I have been doing log audits every week for the last 3 years on the websites I manage. I noticed that there are a lot of repeat offenders that try stuff on servers I manage.
Major problem with reporting IP’s is the amount of time it takes to do a report and the 0% response from the server hosts. They either ask for 1000s of questions to submit 1 IP address, don’t react to the reports because most of their “customers” are hackers or just plain send no response back.
Blocking IPs was not making a dent in the malicious traffic, so I decided to block whole ASN to stop bad traffic from hosts who don’t care what kind of traffic their “clients” create.
I decided to share my top 20 ASN that sent malicious or unwanted traffic in those last 3 years. This list contains just plain bad traffic, scrapers, bad bots, hackers, bad vpn providers and so on.
*** If you do add these, please make sure you are not blocking services that connect to your website for a legitimate reason. The list is provided AS IS. I take no responsibility for any damages.
Block list:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | AS14061 - DIGITALOCEAN-ASN AS39572 - ADVANCEDHOSTERS-AS AS24940 - HETZNER-AS AS4837 - CHINA169-BACKBONE CHINA UNICOM China169 Backbone AS37963 - CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd. AS58453 - CMI-INT-HK Level 30, Tower 1 AS17964 - DXTNET Beijing Dian-Xin-Tong Network Technologies Co., Ltd., CN AS45090 - CNNIC-TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN AS45899 - VNPT-AS-VN VNPT Corp AS9299 - IPG-AS-AP Philippine Long Distance Telephone Company AS10439 - CARINET - CariNet, Inc. AS38814 - MEGA-VANTAGE-AS-AP MEGA VANTAGE INFORMATION TECHNOLOGY (HONG KONG) LIMITED AS16276 - OVH AS15895 - KSNET-AS AS29182 - THEFIRST-AS AS50113 - SUPERSERVERSDATACENTER AS9009 - M247 AS46606 - UNIFIEDLAYER-AS-1 - Unified Layer AS38814 - MEGA-VANTAGE-AS-AP MEGA VANTAGE INFORMATION TECHNOLOGY (HONG KONG) LIMITED, HK AS15149 - EZZI-101-BGP - Access Integrated Technologies, Inc., US |
There is also a list of maybe’s. It has Amazon’s ASN and Godaddy’s. I would be careful blocking these, as half of Internet’s services run on those servers.
A “maybe” blocklist:
1 2 | AS14618 - AMAZON-AES AS26496 - AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC |
You can generate an .htaccess ASN block list by using this tool: https://www.enjen.net/asn-blocklist/index.php?asn=AS16276&type=htaccess