Block Access to Your Web Server, from Exploited Servers, with this Linux APF iptables Firewall Blocklist

The IP addresses and CIDR ranges in these blocklists are for use in Linux APF server firewalls, via included iptables.

Presented by
MailWasher Pro is a spam filtering front-end for your POP3 desktop email client.

Compiled by Wizcrafts Computer Services (see website links in footer)

Wizcrafts has been publishing .htaccess formatted IP blocklists (a.k.a. blacklists), for Apache-based websites, since 2005. They are used by many webmasters to deny access to spammers, scammers, scrapers, harvesters and server exploiters. Now, due to numerous requests, we are making the same IP blocklists available in a format suitable for use in many software and hardware firewalls, especially those running on Linux based operating systems. These are not advanced policy firewall rules, just straight, one-per-line IP addresses, or CIDRs, that are used in advanced policy firewalls (APF) as includes.

This page is not a tutorial in the use of these blocklists; there are plenty available on the 'Net (use the searchbox below). You can visit R-FX Networks for details about their APF project. The iptables blocklists below are for people who already know how to apply them to their servers, or firewalls. You must have Root access to the server to install these iptables blocklists. If you don't have root access, use our .htaccess blocklists instead.

The following is our exploited and hostile servers - iptables firewall blocklist. The IP addresses and CIDRs on this list belong to web hosting companies, dedicated server and domain parking "farms" and colocation datacenters. The servers on this blocklist have all earned a place here due to hostile activities against my websites, such as attempted URL redirect exploits, attempted FormMail exploits, for sending email harvesters, for scraping my content, or for allowing log, blog or email spam scripts to operate on their customer's websites.

Copy, paste and save the blocklist as a plain ascii text file, usually named deny_hosts.rules, then upload it to your Linux server, typically to: "/etc/apf/deny_hosts.rules"   Every IP or CIDR listed in the file, one per line, is denied access by default. See How to install APF (Advanced Policy Firewall), for installation details.

Please read this cautionary note before applying this blocklist to your server!

The Exploited Servers iptables blocklist contains CIDRs belonging to dozens of popular web hosts and dedicated server companies. Your server may already be covered by this blocklist. Follow the instructions below to determine your website's ip address and corresponding CIDR, before you apply this APF blocklist. You do not want to block access to your own server, with a firewall rule.

There are a number of ways to determine the IP address of a web server. Any website that uses cPanel will usually display your website's ip address, in the left sidebar, when you log into your cPanel. If your web control panel doesn't show your ip address, use your PC to find it. If your computer is Windows based, or otherwise has the PING, TRACERT, or NSLOOKUP commands, either of those will show the IP address of the web server that hosts your website. Just open a Command Window and type in: ping example.com and press Enter, changing example.com to your website's domain name. Ping is a fast way to get a website's IP address, but it may fail to get it if the domain is a parked domain name. In that case you can use tracert example.com, substituting your domain name for example.com. The IP will appear at the start and finish of the trace. Nslookup, if you have it, is also a fast way to get a website's IP. In a Command window, type nslookup example.com (substitute your domain) and press Enter.

Make a note of your web server's IP, or highlight it in the command window and press Enter to copy it, then visit Domaintools.com and type, or paste that ip into the Whois Lookup search box and press enter. Look at the results to see if a CIDR range is shown that includes your server (A CIDR looks like this: 67.15.0.0/16). If a CIDR is shown in the Whois lookup, check the blocklist to see if yours is included in that list. If it is and you apply that iptables blocklist to the server's firewall, you and your hosting customers may be blocked from accessing your own server, so remove that CIDR before applying the blocklist, or create an Allow rule in your APF firewall, to permit your server's IP address through. Close this section and proceed

Here are links to our other iptables firewall blocklists:
South American iptables Blocklist | Chinese iptables blocklist | Russian iptables blocklist | Nigerian iptables blocklist

My cat, pleading for contributions to help finance my blocklist research
If you find these blocklists useful, please Donate to Wizcrafts. Contributions from people like you, who benefit from these blocklists, will enable this work to continue. We really can use your kind donations, in any amount!
Please Donate via PayPal
 
Monitor this page for changes

It's private by ChangeDetection 
# This is Wizcrafts' Exploited Servers blocklist, in iptables APF format, for use in Linux/Apache web server firewalls.
## Compiled and published by Wizcrafts Computer Services - http://www.wizcrafts.net/
### We have safer version of this file, in .htaccess format, at: http://www.wizcrafts.net/exploited-servers-blocklist.html
#### This time consuming work is supported by donations from people who use and benefit from this blocklist.
##### Please make your donation here: http://www.wizcrafts.net/payments.html - Thanks in advance :-)
###### This page was last updated on: August 26, 2010 (may include multiple updates per day)


