Category Archives: spam

failed login record:

the following login failures were counted on my server last month:

1167 from admin
938 from [login]
25 from przxqgl
11 from user
10 from root
6 from test

to reiterate what is now on my sidebar, my login is NOT “[login]”, “login”, “admin” or “przxqgl” — or “user”, or “root”, or “test” — and i automatically block the IP ranges of anyone who tries to guess my login, so you might as well try to break into someone else’s shit, ’cause it’s not happening here. 😒

why??? 🤷

why do people who use IPVanish still try to crack my web sites?

why do people who use IPVanish seem to think that i WOULDN’T have a 30-character passphrase and 2FA enabled on my web sites?

why do people who use IPVanish STILL try “Admin123” and other idiotically simple logins from easily tracable IP addresses (despite IPVanish)?? 😕😒

what i know

this morning, my wife got what appeared to be a “legitimate” email, but it was delivered to my spam box.

here’s what i know:

it purports to be from the “Colorado State University” department of “Veterinary Continuing Education”, with the URI “CSUvetCE dot com”.

it was delivered by way of an open relay in germany, using at least two other open relays in other, eastern european countries.

my wife CLAIMS that the “Colorado State University, Department of Veterinary Continuing Education” is a legitimate business for which several of her colleagues work.

there is an EXTREMELY good chance that, if someone from the “Colorado State University, Department of Veterinary Continuing Education” were to send my wife an email message, it would come through the mailservers at colorado state university, IN COLORADO, and NOT through several open relays in other countries.

it was addressed to my wife, using an email address for ME, which i haven’t used in at least 5 years.

when i visited the “manage my subscriptions” page at “CSUvetCE dot com”, it listed my wife’s name, only her last name was in the “first name” slot, and her first name was in the “last name” slot, followed by my email address, the physical address where she works, except that instead of being on mercer island, it was listed as being in “medina”, which is a suburb of bellevue, about ten miles away from the actual address location, on the mainland. and, it listed the zip code as being the one where we currently live, which is neither mercer island, nor medina.

the same “manage my subscriptions” page has her listed as the “chief executive officer” of “at home veterinary services”. she does NOT work for “at home veterinary services”, and she is NOT the “chief executive officer”.

when i tried to change the “STATUS” of her subscription from “subscribed” to “unsubscribed”, it didn’t work. i tried it multiple times, and every time the page reloaded, the status said “subscribed”.

so i checked… “CSU” is CHICAGO state university, and their URI is “CSU.EDU”. COLORADO state university’s URI is “colostate.edu”, and the ACTUAL “Colorado State University, Department of Veterinary Continuing Education” is at “cvmbs.colostate.edu”.

now, i don’t KNOW whether or not “CSUvetCE dot com” is a spammer scam or not, but i know that EVERYTHING i have found so far leads me to the conclusion that it is a spammer scam. 😒

also i don’t know why someone would go to SO! MUCH! TROUBLE! to put together a web site that tries its DAMNEDEST to look like a legitimate business, just to lure the relatively few people who are in the veterinary industry into submitting their information to a spam list.

but, as i said… EVERYTHING i have found so far leads me to the conclusion that it’s PRECISELY what they have done…

weird.

ETA: okay, this is getting weirder now… after a bit more poking around, i found an announcement on this page which appears to indicate that CSUvetCE dot com is, in fact, a legitimate page, and not a spammer scam… which, then, makes me wonder EVEN MORE about why the email was sent via open relays to an address that had OBVIOUSLY been scraped from who knows where… like… does the Colorado State University Department of Veterinary Continuing Education care THAT LITTLE about the ethics of the emails they’re sending out? do they even CARE?? 😒

ETA, part 2: i wrote to them, asking why they have a scraped address on a form that doesn’t work. their response said they couldn’t find that address on their mailing list. i wrote back with all the details, including a screen shot and a URI to the spot they said they couldn’t find. they haven’t responded… yet…

i’m back to thinking that this might be a spammer scam masquerading as a legitimate business, and the legitimate business doesn’t have the first clue what is going on. 😒

damn right they’re blocked! 🤬

i got the following notification from my anti-cracker service:

A user with IP addr 2001:41d0:305:1000::1250 has been locked out from signing in or using the password recovery form for the following reason: Used an invalid username '[login]' to try to sign in.
The duration of the lockout is 2 months.
User IP: 2001:41d0:305:1000::1250
User hostname: hr914433990.reseller.mis.ovh.net
User location: France

i’ve been seeing these login attempts using “[login]” for some time now — and why, in the name of all that’s holy, would ANYONE use, or allow another person to use “[login]” as a username, is beyond my limited imagination, but that’s not the main reason this notification caught my eye…

it’s because of the user hostname, which is a reseller host at ovh.net 🙄

i’ve been dealing with spam and cracking attempts from OVH for AT LEAST ten years. unfortunately, it’s nothing new… but this is the first time they’ve tried to get around my blocks by using an IPv6 address.

and it wasn’t OVH directly, it was a reseller, but the fact is still plain that OVH STILL enables spammers and crackers to work with impunity from their networks.

