Block Russian Blog Spammers, Server Exploiters, Russian Botnet C&C servers and Content Harvesters with this Apache Server .htaccess Blocklist

The IP addresses and CIDR ranges in this blocklist deny access to Apache web servers from blog spammers and server exploiters in the former "Soviet Union."

Compiled by Wizcrafts Computer Services

If your website is running on Apache 2.4 or newer, use version 2.4x of this blocklist.

I know the rest of the details. Take me to the blocklist section!

Wiz Feinberg

I read my raw access logs every day and have found that the vast majority of blog spammers and access log spammers seem to be operating from ISPs and servers running scripts in what used to be called "The Soviet Union." I have complied a list of IP CIDRs belonging the the most prolific Russian, Ukrainian, Bulgarian, Romanian, Latvian, Estonian, Slovenian and Turkish blog spammers and have included it here. There are also some hostile website hosting companies based in these regions that are in this blocklist.

Please note that I have removed the exploited servers directives from this file and placed them into their own Exploited Servers Blocklist (see link below).

See our other .htaccess blocklists: Nigerian Blocklist | Chinese-Korean Blocklist | South American Blocklist

If you are just trying to block scams and spam from your email inbox, read this section.

Apache web servers use a special access control file named .htaccess, which uses a combination of directives to allow or deny access to files or folders on the server. The .htaccess file is also used to create custom redirect rules for files, folders and entire websites that have been moved, deleted, or are temporarily or permanently gone. The proper location for your .htaccess file is in the web root. This is typically a directory named public_html, or web, depending on your hosting company.

If you are running an Apache Server based website, with a blog or forum that is plagued by Russian or Ukrainian spammers, or exploiters, adding this DENY FROM list to your .htaccess file, in the web-root of your server, will block access to any person (or spam server) covered by a CIDR in this list. This includes DSL, Cable, and dialup ISPs, as well as web servers running hostile scripts. All of these IP addresses or CIDR blocks are listed here because they are hosts for websites containing malicious codes, pornography, or other "spamvertized" products, or spammers are using them to send undesirable email messages and viruses, or to leave spam comments on blogs, or are subverting website access logs with referrer spam messages.

The .htaccess file begins with a period, which makes it appear to have no prefix to Windows users. However, to a Unix based web server any file that begins with a period is considered a hidden system file. If you manage your website by using an FTP Client (program) to upload files it may require you to enter a special code, or check a box that allows hidden server files to be displayed. For example, WS_FTP (a very popular FTP Client) has a place to add the code -al (that is a lowercase L) in the startup configuration of sites that are added to the Site list. This code tells the server to display hidden files like .htaccess. If you are using WS_FTP open the Site Manager, create a website connection, or select an existing one (left click once), click the Edit button to open the Site Options, then click on the Startup link in Site Options. Find the input field named "Remote file mask" and type -al in it, then click OK to save the change. Now, when you log onto the website you will be able to view, edit, upload or download normally hidden files like .htaccess.

If you do not use an FTP Client to upload files, but are using a web-based control panel, it is entirely up to your web host as to whether or not you can view, alter, or upload .htaccess files.

Important Notice! Be careful when creating, editing, or pasting codes into a .htaccess file, because if you type an invalid term, directive, or character, or add an unescaped space in a regular expression, you may cause a Server 500 error to occur, locking everybody out of the website, except via FTP access (with login credentials).

The .htaccess file below, containing the Russian/Ukrainian Blocklist, has been tested and causes no errors on most Apache installations, but use it at your own risk. It is always a good idea to upload a new .htaccess file to a test directory and try to access a file in it from your browser. If you are not blocked from viewing the test file your .htaccess is probably good to go.

The rest of this page revolves around using the Apache module mod_authz_host to block unwanted traffic from Russia, The Ukraine, Bulgaria, Romania and other former Soviet Block countries. If you do business with people in these countries through your website, using this list will not be a good idea, as it may block legitimate customers. If you don't know if a custom .htaccess file, or the use of mod_authz_host is allowed/supported on your web server, ask the hosting company's support department (send an example of the code from here).

