ISP-based anti-spam countermeasures

callmevlad · September 15, 2014, 5:41pm

We’ve had a persistent barrage of seemingly human spammers on http://forum.webflow.com that always post during daylight/working hours in Pakistan/India. It got so bad that we ended up writing a Selenium script to crawl through the recent users every 30 seconds, and auto-hide spammy-looking posts from new users who have suspicious account metrics.

We’ve had that script running for close to 2 weeks now, and it predictably finds (and now auto-bans) spammer accounts, using mostly the user’s ISP (found under the “Organization” heading in the “IP Lookup” popup).

Here’s an example of all the spam accounts our script identified last night: Cloudup

All of the spammers come from a small set of ISPs:

AS45595 Pakistan Telecom Company Limited
AS24560 Bharti Airtel Ltd., Telemedia Services
AS35662 Redstation Limited
AS7590 Commission on Science and Technology for
AS55740 TATA TELESERVICES LTD - TATA INDICOM - CDMA DIVISION
AS38547 WITRIBE PAKISTAN LIMITED
AS12586 GHOSTnet GmbH

Is anyone else seeing these types of spammers in your forums?

It would be great if we were able to specify as setting like suspect_spam_isps to e.g. AS45595, AS24560, AS35662, AS7590 and have Discourse forbid links inside posts for a 24 hour period for users who register via these ISPs. That would help us prevent spam posts altogether, instead of having to run after-the-fact scripts to clean things up.

codinghorror · September 16, 2014, 4:23am

Why don’t you just block signup via all IP ranges that these ISPs serve? You can easily block IP ranges via settings, logs, screened IPs. (and using the built in delete spammer function auto blocks the IP and email associated with the spammer)

callmevlad · September 16, 2014, 5:35am

Good point, I wasn’t actually aware that we could block entire ranges, so great to know! Thanks Jeff!

We are certainly banning each spammer’s IP address, but they use a different one every time - banning ranges makes a lot more sense. Initially, we wanted to be as permissive as possible, without leaving out possible legitimate users from those ISPs - but that’s less and less of a concern.

For those wondering how this is done, you can block ranges of IPs like this:

39.36.108.135
39.36.192.11
39.36.195.54
39.36.195.54
39.36.214.120
39.36.217.148
39.36.217.154
39.36.227.212

By entering “39.36.0.0/16” here:

This tool is useful for converting a start/end IP range into a CIDR which Discourse expects: http://www.ipaddressguide.com/cidr#range

codinghorror · September 16, 2014, 2:07pm

You can also enter

39.36.* or 39.36.*.*

And it will get converted to the correct value.

supermathie · September 16, 2014, 3:02pm

If you REALLY want to get a list of all prefixes announced by an AS, you need a view into the BGP table. You can accomplish this by using your own BGP router or a looking-glass server.

For example, here’s a list of all networks announced by AS45595:

