##### READ THIS BEFORE USING THE LISTS BELOW HERE!
### If your website, or dedicated server, has an IP address falling within the ones below and you use absolute URLs in your includes or links, those pages will be blocked from loading.
### If this occurs you should find the IP of your website, or server, and allow it, using the example form: allow from (your IP address(es))
### You can find your website's IP address by logging into your website's Control Panel (e.g. Cpanel, Plesk, vDeck, Ensim) and it should be displayed on the control panel home page.
### You can also run a Whois lookup, at - http://whois.domaintools.com - on your domain name, to see the IP where it is hosted.
### Example of a page that might be blocked: You use PHP (or SSI) includes for headers, navigation links, or footers, using this form: <php include('http://www.example.com/folder/filename');
### If your web server is covered by this blocklist the included page will get a 403 forbidden server status.
### If you host multiple web pages and they communicate with each other using http scripts, the communication will break if either is listed, unless you add "allow from" directives on each web site's blocklist, for the other's specific IP address(es).
### You can also avoid having your own includes or linked pages blocked, by using relative URLs instead. E.g: <php include('/folder/filename');
## Servers should not be contacting other servers, trying to spam or exploit them. That's how they got on these lists in the first place!
## There are a lot of commonly used web servers covered by the following "deny from" lists! Your website may be hosted on an IP in these blocklists.
#####################################################
# Exploited - shared, VPS and dedicated web servers, listed by the entire CIDR assigned to each hosting company. These are not ISPs or PCs. They are website hosting servers, parked domain hosts and datacenters, including Schlund AG and 1&1 Internet AG servers.
# The web servers blocked here are being used as proxy servers, or for harvesting, scraping, spamming, phishing, or hosting hostile scripts used to infect personal computers. As such they are threats to your website, even if you are with a host on this list.
deny from 24.172.171.18 38.100.22.104/29 38.100.22.112/28 38.100.22.128/26 62.21.96.0/22 62.75.202.0/24 62.141.48.0/20 62.141.56.0/21 64.15.138.160/27 64.20.32.0/19 64.22.64.0/18 64.27.0.0/19 64.34.176.0/20 64.38.0.0/18 64.91.224.0/19 64.92.199.0/24 64.92.200.0/24 64.118.80.0/20 64.120.4.0/22 64.182.0.0/16 64.185.224.0/20 64.191.0.0/17 65.23.153.0/24 65.23.154.0/24 65.36.128.0/17 65.98.0.0/17 65.99.201.0/25 65.167.19.30 65.182.188.0/22 66.7.192.0/19 66.35.39.128/25 66.38.130.192/26 66.49.128.0/17 66.79.160.0/19 66.90.64.0/18 66.116.125.0/24 66.148.64.0/18 66.154.0.0/18 66.154.64.0/19 66.160.144.128/25 66.160.186.0/24 66.186.36.195 66.197.128.0/17 66.199.224.0/19 66.225.212.0/22 66.232.96.0/19 66.232.136.0/21 66.235.160.0/19 66.235.192.0/19 67.131.248.0/24 67.159.0.0/18 67.205.69.32/27 67.228.0.0/16 69.13.0.0/16 69.16.192.0/18 69.31.40.0/21 69.31.80.0/21 69.50.160.0/19 69.60.111.0/24 69.64.64.0/20 69.65.0.0/18 69.65.20.0/22 69.73.128.0/18 69.93.241.192/27 69.175.0.0/18 70.38.0.0/17 70.87.208.34 72.9.224.0/19 72.18.150.0/23 72.21.32.0/19 72.22.64.0/19 72.29.64.0/19 72.32.0.0/16 72.36.128.0/17 72.36.168.153/29 72.51.32.0/20 72.52.116.40/29 72.52.128.0/17 72.55.128.0/18 72.232.0.0/16 72.233.0.0/17 72.249.32.0/23 74.50.0.0/20 74.50.96.0/19 74.63.64.0/18 74.86.0.0/16 74.124.192.0/24 74.200.192.0/18 74.208.15.0/24 74.208.16.0/24 74.208.64.0/19 76.74.173.0/24 77.92.88.0/23 77.130.0.0/16 77.232.66.0/23 78.46.0.0/15 78.129.208.0/24 79.32.0.0/15 79.135.160.0/19 80.67.25.0/24 80.67.27.0/24 80.69.92.0/25 80.86.80.0/20 80.92.64.0/19 80.237.128.0/17 81.19.183.0/27 