We have our own email server, will this work for us as well? We had more than one day that we have received 46,000, yes forty six thousand emails. Most comming from Portland, Dallas, Austin, New Jersey and eastern Europe
For those of you who don't scroll to the bottom of the forum homepage, here's what they look like. All the ones in shocking pink are the now banned bots.
We have our own email server, will this work for us as well? We had more than one day that we have received 46,000, yes forty six thousand emails. Most comming from Portland, Dallas, Austin, New Jersey and eastern Europe
In the .htaccess file in the root directory, you can isolate a range to include an entire continent or down to the individual IP addresses.
We did all the work to organize upstream provider ISP ranges of IP addresses for most all US based ISP's, for a Government project. (((SAY THAT 3 TIMES)))
They wanted to isolate the ISP's that authorized TOR endpoints for reasons I don't entirely agree with, but they paid well, so WTH?
So yes, if you have spammers in Dallas, 1st check the IP to see if it traces to 100TB as an upstream provider.
If so, its more convenient to block the range then the individual IP's.
Here is how we track down spammers and network hackers for our business clients ...
1) We setup honeypots designed to entice the spammer like a mouse trap.
2) The honey pots are constructed to appear as legitimate URL's from a variety of partners.
3) When the target clicks in and begins the port probe or whatever scan they are up to, we own them.
Unless they take the target device outside and pop a few rounds into it, the forensics we embed on the target device are going to stay embedded like herpes.
Here is a spammer / account probe that hit a hospital client of ours.
A Russian TOR endpoint used a Frontier communication ISP to initiate their evil doings from a residential home in Holland.
Most likely some kid wanting to hack the insurance Companies database to capture social security numbers, bank routing numbers and account numbers.
Last edited by ClickaNerd; July 23rd, 2016 at 11:13 AM.
Reason: spelling
Hey Rick, you may want to add this to .htaccess as well.
Many of the webs annoyances are hidden under this proxy.
Additionally, HMA keep leased IP logs.
# Hide my ass US servers and VPN proxy
deny from 74.63.112.138-74.63.112.146
deny from 67.159.56.162-67.159.56.166
deny from 74.63.86.218-74.63.86.222
deny from 74.63.112.147-74.63.112.156
deny from 66.90.73.223
deny from 67.159.36.18-67.159.36.30
deny from 95.154.230.253-95.154.230.254
deny from 95.154.230.191
deny from 67.159.5.242
deny from 93.174.93.145
I had to stop allowing account creations yesterday. I wasn't near a computer yesterday since I was fishing in the morning and then took daughter car shopping in the afternoon which turned into half the damn night and I kept getting "new user" notifications. Maybe a couple of days of getting rejected will force them to look somewhere else. I have never had activity like this from one area.
The Cpanel has an IP deny manager, so I ban the range like this, 118.70.0.0 - 118.70.255.255. I'll try to put together a list of IP's from this mess and see if there's a pattern of some sort. They all seem to be different and may be spoofing others in the US. I got one from Denver last night.