route-views>sh ip bgp regexp 45595$
   Network          Next Hop            Metric LocPrf Weight Path
*> 39.32.0.0/18     154.11.63.85                           0 852 6453 5511 17557 45595 i
*> 39.32.0.0/11     154.11.63.85                           0 852 174 17557 45595 i
*> 39.32.64.0/18    154.11.63.85                           0 852 6453 5511 17557 45595 i
*> 39.32.128.0/17   154.11.63.85                           0 852 6453 5511 17557 45595 i
*> 39.33.0.0/17     154.11.63.85                           0 852 174 17557 45595 i
*> 39.34.0.0/17     154.11.63.85                           0 852 174 17557 45595 ?
*> 39.35.0.0/16     154.11.63.85                           0 852 174 17557 45595 ?
*> 39.36.0.0/16     154.11.63.85                           0 852 174 17557 45595 ?
*> 39.37.0.0/16     154.11.63.85                           0 852 174 17557 45595 ?
*> 39.40.0.0/13     154.11.63.85                           0 852 174 17557 45595 i
*> 39.41.128.0/18   154.11.63.85                           0 852 174 17557 45595 ?
*> 39.41.128.0/17   154.11.63.85                           0 852 174 17557 45595 ?
*> 39.41.192.0/18   154.11.63.85                           0 852 174 17557 45595 ?
*> 39.42.0.0/17     154.11.63.85                           0 852 174 17557 45595 ?
*> 39.42.0.0/16     154.11.63.85                           0 852 174 17557 45595 ?
*> 39.42.128.0/17   154.11.63.85                           0 852 174 17557 45595 ?
*> 39.43.0.0/17     154.11.63.85                           0 852 174 17557 45595 i
*> 39.44.0.0/16     154.11.63.85                           0 852 174 17557 45595 ?
*> 39.45.0.0/18     154.11.63.85                           0 852 7473 8966 8966 8966 8966 8966 8966 8966 17557 45595 ?
*> 39.45.0.0/17     154.11.63.85                           0 852 174 17557 45595 ?
*> 39.45.64.0/18    154.11.63.85                           0 852 7473 8966 8966 8966 8966 8966 8966 8966 17557 45595 ?
*> 39.45.128.0/17   154.11.63.85                           0 852 174 17557 45595 ?
*> 39.46.0.0/16     154.11.63.85                           0 852 174 17557 45595 i
*> 39.47.0.0/17     154.11.63.85                           0 852 174 17557 45595 ?
*> 39.47.128.0/17   154.11.63.85                           0 852 174 17557 45595 ?
*> 39.48.0.0/16     154.11.63.85                           0 852 2914 3356 17557 45595 i
*> 39.48.0.0/13     154.11.63.85                           0 852 174 17557 45595 i
*> 39.49.0.0/16     154.11.63.85                           0 852 174 17557 45595 i
*> 39.50.128.0/17   154.11.63.85                           0 852 174 17557 45595 ?
*> 39.51.0.0/17     154.11.63.85                           0 852 6453 5511 17557 45595 i
*> 39.51.128.0/19   154.11.63.85                           0 852 7473 17557 17557 17557 17557 17557 17557 17557 17557 17557 17557 17557 45595 i
*> 39.52.0.0/16     154.11.63.85                           0 852 6453 5511 17557 45595 i
*> 39.53.0.0/16     154.11.63.85                           0 852 6453 5511 17557 45595 i
*> 39.54.0.0/16     154.11.63.85                           0 852 6453 5511 17557 45595 i
*> 39.55.0.0/16     154.11.63.85                           0 852 174 17557 45595 ?
*> 39.56.40.0/22    154.11.63.85                           0 852 7473 17557 45595 i
*> 39.56.92.0/22    154.11.63.85                           0 852 7473 17557 45595 i
*> 39.56.96.0/22    154.11.63.85                           0 852 7473 17557 45595 i
*> 39.56.100.0/22   154.11.63.85                           0 852 7473 17557 45595 i
*> 39.56.128.0/17   154.11.63.85                           0 852 174 17557 45595 ?
*> 39.58.0.0/16     154.11.63.85                           0 852 174 17557 45595 ?
*> 39.59.0.0/16     154.11.63.85                           0 852 174 17557 45595 i
*> 39.62.160.0/19   154.11.63.85                           0 852 7473 17557 45595 ?
*> 39.62.192.0/19   154.11.63.85                           0 852 7473 17557 45595 ?
*> 39.62.224.0/19   154.11.63.85                           0 852 7473 17557 45595 ?
*> 39.63.64.0/19    154.11.63.85                           0 852 7473 17557 45595 ?
*> 39.63.96.0/19    154.11.63.85                           0 852 7473 17557 45595 ?
*> 39.63.128.0/19   154.11.63.85                           0 852 7473 17557 45595 ?
*> 59.103.0.0/19    154.11.63.85                           0 852 174 17557 45595 e
*> 59.103.48.0/20   154.11.63.85                           0 852 174 17557 45595 e
*> 59.103.63.0/24   154.11.63.85                           0 852 174 17557 45595 e
*> 59.103.64.0/24   154.11.63.85                           0 852 174 17557 45595 e
*> 59.103.65.0/24   154.11.63.85                           0 852 174 17557 45595 e
*> 59.103.66.0/24   154.11.63.85                           0 852 174 17557 45595 e