81.29.70.0/24 81.169.144.0/20 82.61.0.0/16 82.98.128.0/18 82.99.30.0/25 82.165.0.0/16 82.208.60.0/22 83.65.62.0/24 83.98.209.0/24 83.149.90.0/24 83.170.82.0/23 83.170.84.0/22 83.233.30.0/24 83.233.165.0/24 84.19.176.0/20 85.8.128.0/18 85.10.192.0/18 85.17.0.0/16 85.18.0.0/16 85.25.0.0/16 85.88.0.0/19 85.113.224.0/19 85.114.140.0/22 85.119.152.0/21 85.158.181.0/24 87.106.0.0/16 87.118.64.0/18 87.118.96.0/19 87.230.0.0/20 87.237.60.64/27 87.253.128.0/19 87.253.176.0/21 88.84.128.0/19 88.191.0.0/16 88.198.16.0/20 88.198.32.0/19 88.208.238.0/24 89.138.0.0/16 89.149.192.0/18 89.163.128.0/17 89.202.128.0/17 89.238.75.0/24 89.238.76.0/24 89.245.192.0/18 89.248.172.0/23 91.121.0.0/16 91.186.0.0/19 91.192.116.0/22 91.214.44.0/22 92.48.64.0/18 92.48.65.0/24 92.48.112.64/26 92.56.0.0/16 92.243.8.0/21 93.174.88.0/21 94.75.229.0/24 94.76.206.2/31 94.102.48.0/20 95.143.192.0/24 96.31.64.0/19 123.242.229.0/24 151.1.0.0/16 174.34.144.0/23 174.127.132.154/26 193.164.132.0/23 193.192.58.0/23 193.200.193.0/24 193.254.184.0/24 194.8.74.0/23 194.116.186.0/23 195.35.82.0/23 195.56.55.0/28 195.56.189.32/28 195.225.176.0/22 195.234.171.0/24 195.242.98.0/23 200.63.40.0/22 204.13.64.0/21 205.177.79.0/24 205.234.96.0/20 205.234.132.0/24 206.51.224.0/20 206.188.0.0/26 206.190.65.128/25 206.225.0.0/19 207.58.128.0/18 207.150.188.0/24 207.234.128.0/17 208.43.0.0/16 208.53.128.0/18 208.66.68.0/22 208.66.194.160/28 208.71.128.0/22 208.72.159.68 208.99.192.0/19 208.100.0.0/18 208.101.0.0/18 208.109.0.0/16 208.112.107.20 208.184.65.0/24 209.2.34.112/28 209.9.240.0/21 209.25.128.0/17 209.34.196.64/26 209.40.192.0/20 209.41.160.0/19 209.51.128.0/19 209.59.167.50/31 209.66.122.0/24 209.85.0.0/17 209.97.192.0/19 209.126.128.0/17 209.160.0.0/18 209.160.64.0/20 209.163.169.0/24 209.172.32.0/19 209.200.0.0/18 209.205.0.0/18 212.34.128.0/19 212.241.182.240 213.165.64.0/19 213.194.149.0/24 213.225.101.128/27 216.17.96.0/20 216.32.64.0/19 216.67.244.0/24 216.93.160.0/19 216.104.37.120/29 216.120.224.0/19 216.180.224.0/19 216.182.224.0/20 216.185.128.0/24 216.242.44.96 216.245.192.0/20 216.255.176.0/20 217.20.208.0/20 217.70.128.0/22 217.70.132.0/23 217.148.93.128/26 217.169.46.96/28 217.172.187.0/24 217.197.152.0/24
### 2009 additions
# Feb 1: 212.241.182.240 - for numerous server exploits
# Feb 16: 66.79.160.0/19 - managedsg-inc.com - for spamming and exploits
# Mar 2: 70.38.71.128/27 - iWeb Dedicated CL2
# Mar 2: 77.232.66.0/23 - Servage.net - Hosting Segment H1
# Mar 2: 85.18.0.0/16 - Fastweb.it for numerous exploit probes
# Mar 12: 193.200.193.0/24 - vps4less.de, for spambots
# Mar 14: 89.245.192.0/18 - Veratel - for Copyright Sheriff
# Mar 14: 194.8.74.0/23 - Dragonara.net - for hostile probles and exploit attempts
# Mar 17: 195.35.82.0/23 - Fsdata-SE - for exploit probes
# Mar 29: 88.198.32.0/19 - Hetzner Online AG Datacenter - For exploit attacks
# Apr 08: 94.82.0.0/15 - InterBusiness.it - below
# Apr 13: 85.158.181.0/24 - HostProfis Colocation, in Austria, for exploit attacks
# Apr 17: 209.139.208.236 - Gowingo proxy service, under individual Proxy Server IPs
# May 16: 93.174.93.0/24 - Elcatel.net, in The Netherlands, for server email harvester attempts
# May 17: 67.192.0.0/16 - Another Rackspace CIDR
# May 17: 65.23.154.0/24 - Rackmounted DTT
# May 25: 89.238.75.0/24 and 89.238.76.0/24 - Dedicated server customers in Germany, for server exploit attacks
# May 31: 77.130.0.0/16 - Freenet in Germany, due to numerous blog spam attempts (failed because I have commenting turned off)
# June 3: 85.88.0.0/19 and 85.119.152.0/21 - in Germany, due to repeated log and email spam attacks
# June 30: 69.175.0.0/18 - Singlehop.com dedicated (exploited) servers
# July 3: 209.51.128.0/19 - Gnax.net - colocation, hosting resellers and dedicated servers launching lots of exploit attacks. Bad news host.
