?search%5Bsearch%5D=IPXO&commit=Search

I do my IP blocking in my router, I host my website on my own server. I don't block individual IP's, I block CIDR's, none smaller than /24, many are /16.

I think it's a rare case that you'll have a legit webhit from someone using a VPN. All I ever see from VPN's (and TOR) is garbage. If someone wants to get to your site bad enough, they'll disable the VPN and hit you direct. I'm talking about the VPN's people typically use when torrenting or streaming media. I see legit hits from corporate VPN solutions, I see Zscaler somewhat frequently, and I don't block that. I've also seen legit hits from Colt but not for maybe a couple years now (heh - maybe they're using AWS now and getting blocked and I don't know it. I don't feel bad at all blocking 99% of AWS and goog and MSFT)