*> 59.103.67.0/24   154.11.63.85                           0 852 174 17557 45595 e
*> 59.103.68.0/24   154.11.63.85                           0 852 174 17557 45595 e
*> 59.103.69.0/24   154.11.63.85                           0 852 174 17557 45595 e
*> 59.103.70.0/24   154.11.63.85                           0 852 174 17557 45595 e
*> 59.103.71.0/24   154.11.63.85                           0 852 174 17557 45595 e
*> 59.103.72.0/24   154.11.63.85                           0 852 174 17557 45595 e
*> 59.103.73.0/24   154.11.63.85                           0 852 174 17557 45595 e
*> 59.103.74.0/24   154.11.63.85                           0 852 174 17557 45595 e
*> 59.103.75.0/24   154.11.63.85                           0 852 174 17557 45595 e
*> 59.103.76.0/24   154.11.63.85                           0 852 174 17557 45595 e
*> 59.103.90.0/24   154.11.63.85                           0 852 174 17557 45595 e
*> 59.103.91.0/24   154.11.63.85                           0 852 174 17557 45595 e
*> 59.103.92.0/24   154.11.63.85                           0 852 174 17557 45595 e
*> 59.103.93.0/24   154.11.63.85                           0 852 174 17557 45595 e
*> 59.103.94.0/24   154.11.63.85                           0 852 174 17557 45595 e
*> 59.103.95.0/24   154.11.63.85                           0 852 174 17557 45595 e
*> 59.103.96.0/24   154.11.63.85                           0 852 174 17557 45595 e
*> 59.103.97.0/24   154.11.63.85                           0 852 174 17557 45595 e
*> 59.103.98.0/24   154.11.63.85                           0 852 174 17557 45595 e
*> 59.103.99.0/24   154.11.63.85                           0 852 174 17557 45595 e
*> 59.103.128.0/24  154.11.63.85                           0 852 174 17557 45595 e
*> 59.103.129.0/24  154.11.63.85                           0 852 174 17557 45595 e
*> 59.103.132.0/22  154.11.63.85                           0 852 174 17557 45595 e
*> 59.103.144.0/21  154.11.63.85                           0 852 174 17557 45595 e
*> 59.103.151.0/24  154.11.63.85                           0 852 174 17557 45595 i
*> 59.103.155.0/24  154.11.63.85                           0 852 174 17557 45595 ?
*> 59.103.156.0/24  154.11.63.85                           0 852 174 17557 45595 ?
*> 59.103.157.0/24  154.11.63.85                           0 852 174 17557 45595 ?
*> 59.103.158.0/24  154.11.63.85                           0 852 174 17557 45595 ?
*> 59.103.159.0/24  154.11.63.85                           0 852 174 17557 45595 ?
*> 59.103.164.0/24  154.11.63.85                           0 852 174 17557 45595 ?
*> 59.103.165.0/24  154.11.63.85                           0 852 174 17557 45595 ?
*> 59.103.166.0/24  154.11.63.85                           0 852 174 17557 45595 ?
*> 59.103.167.0/24  154.11.63.85                           0 852 174 17557 45595 ?
*> 59.103.168.0/24  154.11.63.85                           0 852 174 17557 45595 e
*> 59.103.192.0/20  154.11.63.85                           0 852 174 17557 45595 i
*> 59.103.208.0/20  154.11.63.85                           0 852 174 17557 45595 i
*> 59.103.224.0/24  154.11.63.85                           0 852 174 17557 45595 e
*> 116.71.96.0/20   154.11.63.85                           0 852 174 17557 45595 ?
*> 116.71.160.0/20  154.11.63.85                           0 852 174 17557 45595 e
*> 116.71.176.0/20  154.11.63.85                           0 852 174 17557 45595 e
*> 116.71.192.0/18  154.11.63.85                           0 852 174 17557 45595 e
*> 116.71.243.0/24  154.11.63.85                           0 852 174 17557 45595 i
*> 116.71.244.0/24  154.11.63.85                           0 852 174 17557 45595 i
*> 116.71.251.0/24  154.11.63.85                           0 852 174 17557 45595 i
*> 119.152.0.0/22   154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.0.0/13   154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.4.0/22   154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.16.0/24  154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.18.0/24  154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.19.0/24  154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.21.0/24  154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.22.0/24  154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.23.0/24  154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.24.0/21  154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.32.0/21  154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.40.0/22  154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.48.0/24  154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.49.0/24  154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.50.0/24  154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.51.0/24  154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.52.0/24  