Block Russian Blog Spammers, Server Exploiters and Content Harvesters with this Apache Server .htaccess Blocklist
The IP addresses and CIDR ranges in this blocklist deny access to Apache web servers from blog spammers and server exploiters in the former "Soviet Union."
Compiled by Wizcrafts Computer Services (see website links in footer)
I read my raw access logs every day and have found that the vast majority of blog spammers and access log spammers seem to be operating from ISPs and servers running scripts in what used to be called "The Soviet Union." I have complied a list of IP CIDRs belonging the the most prolific Russian, Ukrainian, Bulgarian, Romanian, Latvian, Estonian, Slovenian and Turkish blog spammers and have included it here. There are also some hostile website hosting companies based in these regions that are in this blocklist.
Please note that I have removed the exploited servers directives from this file and placed them into their own Exploited Servers Blocklist (see link below).
See our other .htaccess blocklists: Exploited Servers Blocklist | Nigerian Blocklist | Chinese-Korean Blocklist
These IP blocklists are also available in iptables format, for use in Linux based firewalls.
If you are just trying to block scams and spam from your email inbox, read this section.
Apache web servers use a special access control file named .htaccess, which uses a combination of directives to allow or deny access to files or folders on the server. The .htaccess file is also used to create custom redirect rules for files, folders and entire websites that have been moved, deleted, or are temporarily or permanently gone. The proper location for your .htaccess file is in the web root. This is typically a directory named public_html, or web, depending on your hosting company.
If you are running an Apache Server based website, with a blog or forum that is plagued by Russian or Ukrainian spammers, or exploiters, adding this DENY FROM list to your .htaccess file, in the web-root of your server, will block access to any person (or spam server) covered by a CIDR in this list. This includes DSL, Cable, and dialup ISPs, as well as web servers running hostile scripts. All of these IP addresses or CIDR blocks are listed here because they are hosts for websites containing malicious codes, pornography, or other "spamvertized" products, or spammers are using them to send undesirable email messages and viruses, or to leave spam comments on blogs, or are subverting website access logs with referrer spam messages.
The .htaccess file begins with a period, which makes it appear to have no prefix to Windows users. However, to a Unix based web server any file that begins with a period is considered a hidden system file. If you manage your website by using an FTP Client (program) to upload files it may require you to enter a special code, or check a box that allows hidden server files to be displayed. For example, WS_FTP (a very popular FTP Client) has a place to add the code -al (that is a lowercase L) in the startup configuration of sites that are added to the Site list. This code tells the server to display hidden files like .htaccess. If you are using WS_FTP open the Site Manager, create a website connection, or select an existing one (left click once), click the Edit button to open the Site Options, then click on the Startup link in Site Options. Find the input field named "Remote file mask" and type -al in it, then click OK to save the change. Now, when you log onto the website you will be able to view, edit, upload or download normally hidden files like .htaccess.
If you do not use an FTP Client to upload files, but are using a web-based control panel, it is entirely up to your web host as to whether or not you can view, alter, or upload .htaccess files.
Important Notice! Be careful when creating, editing, or pasting codes into a .htaccess file, because if you type an invalid term, directive, or character, or add an unescaped space in a regular expression, you may cause a Server 500 error to occur, locking everybody out of the website, except via FTP access (with login credentials).
The .htaccess file below, containing the Russian/Ukrainian Blocklist, has been tested and causes no errors on most Apache installations, but use it at your own risk. It is always a good idea to upload a new .htaccess file to a test directory and try to access a file in it from your browser. If you are not blocked from viewing the test file your .htaccess is probably good to go.
The rest of this page revolves around using the Apache module Mod_Access to block unwanted traffic from Russia, The Ukraine, Bulgaria, Romania and other former Soviet Block countries. If you do business with people in these countries through your website, using this list will not be a good idea, as it may block legitimate customers. If you don't know if a custom .htaccess file, or the use of Mod_Access is allowed/supported on your web server, ask the hosting company's support department (send an example of the code from here).
Add (copy and paste) this list to your existing .htaccess file on your Apache server, or copy all the content between the horizontal lines into a new text file, in Notepad (or equivilant), save as a plain .txt file, then rename it .htaccess, and upload it in ASCII mode to your web server, to the root directory where your publicly viewable html files reside (not above the public web root, nor in a sub-directory). This directory may be called /web or /public_html, etc.
We can create custom blocklists for Apache based websites, based on your particular needs, at reasonable hourly rates. If you want to hire us to create a custom blocklist, or install this .htaccess blocklist on your server for you, contact us through our Webmaster Services contact form.
And now, a word from one of our sponsors:
Lines beginning with the # sign are comments, and are not interpreted by the server. Comments (#) can be used to temporarily add or remove an IP address/block from the list.
Any IP address falling within a CIDR range covered by this list will be denied all access to your Apache server, except for the 403 - Access Forbidden - message.
Everything between the horizontal lines is .htaccess directives, comments (#) and IP deny lists. This list will be updated whenever a new ISP or server farm is traced to spammers in any of these countries, or an IP range is removed after further research (to protect the innocent). The last directive forbids web visitors from viewing your .htaccess file online, as a security measure.