# July 5: 66.232.136.0/21 - Hostway Corp. in Korea
# July 6: 83.98.209.0/24 - Happy Hosting in Netherlands, for repetitive server exploit attacks
# July 6: 88.191.0.0/16 - exploited dedicated servers in France
# July 27: 212.34.128.0/19 - Ran Networks in Spain, for hack attacks
# Aug 9: 65.99.201.0/25 - Colo4 - Also Networks
# Aug 23: 208.100.0.0/18 - Steadfast.net, for exploit attacks from unconfigured servers
# Aug 31: 206.225.0.0/19 - US-NET-INCORPORATED, for targeted exploit attack
# Sept 7: 174.132.0.0/15 - added under "ThePlanet.com," below, an unconfigured server used in exploit attacks
# Sept 14: 91.214.44.0/22 - in Belize; AltusHost Inc., is also listed on the Spamhaus Block List as a known spam operation
# Sept 19: 94.76.206.2/31 - BlueConnex leased servers in the UK, used by spammers
# Sept 22: 83.233.30.0/24 - serverconnect.se, in Sweden, for repeated attempts to place "Referer" field investment spam
# Oct 20: 94.75.229.0/24 - LeaseWeb in the Netherlands, for repeated server php exploit attacks
# Oct 24: 76.74.173.0/24 - PEER1-VIRTUALLYDEDICATED, for server exploit attacks
# Oct 25: 209.34.196.64/26 - CF Webtools, for server exploit attacks
# Oct 25: 72.9.224.0/19 - GNAX.net, for repeated server exploit attacks from colocated, dedicated and VPS servers.
# Nov 14: 89.202.128.0/17 - exploit servers attacking my server, hosted in Italy
# Nov 14: 66.160.144.128/25 - Houston Internet Servers, for exploit attacks against my server
# Nov 16: 83.170.82.0/23 and 83.170.84.0/22 - UK2.net dedicated servers, for exploit attacks
# Nov 18: 64.120.4.0/22 - Ubiquity Servers - for trackback spam attacks
# Nov 18: 96.31.64.0/19 - Noc4Hosts - for attempted blog spam atacks
# Nov 19: 82.98.128.0/18 - DinaHosting in Spain, for exploit attacks
# Nov 19: 95.143.192.0/24 - serverconnect-dedicatedserver.net, in Sweden, for hosting spamvertised websites
# Nov 20: 174.34.144.0/23 - Ubiquity Servers - for blog spam attempts
# Nov 24: REMOVED 205.178.128.0/18 - Network Solutions
# Dec 4: 70.38.0.0/17 - iWeb Technologies, in Montreal, CA, for repeated hack attacks from leased servers
# Dec 7: 151.1.0.0/16 - ITNET-WAN - in Italy, for server exploit attacks
# Dec 18: 66.79.163.187 - a leased server running redirect scripts and posting blog spam trackbacks
# Dec 19: 208.43.0.0/16 - Softlayer.com - exploited, unconfigured Apache servers attacking my server - Apaches! Duck!
# Dec 23: 89.248.172.0/23 & 94.102.48.0/20 - Ecatel Dedicated and Co-location hosting services in Amsterdam, for referrer spam attacks
####### 2010
# Jan 5: 174.127.132.154/26 - Vanoppen.biz - sent harvesters, disregarded robots.txt prohibitions - caught in bad bot trap.