154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.53.0/24  154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.54.0/24  154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.55.0/24  154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.56.0/24  154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.57.0/24  154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.58.0/24  154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.59.0/24  154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.60.0/24  154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.61.0/24  154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.62.0/24  154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.63.0/24  154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.64.0/21  154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.72.0/21  154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.80.0/22  154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.84.0/22  154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.88.0/21  154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.96.0/21  154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.104.0/21 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.112.0/21 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.120.0/22 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.127.0/24 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.128.0/24 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.129.0/24 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.130.0/24 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.131.0/24 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.132.0/24 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.133.0/24 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.134.0/24 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.135.0/24 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.136.0/24 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.137.0/24 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.138.0/24 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.139.0/24 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.140.0/24 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.141.0/24 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.142.0/24 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.144.0/22 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.148.0/22 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.152.0/22 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.156.0/22 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.160.0/22 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.164.0/22 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.168.0/22 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.172.0/22 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.176.0/22 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.180.0/22 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.184.0/22 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.188.0/22 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.192.0/22 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.196.0/22 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.200.0/22 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.204.0/22 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.208.0/22 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.212.0/22 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.216.0/22 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.220.0/22 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.224.0/22 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.228.0/22 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.232.0/22 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.236.0/22 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.240.0/22 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.244.0/23 154.11.63.85                           0 852 174 17557 45595 e
*> 119.152.246.0/24 154.11.63.85                           0 852 174 17557 45595 ?
*> 119.152.247.0/24 154.11.63.85                           0 852 174 17557 45595 ?
*> 119.152.255.0/24 154.11.63.85                           0 852 174 17557 45595 i
*> 119.153.0.0/18   154.11.63.85                           0 852 174 17557 45595 e
*> 119.153.64.0/20  154.11.63.85                           0 852 174 17557 45595 e
*> 119.153.80.0/24  154.11.63.85                           0 852 174 17557 45595 e
*> 119.153.80.0/20  154.11.63.85                           0 852 174 17557 45595 e
*> 119.153.96.0/19  154.11.63.85                           0 852 174 17557 45595 e
*> 119.153.128.0/19 154.11.63.85                           0 852 174 17557 45595 e