Caution: Use this list at your own risk! If you misspell a directive, or add a space where there shouldn't be one, or remove the spaces between IP ranges, you may cause a Server 500 lockout error (stay logged into your FTP program just in case). Wizcrafts will not be responsible for any problems that may arise from the use of this blocklist.
This blocklist was last updated on Wednesday, 31-Dec-2008 10:06:43 PST
| Monitor this page for changes | Please Donate to Wizcrafts ? | |
<Files *> order deny,allow # Russia, Ukraine, Bulgaria, Romania, Latvia, Estonia, Kazakstan, Moldavia/Moldova, Poland, Serbia & Slovakia deny from 62.76.126.0/24 62.85.0.0/17 62.133.128.0/19 62.168.224.0/19 62.213.64.0/18 62.233.142.0/26 70.85.189.224/29 77.37.128.0/17 77.41.0.0/17 77.43.128.0/17 77.45.128.0/17 77.51.0.0/18 77.51.64.0/18 77.75.8.0/21 77.79.244.0/22 77.87.152.0/21 77.88.0.0/18 77.91.224.0/21 77.94.124.0/22 77.120.0.0/14 77.221.128.0/19 77.234.0.0/19 77.244.208.0/20 78.26.128.0/18 78.36.0.0/15 78.85.0.0/16 78.96.0.0/15 78.106.0.0/15 78.110.160.0/20 78.129.128.0/17 78.157.128.0/19 79.111.0.0/16 79.120.0.0/17 79.126.0.0/18 79.139.128.0/17 79.140.160.0/20 80.48.0.0/13 80.71.240.0/20 80.73.64.0/21 80.77.80.0/24 80.85.176.0/20 80.86.96.0/19 80.86.240.0/21 80.233.128.0/17 80.235.0.0/17 81.5.96.0/20 81.9.0.0/20 81.16.80.0/20 81.19.64.0/19 81.21.0.0/20 81.30.176.0/20 81.88.208.0/20 81.90.224.0/20 81.95.144.0/20 81.176.0.0/15 81.181.16.0/22 81.195.0.0/16 81.196.0.0/16 81.200.0.0/20 81.222.128.0/20 82.76.0.0/14 82.103.64.0/18 82.114.224.0/19 82.138.6.128/25 82.138.32.0/19 82.140.64.0/18 82.144.192.0/19 82.146.56.0/21 82.151.112.0/21 82.160.203.0/24 82.179.160.0/20 82.204.128.0/17 83.19.145.232/29 83.174.192.0/18 83.219.129.0/24 83.222.0.0/19 83.237.0.0/16 84.51.64.0/19 85.14.35.0/24 85.21.0.0/16 85.29.192.0/18 85.93.32.0/19 85.94.0.0/19 85.112.112.0/20 85.140.0.0/15 85.142.0.0/15 85.192.60.0/23 85.204.24.0/23 85.249.128.0/19 85.255.112.0/20 86.34.0.0/16 86.57.128.0/17 86.125.88.0/21 86.127.19.0/24 87.99.64.0/19 87.103.192.0/20 87.103.208.0/20 87.110.0.0/16 87.117.0.0/18 87.118.128.0/18 87.119.224.0/19 87.120.16.0/20 87.204.0.0/15 87.226.0.0/17 87.242.116.0/23 87.248.160.0/19 87.253.192.0/19 88.147.128.0/17 88.200.128.0/17 88.201.128.0/17 88.212.192.0/18 89.20.128.0/19 89.28.0.0/17 89.32.152.0/21 89.35.64.0/21 89.37.144.0/21 89.38.112.0/20 89.38.128.0/21 89.41.176.0/20 89.44.142.0/23 89.106.96.0/19 89.187.48.0/23 89.108.64.0/19 89.109.0.0/18 89.110.0.0/18 89.110.64.0/18 89.111.176.0/20 89.113.72.0/21 89.114.54.0/23 89.122.0.0/16 89.123.0.0/16 89.175.0.0/16 89.178.0.0/15 89.187.49.0/24 89.190.224.0/19 89.208.160.0/19 89.218.0.0/16 89.251.96.0/20 89.253.0.0/18 90.150.112.0/20 90.150.128.0/20 90.151.128.0/20 90.156.128.0/17 91.76.0.0/14 91.122.0.0/16 91.123.0.0/19 91.124.0.0/16 91.143.160.0/20 91.193.140.0/22 91.197.128.0/22 91.200.228.0/22 91.203.92.0/22 91.205.124.0/22 91.208.228.0/24 92.36.0.0/17 92.48.126.128/25 92.53.104.0/22 92.80.0.0/14 92.82.0.0/16 92.83.0.0/16 92.84.0.0/16 92.112.0.0/15 92.114.128.0/17 92.124.0.0/14 92.241.160.0/19 92.244.224.0/19 92.255.0.0/16 93.80.0.0/15 93.92.32.0/21 93.120.128.0/18 94.50.0.0/15 94.103.80.0/20 94.176.96.0/24 95.24.0.0/13 141.85.0.0/16 158.197.0.0/16 160.99.0.0/16 192.129.3.0/24 193.39.113.0/24 193.47.166.0/24 193.108.248.0/22 193.178.144.0/22 193.178.228.0/23 193.200.50.0/23 193.223.101.0/24 193.230.232.0/24 194.44.36.0/24 194.85.90.0/23 194.102.114.0/24 194.181.0.0/16 194.186.0.0/16 195.2.96.0/19 195.2.252.0/23 195.3.148.0/22 195.5.116.0/23 195.28.32.0/19 195.34.224.0/19 195.42.160.0/19 195.60.174.0/23 195.93.218.0/23 195.93.218.0/24 195.95.218.0/23 195.95.228.0/23 195.112.96.0/19 195.128.16.0/22 195.128.48.0/21 195.131.0.0/16 