########## READ THESE IMPORTANT NOTES BEFORE APPLYING THIS BLOCKLIST ##########
# All of the CIDRs in this list are here because they host un-secured exploited servers, or client websites.
# Some of these servers/websites are used for spamming, while others attempt hostile script redirects or scraping.
# This list includes CIDRs for German based spammers using "Schlund + Partner AG" and "1&1 Internet AG" servers.
# This list of IP CIDRs should go into a file named "deny_hosts.rules" which is managed by your APF directives.

### Be careful! Your own web host's, or dedicated server's IP may be included in this list.
# If so, you and your users will be totally blocked from HTTP, FTP and Email access!
# If your server's IP is covered by a CIDR in this list, remove it before installing this blocklist!

# If you host multiple web pages and they communicate with each other using http scripts (like "wget"),
# the communication will break if either is listed on this blocklist. The workaround is to add
# "allow from" directives to each server's blocklist, for the other's specific IP address(es).

# You can also direct an APF firewall to allow your own IP addresses, via an included file, named "allow_hosts.rules"
## The .htaccess version of this blocklist is safer to use, as it doesn't normally lock out access to your mail or ftp servers.

# Exploited - shared, VPS and dedicated web servers and ISPs, listed by the entire CIDR assigned to each company.

24.172.171.18
38.100.22.104/29
38.100.22.112/28
38.100.22.128/26
62.21.96.0/22
62.75.202.0/24
62.141.48.0/20
62.141.56.0/21
62.149.128.0/17
64.15.138.160/27
64.15.156.64/27
64.20.32.0/19
64.22.64.0/18
64.27.0.0/19
64.34.176.0/20
64.38.0.0/18
64.62.181.32/27
64.91.224.0/19
64.92.199.0/24
64.92.200.0/24
64.118.80.0/20
64.120.4.0/22
64.182.0.0/16
64.185.224.0/20
64.191.0.0/17
65.23.153.0/24
65.23.154.0/24
65.36.128.0/17
65.98.0.0/17
65.99.201.0/25
65.167.19.30
65.182.188.0/22
66.7.192.0/19
66.35.39.128/25
66.38.130.192/26
66.49.128.0/17
66.79.160.0/19
66.90.64.0/18
66.116.125.0/24
66.148.64.0/18
66.154.0.0/18
66.154.64.0/19
66.160.144.128/25
66.160.186.0/24
66.186.36.195
66.197.128.0/17
66.199.224.0/19
66.225.212.0/22
66.232.96.0/19
66.232.136.0/21
66.235.160.0/19
66.235.192.0/19
67.131.248.0/24
67.159.0.0/18
67.205.69.32/27
67.228.0.0/16
69.13.0.0/16
69.16.192.0/18
69.31.40.0/21
69.31.80.0/21
69.31.128.0/20
69.50.160.0/19
69.60.111.0/24
69.64.64.0/20
69.65.0.0/18
69.65.20.0/22
69.73.128.0/18
69.93.241.192/27
69.175.0.0/18
70.38.0.0/17
70.87.208.34
72.9.224.0/19
72.18.150.0/23
72.21.32.0/19
72.22.64.0/19
72.29.64.0/19
72.32.0.0/16
72.36.128.0/17
72.36.168.152/29
72.51.32.0/20
72.52.116.40/29
72.52.128.0/17
72.55.128.0/18
72.232.0.0/16
72.233.0.0/17
72.249.32.0/23
74.50.0.0/20
74.50.96.0/19
74.63.64.0/18
74.86.0.0/16
74.124.192.0/24
74.200.192.0/18
74.208.15.0/24