*> 119.153.160.0/22 154.11.63.85                           0 852 174 17557 45595 e
*> 119.153.164.0/22 154.11.63.85                           0 852 174 17557 45595 e
*> 119.153.168.0/22 154.11.63.85                           0 852 174 17557 45595 e
*> 119.153.172.0/22 154.11.63.85                           0 852 174 17557 45595 e
*> 119.153.176.0/22 154.11.63.85                           0 852 174 17557 45595 e
*> 119.153.180.0/22 154.11.63.85                           0 852 174 17557 45595 e
*> 119.153.184.0/22 154.11.63.85                           0 852 174 17557 45595 e
*> 119.153.188.0/22 154.11.63.85                           0 852 174 17557 45595 e
*> 119.153.192.0/22 154.11.63.85                           0 852 174 17557 45595 e
*> 119.153.196.0/22 154.11.63.85                           0 852 174 17557 45595 e
*> 119.153.200.0/22 154.11.63.85                           0 852 174 17557 45595 e
*> 119.153.204.0/22 154.11.63.85                           0 852 174 17557 45595 e
*> 119.154.0.0/17   154.11.63.85                           0 852 174 17557 45595 i
*> 119.154.128.0/19 154.11.63.85                           0 852 174 17557 45595 ?
*> 119.154.160.0/19 154.11.63.85                           0 852 174 17557 45595 ?
*> 119.154.192.0/19 154.11.63.85                           0 852 174 17557 45595 i
*> 119.154.224.0/19 154.11.63.85                           0 852 174 17557 45595 i
*> 119.155.0.0/20   154.11.63.85                           0 852 174 17557 45595 e
*> 119.155.16.0/21  154.11.63.85                           0 852 174 17557 45595 e
*> 119.155.24.0/21  154.11.63.85                           0 852 174 17557 45595 e
*> 119.155.32.0/21  154.11.63.85                           0 852 174 17557 45595 e
*> 119.155.40.0/21  154.11.63.85                           0 852 174 17557 45595 e
*> 119.155.48.0/21  154.11.63.85                           0 852 174 17557 45595 e
*> 119.155.56.0/21  154.11.63.85                           0 852 174 17557 45595 e
*> 119.155.64.0/21  154.11.63.85                           0 852 174 17557 45595 e
*> 119.155.72.0/21  154.11.63.85                           0 852 174 17557 45595 e
*> 119.155.80.0/21  154.11.63.85                           0 852 174 17557 45595 e
*> 119.155.88.0/21  154.11.63.85                           0 852 174 17557 45595 e
*> 119.155.96.0/21  154.11.63.85                           0 852 174 17557 45595 e
*> 119.155.112.0/21 154.11.63.85                           0 852 174 17557 45595 e
*> 119.155.120.0/21 154.11.63.85                           0 852 174 17557 45595 e
*> 119.155.128.0/21 154.11.63.85                           0 852 174 17557 45595 e
*> 119.155.153.0/24 154.11.63.85                           0 852 174 17557 45595 ?
*> 119.156.16.0/21  154.11.63.85                           0 852 174 17557 45595 i
*> 119.156.208.0/24 154.11.63.85                           0 852 174 17557 45595 ?
*> 119.156.210.0/24 154.11.63.85                           0 852 174 17557 45595 ?
*> 119.156.213.0/24 154.11.63.85                           0 852 174 17557 45595 i
*> 119.156.214.0/24 154.11.63.85                           0 852 174 17557 45595 i
*> 119.156.215.0/24 154.11.63.85                           0 852 174 17557 45595 ?
*> 119.156.216.0/24 154.11.63.85                           0 852 174 17557 45595 ?
*> 119.156.217.0/24 154.11.63.85                           0 852 174 17557 45595 ?
*> 119.156.218.0/24 154.11.63.85                           0 852 174 17557 45595 ?
*> 119.156.219.0/24 154.11.63.85                           0 852 174 17557 45595 ?
*> 119.156.220.0/24 154.11.63.85                           0 852 174 17557 45595 ?
*> 119.156.221.0/24 154.11.63.85                           0 852 174 17557 45595 ?
*> 119.156.255.0/24 154.11.63.85                           0 852 174 17557 45595 i
*> 119.157.0.0/18   154.11.63.85                           0 852 174 17557 45595 ?
*> 119.157.0.0/17   154.11.63.85                           0 852 174 17557 45595 i
*> 119.157.128.0/17 154.11.63.85                           0 852 174 17557 45595 i
*> 119.158.0.0/18   154.11.63.85                           0 852 174 17557 45595 i
*> 119.158.0.0/17   154.11.63.85                           0 852 174 17557 45595 45595 45595 45595 45595 45595 i
*> 119.158.96.0/19  154.11.63.85                           0 852 174 17557 45595 ?
*> 119.158.192.0/18 154.11.63.85                           0 852 174 17557 45595 i
*> 119.159.0.0/17   154.11.63.85                           0 852 174 17557 45595 i
*> 119.159.128.0/20 154.11.63.85                           0 852 174 17557 45595 ?
*> 119.159.152.0/21 154.11.63.85                           0 852 174 17557 45595 i
*> 119.159.160.0/20 154.11.63.85                           0 852 174 17557 45595 i
*> 119.159.176.0/20 154.11.63.85                           0 852 174 17557 45595 ?
