Spammer ips?

[Luiz187]

Has your forum/blog been attacked by spammers? If so could you give me their ip? Ive recently been blocking all spammer ip's since my last attack on my websites new forum. So i need to know more spammer ips. Here's the code i've been blocking them with. (It seems to be have working) The code below goes in .htaccess

order allow,deny
deny from 66.117.9.210
allow from all

The ip above has attacked me with spam so i suggest you block it.

 

[USHost247]

The best way would to be a plugin. Use www.stopforumspam.com, www.projecthoneypot.org, or other databases to automatically block spammers.

 

[Luiz187]

Thank you! I am now creating a master code banning bad ip's for everyone to use. I have created this code from http://www.stopforumspam.com , http://www.projecthoneypot.org and http://ips-hackers-spam.blogspot.com/

Here is what i have untill now

order allow,deny
deny from 66.117.9.210
deny from 72.46.134.171
deny from 146.185.232.209
deny from 76.164.224.130
deny from 112.111.17.112
deny from 14.110.188.244
deny from 192.99.17.196
deny from 69.30.250.194
deny from 37.187.73.95
deny from 76.164.218.194
deny from 62.210.139.59
deny from 173.208.206.90
deny from 192.99.35.127
deny from 112.5.241.74
deny from 37.187.74.201
deny from 112.111.173.30
deny from 121.205.244.167
deny from 76.164.194.115
deny from 199.15.233.177
deny from 91.207.6.102
deny from 202.111.175.31
deny from 117.21.224.251
deny from 91.188.117.22
deny from 91.188.117.246 
deny from 121.205.214.207
deny from 189.22.190.230
deny from 1891.207.7.162
deny from 218.85.136.119
allow from all

 

[Aki-P]

I'll show you something else, if you run a WHOIS on the IP address: http://whois.domaintools.com/66.117.9.210

Here's an alternative one because that one is limited free use per day: http://who.is/

You'll find more info about the IP, in the case of "66.117.9.210", it belongs to "Corporate Colocation": http://www.corporatecolo.com/

A data center IP. Over 99% of the spammers are either bot scripts through a server or users running through a proxy. Either way, they're masking themselves behind a data center IP address. Why do users need to do that in order to legitimately access your site? They don't.

So get the IP's entire range:
NetRange: 66.117.0.0 - 66.117.15.255
CIDR: 66.117.0.0/20

And Block the CIDR in your block list.
If you don't know the CIDR, you can convert it on a site like this: http://ip2cidr.com/

This method, on top of other anti-spam measures on my site (including stopforumspam) has rapidly decreased spammers. Whenever the rare one does appear, I look up the IP and block the range, in most cases it does end up being from a server.