74.208.16.0/24
74.208.64.0/19
76.74.173.0/24
77.92.88.0/23
77.130.0.0/16
77.232.64.0/19
77.240.113.128/26
78.46.0.0/15
78.129.208.0/24
79.32.0.0/15
79.135.160.0/19
79.175.165.0/24
80.67.25.0/24
80.67.27.0/24
80.69.92.0/25
80.86.80.0/20
80.92.64.0/19
80.237.128.0/17
80.249.173.0/24
81.19.183.0/27
81.29.70.0/24
81.169.144.0/20
82.61.0.0/16
82.98.128.0/18
82.99.30.0/25
82.165.0.0/16
82.208.60.0/22
83.65.62.0/24
83.98.209.0/24
83.149.90.0/24
83.170.82.0/23
83.170.84.0/22
83.233.30.0/24
83.233.165.0/24
84.19.176.0/20
85.8.128.0/18
85.10.192.0/18
85.17.0.0/16
85.18.0.0/16
85.19.150.0/24
85.25.0.0/16
85.88.0.0/19
85.113.224.0/19
85.114.140.0/22
85.119.152.0/21
85.158.181.0/24
87.106.0.0/16
87.118.64.0/18
87.118.96.0/19
87.230.0.0/20
87.237.60.64/27
87.253.128.0/19
87.253.176.0/21
88.84.128.0/19
88.191.0.0/16
88.198.16.0/20
88.198.32.0/19
88.208.238.0/24
89.138.0.0/16
89.149.192.0/18
89.163.128.0/17
89.202.128.0/17
89.238.75.0/24
89.238.76.0/24
89.245.192.0/18
89.248.168.0/24
89.248.172.0/23
91.121.0.0/16
91.186.0.0/19
91.192.116.0/22
91.205.96.0/22
91.214.44.0/22
92.43.200.0/21
92.48.64.0/18
92.48.65.0/24
92.48.112.64/26
92.243.8.0/21
93.174.88.0/21
93.190.139.0/24
94.23.0.0/16
94.75.192.0/18
94.76.206.2/31
94.102.48.0/20
94.198.96.0/24
94.228.209.128/25
95.110.224.0/21
95.143.192.0/24
95.211.0.0/16
96.31.64.0/19
123.242.229.0/24
151.1.0.0/16
173.234.28.0/22
173.234.144.0/21
174.34.144.0/23
174.127.132.128/26
178.32.40.0/21
184.107.0.0/16
188.92.72.0/21
188.138.56.0/22
193.164.132.0/23
193.192.58.0/23
193.200.193.0/24
193.254.184.0/24
194.8.74.0/23
194.116.186.0/23
195.35.82.0/23
195.42.102.0/23
195.56.55.0/28
195.56.189.32/28
195.225.176.0/22
195.234.171.0/24
195.242.98.0/23
200.63.40.0/22
204.13.64.0/21
205.177.79.0/24
205.234.96.0/20
205.234.128.0/17
206.51.224.0/20
206.188.0.0/26
206.190.65.128/25
206.225.0.0/19
207.58.128.0/18
207.150.188.0/24
207.234.128.0/17
208.43.0.0/16
208.53.128.0/18
208.66.68.0/22
208.66.194.160/28
208.71.128.0/22
208.99.192.0/19
208.100.0.0/18
208.101.0.0/18
208.109.0.0/16
208.112.107.20
208.184.65.0/24
209.2.34.112/28
209.9.240.0/21
209.25.128.0/17
209.34.196.64/26
209.40.192.0/20
209.41.160.0/19
209.51.128.0/19
209.59.167.50/31
209.66.122.0/24
209.85.0.0/17
209.97.192.0/19
209.126.128.0/17
209.160.0.0/18
209.160.64.0/20
209.163.169.0/24
209.172.32.0/19
209.200.0.0/18
209.205.0.0/18
212.34.128.0/19
212.241.176.0/23
212.241.182.240
213.5.64.0/21
213.19.146.0/24
213.165.64.0/19
213.180.64.0/19
213.186.32.0/19
213.194.149.0/24
213.225.101.128/27
213.251.184.0/22
216.17.96.0/20
216.32.64.0/19
216.67.244.0/24
216.93.160.0/19
216.104.37.120/29
216.120.224.0/19
216.180.224.0/19
216.182.224.0/20
216.185.128.0/24
216.242.44.96
216.245.192.0/20
216.255.176.0/20
217.20.208.0/20
217.70.128.0/22
217.70.132.0/23
217.148.93.128/26
217.169.46.96/28
217.172.187.0/24
217.197.152.0/24