*> 119.159.192.0/19 154.11.63.85                           0 852 174 17557 45595 i
*> 119.159.250.0/24 154.11.63.85                           0 852 174 17557 45595 i
*> 119.159.255.0/24 154.11.63.85                           0 852 174 17557 45595 i
*> 182.176.0.0/24   154.11.63.85                           0 852 174 17557 45595 i
*> 182.176.0.0/12   154.11.63.85                           0 852 174 17557 45595 i
*> 182.176.1.0/24   154.11.63.85                           0 852 174 17557 45595 i
*> 182.176.8.0/24   154.11.63.85                           0 852 174 17557 45595 i
*> 182.176.12.0/24  154.11.63.85                           0 852 174 17557 45595 i
*> 182.176.13.0/24  154.11.63.85                           0 852 174 17557 45595 i
*> 182.176.18.0/24  154.11.63.85                           0 852 174 17557 45595 i
*> 182.176.27.0/24  154.11.63.85                           0 852 174 17557 45595 i
*> 182.176.30.0/24  154.11.63.85                           0 852 174 17557 45595 i
*> 182.176.31.0/24  154.11.63.85                           0 852 174 17557 45595 i
*> 182.176.39.0/24  154.11.63.85                           0 852 174 17557 45595 i
*> 182.176.40.0/24  154.11.63.85                           0 852 174 17557 45595 i
*> 182.176.130.0/24 154.11.63.85                           0 852 174 17557 45595 i
*> 182.176.131.0/24 154.11.63.85                           0 852 174 17557 45595 i
*> 182.176.145.0/24 154.11.63.85                           0 852 174 17557 45595 i
*> 182.176.146.0/24 154.11.63.85                           0 852 174 17557 45595 i
*> 182.176.202.0/24 154.11.63.85                           0 852 174 17557 45595 i
*> 182.176.203.0/24 154.11.63.85                           0 852 174 17557 45595 i
*> 182.178.0.0/17   154.11.63.85                           0 852 2914 6762 17557 45595 i
*> 182.178.128.0/17 154.11.63.85                           0 852 174 17557 45595 ?
*> 182.179.64.0/18  154.11.63.85                           0 852 174 17557 45595 ?
*> 182.179.232.0/21 154.11.63.85                           0 852 174 17557 45595 ?
*> 182.180.0.0/20   154.11.63.85                           0 852 174 17557 45595 ?
*> 182.180.16.0/20  154.11.63.85                           0 852 174 17557 45595 ?
*> 182.180.32.0/20  154.11.63.85                           0 852 174 17557 45595 i
*> 182.180.64.0/18  154.11.63.85                           0 852 174 17557 45595 i
*> 182.180.126.0/24 154.11.63.85                           0 852 174 17557 45595 i
*> 182.180.143.0/24 154.11.63.85                           0 852 174 17557 45595 ?
*> 182.180.146.0/24 154.11.63.85                           0 852 174 17557 45595 ?
*> 182.180.147.0/24 154.11.63.85                           0 852 174 17557 45595 ?
*> 182.180.149.0/24 154.11.63.85                           0 852 174 17557 45595 ?
*> 182.180.152.0/24 154.11.63.85                           0 852 174 17557 45595 ?
*> 182.180.153.0/24 154.11.63.85                           0 852 174 17557 45595 ?
*> 182.180.188.0/24 154.11.63.85                           0 852 174 17557 45595 e
*> 182.180.224.0/20 154.11.63.85                           0 852 174 17557 45595 ?
*> 182.181.128.0/17 154.11.63.85                           0 852 2914 3356 17557 45595 i
*> 182.182.0.0/17   154.11.63.85                           0 852 174 17557 45595 ?
*> 182.183.128.0/17 154.11.63.85                           0 852 174 17557 45595 ?
*> 182.184.1.0/24   154.11.63.85                           0 852 174 17557 45595 i
*> 182.184.2.0/24   154.11.63.85                           0 852 174 17557 45595 i
*> 182.184.3.0/24   154.11.63.85                           0 852 174 17557 45595 i
*> 182.184.7.0/24   154.11.63.85                           0 852 174 17557 45595 i
*> 182.184.8.0/24   154.11.63.85                           0 852 174 17557 45595 i
*> 182.184.9.0/24   154.11.63.85                           0 852 174 17557 45595 i
*> 182.184.45.0/24  154.11.63.85                           0 852 174 17557 45595 i
*> 182.184.114.0/24 154.11.63.85                           0 852 174 17557 45595 ?
*> 182.184.123.0/24 154.11.63.85                           0 852 174 17557 45595 ?
*> 182.184.128.0/17 154.11.63.85                           0 852 174 17557 45595 ?
*> 182.185.0.0/19   154.11.63.85                           0 852 6453 5511 17557 45595 i
*> 182.185.0.0/17   154.11.63.85                           0 852 6453 5511 17557 45595 i
*> 182.185.32.0/19  154.11.63.85                           0 852 6453 5511 17557 45595 i
*> 182.185.64.0/19  154.11.63.85                           0 852 7473 8966 8966 8966 8966 8966 8966 8966 17557 45595 ?
*> 182.185.96.0/19  154.11.63.85                           0 852 7473 8966 8966 8966 8966 8966 8966 8966 17557 45595 ?