# Jan 11: 93.174.88.0/21 - ecatel.net - replacing 93.174.93.0/24 with wider CIDR of parent ISP after spam from colocated servers
# A server attempting to POST blog spam trackbacks and running a rotating redirection script
deny from 66.79.163.187
# Removed 82.165.128.0/17 from the exploited servers list on Jan 20, 2009 (Schlund US, including SIM.ORG)
allow from 82.165.128.0/17
# Technorail.com/aruba.it - hosting iframe SQL injection compromised Italian websites
deny from 62.149.128.0/17
# Interbusiness.it and Telecom Italia Net. Content Scrapers and scammers use these CIDRs
deny from 79.15.0.0/16 79.22.0.0/15 79.29.0.0/16 80.180.0.0/16 82.184.0.0/16 82.185.0.0/16 85.39.0.0/16 87.8.0.0/15 87.28.0.0/16 94.82.0.0/15
# Added CI Host - 64.182.0.0/16 - on 11/8/2008, due to compromised customer websites spamming my access logs
# Added SoftLayer's CIDR: 75.126.0.0/16 into the Proxy servers list, due to proxy servers exploiting my and my client's websites.
# Sorry LiquidWeb; you're now on my blocklist for numerous exploits coming from your servers. 64.91.224.0/19 and 69.16.192.0/18
# Proxy servers and services and hosting companies with proxy server clients, listed by the full CIDR of the hosting company.
deny from 61.206.125.0/24 62.171.194.0/23 75.126.0.0/16 80.33.0.0/16 80.58.0.0/16 81.12.0.0/17 83.16.154.152/29 85.10.219.104/29 85.92.130.0/24 85.185.0.0/16 88.198.241.104/29 88.198.252.144/29 145.253.239.8/29 150.188.0.0/15 193.164.131.0/24 194.112.195.202 198.145.112.128/25 198.145.182.0/26 200.30.64.0/20 200.43.108.0/24 200.75.128.0/20 200.126.112.0/20 200.172.222.0/26 200.202.192.0/18 200.210.0.0/16 203.160.0.0/23 207.44.128.0/17 207.210.192.0/18 208.110.68.144/29 216.104.32.0/20
# Individual Proxy Server IPs
deny from 64.20.205.251 64.202.161.130 66.6.122.130 66.36.230.163 66.37.153.74 66.63.167.166 66.79.162.102 66.212.18.89 69.50.208.74 69.94.124.137 72.55.146.175 72.167.115.164 74.208.16.108 75.175.243.195 76.76.15.73 77.235.40.189 85.92.130.117 88.198.5.220 88.214.192.24 91.186.21.78 206.221.184.108 208.100.20.148 209.139.208.236
# ThePlanet.com and Everyones Internet; home of many spammers, hackers and trojan horses. I will unblock these CIDRs when Hell freezes over!
deny from 64.5.32.0/19 64.246.0.0/18 66.98.128.0/17 67.15.0.0/16 67.18.0.0/15 69.93.0.0/16 70.84.0.0/14 74.52.0.0/14 75.125.0.0/16 174.132.0.0/15 207.44.128.0/17 209.62.0.0/17 216.127.64.0/19
# Rackspace - Hackers, spammers, scammers and phishers
deny from 67.192.0.0/16 69.20.0.0/17 72.3.128.0/17 72.32.0.0/16 74.205.0.0/17
# Performance Systems International (PSI) (Spies) (entire CIDR = 38.0.0.0/8 - blocking this is not advised)
deny from 38.100.41.64/26
#######################################################
# We occasionally move some of the individual proxy IP addresses into the Exploited Servers list, as their host's CIDR is confirmed as not belonging to an ISP.
# The IP addresses in this blocklist belong to various types of web hosting companies, server farms and datacenters.
# Add other blocked domain names or IP addresses here, starting with "deny from " without quotes
# If you find that you need to poke a hole in the blocklist for legitimate visitors, follow this example: allow from 123.456.789.0
# Add "allow from" IP addresses, or CIDR Ranges, after all of the "deny from" items, just before the closing Files tag.
# Everything not included within these deny from ranges is PERMITTED by the allow portion of the directive.
# If some or all of your own webpages are 403'd by this blocklist, place your server's IP address(es)s after "allow from" below, then remove the comment before it.
# allow from #your server's IP
</Files>
# This prevents web browsers or spiders from seeing your .htaccess directives:
<Files .htaccess>
deny from all
</Files>
# End of file