Add (copy and paste) this list to your existing .htaccess file on your Apache server, or copy all the content between the horizontal lines into a new text file, in Notepad (or equivilant), save as a plain .txt file, then rename it .htaccess, and upload it in ASCII mode to your web server, to the root directory where your publicly viewable html files reside (not above the public web root, nor in a sub-directory). This directory may be called /web or /public_html, etc.

We can create custom blocklists for Apache based websites, based on your particular needs, at reasonable hourly rates. If you want to hire us to create a custom blocklist, or install this .htaccess blocklist on your server for you, contact us through our Webmaster Services contact form.

Lines beginning with the # sign are comments, and are not interpreted by the server. Comments (#) can be used to temporarily add or remove an IP address/block from the list.

Any IP address falling within a CIDR range covered by this list will be denied all access to your Apache server, except for the 403 - Access Forbidden - message.

Everything between the horizontal lines is .htaccess directives, comments (#) and IP deny lists. This list will be updated whenever a new ISP or server farm is traced to spammers in any of these countries, or an IP range is removed after further research (to protect the innocent). The last directive forbids web visitors from viewing your .htaccess file online, as a security measure.

This blocklist was last updated on Sunday, 24-Mar-2024 13:45:34 CDT

If you find these blocklists useful, please Donate via PayPal.

Highlight and copy instructions

Please note, that in order to comply with Google indexing and mobile device accessibility best practices, the blocklist below is word wrapped so that this page can be displayed correctly on small screen devices. When you copy and paste it into your .htacess file it will be formatted properly, with each line beginning with the correct wording (<Files *>, deny from, require not ip, or a #comment).

Computers with mouse pointers:


With the text highlighted, Press the CTRL and C keys to copy the selected text to your clipboard. If you already have a .htaccess file you can paste in the changes (CTRL and V keys), replacing the previous blocklist. If not, create a new plain text file (not rich text), paste in the blocklist and save it as htaccess.txt. Then rename the file: ".htaccess" - without a prefix before the dot. Always save a backup copy of your working .htaccess before altering it.

Got a touch screen only device?

For touch screens, which lack mouse and right click options, press and hold down your finger at the beginning of the blocklist text, just above <Files *>. A pair of "Copy bars" should appear. With the left Copy bar at the top of file, lift your finger and pull down on the right Copy bar to highlight the entire contents of the blocklist (to "End of file"), and let go. Or, just select portions you wish to replace. When the text options menu opens, press Copy. Paste the contents into the target editable document (or email) using a similar press/hold technique.

If you find these blocklists useful, please Donate to Wizcrafts. Contributions from people like you, who benefit from these blocklists, will enable this work to continue. This especially includes Wget users!
Anti-Spam email filtering solutions for companies and end-users

Mailwasher Pro If you are tired of receiving spam, viruses and Phishing schemes in your personal computer's email inbox, why not give Mailwasher Pro a try? Mailwasher Pro is a program that intercepts and analyzes incoming email before it is delivered to your Microsoft Outlook, Thunderbird, Windows Live Mail, Windows 10 Mail App, or equivilant email client's inbox. Mailwasher uses a combination of Bayesian Learning Filters, a user controlled Whitelist and Blacklist, user created filters and rules, including regular expressions rules, DNS Blocklists like the Spamcop SBL, and the FirstAlert! Database of known spam as identified and reported by other Mailwasher Pro users around the World, to identify and deal with spam, scams, schemes and viruses. Learn more details about MailWasher Pro.

(back to top)

This blocklist is compiled and maintained by Wizcrafts Computer Services. Webmasters are free to use it at their own risk.

2024.

Note, that We are just a publisher of blocklists, not a blocking service, We have no knowledge of or control over who uses our blocklists.

All articles, text, and non-advertising images on this website are the property of Wizcrafts Computer Services, ©2000 -

No warranties are implied or stated and we are not liable for any problems that may arise from it's use.

We provide Webmaster and website security consulting services on a freelance paid basis.

If you wish to contribute new IP addresses to this list, or hire us install a custom .htaccess file for you, please contact us here.

Our web hosting is provided by Hostgator, whom we highly recommend.

This web page contains affiliate advertising links to third party companies, products, services and ad networks. I may receive commissions for sales or referrals to these third party websites to help cover my costs.

This page was last updated on: Sunday, 24-Mar-2024 13:45:34 CDT