*> 182.185.128.0/18 154.11.63.85                           0 852 6453 6762 17557 45595 i
*> 182.185.128.0/17 154.11.63.85                           0 852 6453 5511 17557 45595 i
*> 182.186.0.0/17   154.11.63.85                           0 852 7473 17557 45595 ?
*> 182.186.128.0/17 154.11.63.85                           0 852 6453 6762 17557 45595 i
*> 182.187.0.0/18   154.11.63.85                           0 852 174 17557 45595 ?
*> 182.187.0.0/17   154.11.63.85                           0 852 174 17557 45595 ?
*> 182.187.64.0/18  154.11.63.85                           0 852 174 17557 45595 i
*> 182.187.144.0/20 154.11.63.85                           0 852 174 17557 45595 ?
*> 182.187.160.0/20 154.11.63.85                           0 852 174 17557 45595 ?
*> 182.187.176.0/20 154.11.63.85                           0 852 174 17557 45595 ?
*> 182.187.192.0/20 154.11.63.85                           0 852 174 17557 45595 ?
*> 182.187.208.0/20 154.11.63.85                           0 852 174 17557 45595 ?
*> 182.187.224.0/20 154.11.63.85                           0 852 174 17557 45595 ?
*> 182.187.240.0/20 154.11.63.85                           0 852 174 17557 45595 ?
*> 182.188.64.0/18  154.11.63.85                           0 852 174 17557 45595 e
*> 182.188.128.0/18 154.11.63.85                           0 852 174 17557 45595 i
*> 182.188.192.0/19 154.11.63.85                           0 852 174 17557 45595 i
*> 182.188.224.0/21 154.11.63.85                           0 852 174 17557 45595 i
*> 182.188.232.0/21 154.11.63.85                           0 852 174 17557 45595 i
*> 182.188.240.0/21 154.11.63.85                           0 852 174 17557 45595 i
*> 182.188.254.0/24 154.11.63.85                           0 852 174 17557 45595 i
*> 182.188.255.0/24 154.11.63.85                           0 852 174 17557 45595 i
*> 182.189.0.0/18   154.11.63.85                           0 852 174 17557 45595 i
*> 182.189.64.0/18  154.11.63.85                           0 852 174 17557 45595 i
*> 182.189.128.0/18 154.11.63.85                           0 852 174 17557 45595 i
*> 182.189.192.0/18 154.11.63.85                           0 852 174 17557 45595 i
*> 182.190.0.0/24   154.11.63.85                           0 852 174 17557 45595 i
*> 182.190.128.0/19 154.11.63.85                           0 852 174 17557 45595 i
*> 182.191.192.0/20 154.11.63.85                           0 852 174 17557 45595 i
*> 182.191.208.0/20 154.11.63.85                           0 852 174 17557 45595 ?
*> 203.99.160.0/19  154.11.63.85                           0 852 174 17557 45595 e
*> 203.99.165.0     154.11.63.85                           0 852 174 17557 45595 i
*> 203.99.166.0     154.11.63.85                           0 852 174 17557 45595 i
*> 203.99.167.0     154.11.63.85                           0 852 174 17557 45595 i
*> 203.128.252.0    154.11.63.85                           0 852 174 17557 45595 e
*> 203.128.254.0    154.11.63.85                           0 852 174 17557 45595 e
*> 203.128.255.0    154.11.63.85                           0 852 174 17557 45595 e
*> 203.135.11.0     154.11.63.85                           0 852 174 17557 45595 i
*> 203.135.13.0     154.11.63.85                           0 852 174 17557 45595 e
*> 203.135.16.0     154.11.63.85                           0 852 174 17557 45595 e
*> 203.135.20.0     154.11.63.85                           0 852 174 17557 45595 i
*> 203.135.24.0     154.11.63.85                           0 852 174 17557 45595 e
*> 203.135.25.0     154.11.63.85                           0 852 174 17557 45595 e
*> 203.135.26.0     154.11.63.85                           0 852 174 17557 45595 i
*> 203.135.30.0     154.11.63.85                           0 852 174 17557 45595 e
*> 203.135.33.0     154.11.63.85                           0 852 174 17557 45595 i
*> 203.135.34.0     154.11.63.85                           0 852 174 17557 45595 i
*> 203.135.35.0     154.11.63.85                           0 852 174 17557 45595 e
*> 203.135.36.0     154.11.63.85                           0 852 174 17557 45595 e
*> 203.135.37.0     154.11.63.85                           0 852 174 17557 45595 e
*> 203.135.38.0     154.11.63.85                           0 852 174 17557 45595 i
*> 203.135.41.0     154.11.63.85                           0 852 174 17557 45595 e
*> 203.135.43.0     154.11.63.85                           0 852 174 17557 45595 ?
*> 203.135.48.0     154.11.63.85                           0 852 174 17557 45595 ?
*> 203.135.49.0     154.11.63.85                           0 852 174 17557 45595 e
*> 203.135.50.0     154.11.63.85                           0 852 174 17557 45595 i
*> 203.135.54.0     154.11.63.85                           0 852 174 17557 45595 ?
*> 203.135.58.0     154.11.63.85                           0 852 174 17557 45595 ?

