91.x.x.x/8 is banned.

I just spent a piece of my (very beautiful in Denver, tankuveddymuch) morning cleaning up after a r0dent hammered the hell out of’s webserver and brought a few things down. I don’t know if it was a DDoS targeted specifically at me, or at my hosting provider in general (it’s worth noting none of the other boxes at the same company seem impacted, however they are hosted in Texas where the webserver is in Northern California).

So, after getting things restarted, I went digging in my hosts.deny file. The great thing about running things like “Denyhosts” is you get a pretty clear picture of who the bad actors are. And one /8 keeps showing up in my hosts.deny file: 91./8. So, for the first time in my entire life of running (15 years and counting) I’ve banned an entire chunk of the Internet from even accessing my site.

The last time I did anything close to this was when I added to my apache configs as “personæ non gratæ”, and that was for a short time until their bot started behaving and doing reasonable crawls and not taking up a significant chunk of my entire monthly transit. However, in digging around a bit, 91./8 is responsible for almost 3% of all bogosity against servers. That’s a lot for one network, and it’s a lot for to bear.

So, effective immediately, 91./8 is permanently banned from servers. If you have a reason to be accessing anything on my personal network from that network please contact me via a Google service (ie. Gmail or Hangouts, or comment on the eventual propagation of this to G+) and I’ll whitelist your individual IP. Note that if you get a DHCP address that may change I will be very unlikely to whitelist multiple addresses or anything larger than a /26.

Leave a Reply