# Proxy servers and services and hosting companies with proxy server clients, listed by the full CIDR of the hosting company.
61.206.125.0/24
62.171.194.0/23
75.126.0.0/16
80.33.0.0/16
80.58.0.0/16
81.12.0.0/17
83.16.154.152/29
85.10.219.104/29
85.92.130.0/24
85.185.0.0/16
88.198.241.104/29
88.198.252.144/29
145.253.239.8/29
150.188.0.0/15
193.164.131.0/24
194.112.195.202
198.145.112.128/25
198.145.182.0/26
200.30.64.0/20
200.43.108.0/24
200.75.128.0/20
200.126.112.0/20
200.172.222.0/26
200.202.192.0/18
200.210.0.0/16
203.160.0.0/23
207.44.128.0/17
207.210.192.0/18
208.72.159.68
208.110.68.144/29
216.104.32.0/20

# Individual Proxy Server IPs
64.20.205.251
64.202.161.130
66.6.122.130
66.36.230.163
66.37.153.74
66.63.167.166
66.79.162.102
66.212.18.89
69.50.208.74
69.94.124.137
72.55.146.175
72.167.115.164
74.208.16.108
75.175.243.195
76.76.15.73
77.235.40.189
85.92.130.117
88.198.5.220
88.214.192.24
91.186.21.78
206.221.184.108
208.100.20.148
209.139.208.236

# ThePlanet.com and Everyones Internet; home of many spammers, hackers and trojan horses.
64.5.32.0/19
64.246.0.0/18
66.98.128.0/17
67.15.0.0/16
67.18.0.0/15
69.93.0.0/16
70.84.0.0/14
74.52.0.0/14
75.125.0.0/16
174.120.0.0/14
174.132.0.0/15
207.44.128.0/17
209.62.0.0/17
216.127.64.0/19

# Rackspace - Hackers, spammers, scammers and phishers
67.192.0.0/16
69.20.0.0/17
72.3.128.0/17
72.32.0.0/16
74.205.0.0/17

# Performance Systems International (PSI) (Spies) (entire CIDR = 38.0.0.0/8 - blocking this is not advised)
38.100.41.64/26

# Interbusiness.it - harvesters, content thieves and exploiters and scammers
79.15.0.0/16
79.22.0.0/15
79.29.0.0/16
80.117.0.0/16
80.180.0.0/16
82.184.0.0/16
82.185.0.0/16
85.39.0.0/16
87.8.0.0/15
87.28.0.0/15
94.82.0.0/15
95.234.0.0/15
If you find this blocklist useful, please Donate to Wizcrafts. Contributions from people like you, who benefit from these blocklists, will enable this work to continue.
Donate via PayPal
Want to download this iptables blocklist as a separate plain text file, but without any ads, nags, or HTML? I can provide direct access to my blocklists, in iptables format, ready to be imported into your APF rules. Wget is allowed for downloading my blocklists; server to server. Contact me via my Webmaster inquiries form with your details and the IP address of your server. I will setup direct access to the iptables text file for an annual fee of $104.00.

For webmasters lacking root access to their servers, we publish .htaccess format blocklists, for use on individual Apache-based websites. All you require is FTP or file manager upload access and the ability to see unhide and edit your .htaccess file, with "Mod_Access" Overrides.

See our .htaccess blocklists: Chinese Blocklist | Exploited Servers Blocklist | South American Blocklist | Nigerian Blocklist | Russian Blocklist

We can create custom blocklists for Linux/Apache based websites, based on your particular needs, at reasonable hourly rates. If you want to hire us to create a custom blocklist, or install a .htaccess blocklist on your server for you, contact us through our Webmaster Services contact form.

Mailwasher Pro

If you are tired of receiving spam, viruses and Phishing schemes in your personal computer's email inbox, why not give Mailwasher Pro a try? Mailwasher Pro is a program that intercepts and analyzes incoming email before it is delivered to your Eudora, IncrediMail, Outlook (Express), Thunderbird, or equivilant email client's inbox. Mailwasher uses a combination of Bayesian Learning Filters, a user controlled Whitelist and Blacklist, user created filters and rules, including regular expressions rules, DNS Blocklists like the Spamcop SBL, and the FirstAlert! Database of known spam as identified and reported by other Mailwasher Pro users around the World, to identify and deal with spam, scams, schemes and viruses. More details about MailWasher Pro.

(back to top)

This blocklist is compiled and maintained by Wizcrafts Computer Services. Use it at your own risk.
No warranties are implied or stated and we are not liable for any problems that may arise from it's use.
We provide Webmaster and website security consulting services on a freelance paid basis.
This page was last updated on: Friday, 12-Feb-2010 09:22:36 MST
If you wish to contribute new IP addresses to this list, or hire us install a custom .htaccess file for you, please contact us via our Webmaster inquiries form.