That’s 358 (unsummarized) entries for the AS alone. These aren’t summarized and you want to summarize the subnets before putting them into a block list or ACL.

And you’ll want to update the block list regularly, perhaps once a day. That’s a lot of ranges you’ll be blocking.

The best place for this (if you want to just block the traffic) is a firewall, not Discourse itself. You don’t want to kill performance for the legitimate users.

callmevlad · September 16, 2014, 3:23pm

I tried that first actually, but it doesn’t seem to work - shows a “Ip address is invalid” error:

codinghorror · September 16, 2014, 3:25pm

I don’t think you’d lose much by blocking 39.* honestly. Much easier too.

codinghorror · September 23, 2014, 7:35pm

Turns out I was wrong.

39.36.*

will not work, but

39.36.*.*

will… I asked @neil to provide support for both of those formats since I think both should work.

Mittineague · September 23, 2014, 10:08pm

This is very good news. I was under the impression that ranges would need to be in CIDR format eg.
xx.xx.xx.0/12
xx.xx.xx.0/16
xx.xx.xx.0/8

I doubt many even know about it let alone understand how to do this, heck, I still have trouble wrapping my head around it and I understand it.

neil · October 1, 2014, 1:59pm

Fixed! Entering strings like 39.* works now.

sam · August 11, 2015, 8:32am

We have done a lot to improve spam handling recently (be sure to update to latest), human spam is much harder and you also have akismet plugin.

The huge blocks should not be needed and leave a massive bad taste when invoked.

codinghorror · August 11, 2015, 4:45pm

Huge IP range blocks can be justified in this case since there is total overlap.

When the attackers come from a ton of different IPs, that is when IP blocks become unworkable.

strager · August 11, 2015, 10:03pm

Being able to block ranges is still relevant for reasons other than anti-spam. For example, in an enterprise environment you might have a mandate to block access to users from specific countries etc.

sam · August 11, 2015, 10:22pm

Sure, and we full support range blocks, we just don’t support AS blocks (which are multi range) so you need to add each range in the AS

Topic		Replies	Views
Lots of Spam New User Registrations? support	42	5283	April 7, 2020
Only allow user profiles for TL1 and above? feature	72	6918	August 14, 2015
Diagnosing spam attack of 100 topics feature	34	2755	May 29, 2017
Need assistance with massive amounts of spam support	14	963	June 10, 2023
Please add "spammer" as reason for user suspension ux moderation	15	1165	March 22, 2024

ISP-based anti-spam countermeasures

Related Topics