195.137.200.0/23 195.138.64.0/19 195.138.198.0/24 195.189.246.0/23 195.190.13.0/24 195.208.0.0/15 195.209.32.0/19 195.225.64.0/22 195.225.176.0/22 195.239.0.0/16 195.242.98.0/23 195.242.232.0/22 195.244.128.128/25 195.245.112.0/23 195.245.208.0/24 204.9.184.0/21 212.9.224.0/19 212.24.32.0/19 212.33.224.0/19 212.44.64.0/20 212.44.80.0/22 212.44.128.0/19 212.58.192.0/19 212.92.128.0/18 212.118.32.0/19 212.158.160.0/20 213.35.224.0/23 213.91.128.0/17 213.140.96.0/19 213.142.192.0/19 213.154.192.0/19 213.156.192.0/24 213.215.64.0/18 213.233.101.0/24 213.242.12.0/22 213.248.0.0/18 217.12.240.0/20 217.16.16.0/20 217.28.208.0/21 217.67.16.0/20 217.77.208.0/20 217.106.0.0/15 217.114.224.0/20 217.146.240.0/20 217.149.240.0/20 217.174.96.0/20 # Turkish universities, web hosts and Turk Telekom customers - scammers, spammers, phishing websites and server script exploiters: deny from 77.79.64.0/18 78.160.0.0/11 79.135.160.0/19 81.213.0.0/16 81.214.0.0/16 81.215.0.0/16 82.222.0.0/16 85.96.0.0/12 85.100.128.0/17 85.101.0.0/17 85.103.0.0/17 85.105.0.0/17 85.110.0.0/16 88.226.0.0/16 88.229.0.0/16 88.231.0.0/16 88.232.0.0/16 88.233.0.0/16 88.234.0.0/16 88.238.0.0/16 88.239.0.0/17 88.241.128.0/17 88.243.0.0/17 88.245.0.0/16 88.247.128.0/17 88.248.0.0/13 89.106.0.0/19 89.113.72.0/21 160.75.0.0/16 194.27.48.0/23 195.174.0.0/15 195.175.0.0/17 212.174.113.0/24 212.175.0.0/16 ### NOTICE! The Exploited Servers and Proxies are now in their own blocklist. # Add other blocked domain names or IP addresses here, starting with "deny from " without quotes # If you find that you need to poke a hole in the blocklist, for legitimate visitors, follow this example: allow from 123.456.789.0 # Add "allow from" IP addresses, or CIDR Ranges, after all of the "deny from" items, just before the closing Files tag. # Everything not included within these deny from ranges is PERMITTED by the allow portion of the directive. # Place friendly IPs, caught by the blocklists, after "allow from" below, then remove the comment before it. # allow from </Files> # This prevents web browsers or spiders from seeing your .htaccess directives: <Files .htaccess> deny from all </Files> # End of file
If you find these blocklists useful, please Donate to Wizcrafts. Contributions from people like you, who benefit from these blocklists, will enable this work to continue. Donate via PayPal
Anti-Spam email filtering solutions for companies and end-users
If you are tired of receiving spam, viruses and Phishing schemes in your personal computer's email inbox, why not give Mailwasher Pro a try? Mailwasher Pro is a program that intercepts and analyzes incoming email before it is delivered to your Eudora, IncrediMail, Outlook (Express), Thunderbird, or equivilant email client's inbox. Mailwasher uses a combination of Bayesian Learning Filters, a user controlled Whitelist and Blacklist, user created filters and rules, including regular expressions rules, DNS Blocklists like the Spamcop SBL, and the FirstAlert! Database of known spam as identified and reported by other Mailwasher Pro users around the World, to identify and deal with spam, scams, schemes and viruses. More details about MailWasher Pro.
This blocklist is compiled and maintained by Wizcrafts Computer Services. Use it at your own risk.
No warranties are implied or stated and we are not liable for any problems that may arise from it's use.
We provide Webmaster and website security consulting services on a freelance paid basis.
This page was last updated on: Wednesday, 31-Dec-2008 10:06:43 PST
If you wish to contribute new IP addresses to this list, or hire us install a custom .htaccess file for you, please contact us via our Webmaster inquiries form.