FUCK OVH! 🤬😠👎👎‼

and add 2001:41d0::/32 to my block list! 🙄

Rule #3

Rule #3 states “Spammers are stooOOpid.”

if you need an example of rule #3, i have one for you:

the spammer sent mail from a computer called… get this…

UCEBOX.CO.ZA

😝😂🤣🤪🤦😠🤬

for those of you who still don’t “get” it, not only is the computer in south africa, home to all things shady and illegal, but “UCE” stands for “Unsolicited Commercial Email”… in other words, “spam”.

it’s as though they’re saying, “fuck yeah, we’re so gawd-damned proud of the illegal spam we send, that we’re going to name our computer after it, and nobody will care, even if they do notice!”

people should have to take an intelligence test before being allowed into the human race.

seriously.

spam update

i have now, officially, blocked IP address ranges in the following countries:

afghanistan
albania
angola
argentina
aruba
australia
austria
bangladesh
belarus
belgium
bhutan
bolivia
bosnia & herzegovina
brazil
british virgin islands
bulgaria
cambodia
canada
chile
china
colombia
congo
cote d’ivoire
croatia
czech republic
denmark
ecuador
egypt
el salvador
estonia
finland
france
georgia
germany
ghana
greece
guatemala
honduras
hong kong
hungary
iceland
india
indonesia
iran
iraq
ireland
israel
italy
japan
jordan
kazakhstan
kenya
kyrgyzstan
latvia
lithuania
luxembourg
macao
malaysia
mexico
moldova
monaco
mongolia
morocco
myanmar
netherlands
new zealand
nigeria
norway
pakistan
panama
paraguay
peru
philippines
poland
romania
russia
serbia
seychelles
singapore
slovakia
south africa
south korea
spain
sweden
switzerland
taiwan
tajikistan
tanzania
thailand
Trinidad & tobago
turkey
UK
ukraine
uruguay
USA
uzbekistan
vietnam

the big winners are china, russia, and india, and the runners up are spain, uzbekistan and kazakhstan…

and the good ol’ united states of ‘merica makes an appearance, as well.

before i started blocking whole swaths of IP addresses, the CPU usage on my server was between 75% and 100%, pretty much always. since i started blocking IP address ranges, my CPU usage is between 2% and 5%… which means that my web sites respond more quickly.

a side benefit is that, often, the same IP address ranges that are used by spammers, are also used by crackers, skript-kiddies, and other miscreants, so by absolutely blocking them (using both the IP Blocker and the Global Email Filters) i kill two birds with one stone. 😉

the down side is that i’ve been catching a few false positives, which are messages from people within north america, but, through no fault of their own, sent their messages at EXACTLY the right time, so that the date in their message ID gets caught by the rule that’s supposed to catch IP addresses… 😖

but, honestly, there have been fewer than 10 false positives in the last 6 months (they tend to come in spurts: i’ve caught 3 today, but haven’t seen one for months), whereas, if left unfettered, i would have received, easily, 100 times that many spam messages PER DAY, so, in all, i’m almost ready to make my list available to anybody else who wants to cut down on the people who send you spam… 😉

new regex stuff!

logical operators! thanks ian! 😉

+ () [] - |

(stuff that remains the same)+(stuff that changes) – otherwise known as “capture groups”

[89] = 8 or 9

[0-4] = 0, 1, 2, 3, or 4

| = logical OR

so…

\D(85\.157\.47\.)+(12[89]|1[3-9][0-9]|2[0-4][0-9]|25[0-5])\D

means “capture everything in 85.157.47.128/25”

which, up until now, has meant “make a separate rule for every IP address between 85.157.47.128 and 85.157.47.255” — 128 SEPARATE RULES, which takes A LONG time, and slows down processing speed.

this is a BIG step forward!

WOO!!! 😎👍

ETA 200205: even more WOO!!! because ian directed me to a RegEx Numeric Range Generator, which means that i don’t have to figure them all out myself! WOO!!! 😎👍

calm, still no storm… weird…

still calm, still a few “false positives” which are easily dealt with, and forwardable almost immediately… ‼👍 but no “bitcoin sextortion” spam since 191202… and the record is currently held by 1LfYcbCsssB2niF3VWRBTVZFExzsweyPGQ, who i last heard from on 191127, who spammed me four hundred eighty-seven times

spam assassin has, apparently, figured out a regex (or something) for capturing bitcoin addresses, so after 191127, there have been no bitcoin sextortion spams that have NOT been labeled as ***SPAM*** by spam assassin, which makes them a lot easier to filter out.

but it’s weird, because, even though it has been almost a week now, waking up in the morning and NOT having two or three DOZEN spam messages to process makes me nervous that something else may be happening to all of those messages, and, potentially, legitimate messages, as well, and i have no clue what may be happening to them, because nobody other than me is even aware of the fact that they’re not there any longer. 😕

we started the panto. it’s Jack and The Beanstalk… i don’t remember whether this is the first panto we did, or the second panto we did, way back when we first started doing pantos, 17 years or so ago… but it’s largely the same script: different actors but the same characters… and no simon, but he hasn’t been involved since he got drunk, did something which he wasn’t supposed to (sexual harrassment? stealing stuff? something that only drunk people do… 😒), and was banned from the palladium, a few years ago. we did the first four of 20 performances, last weekend, and only missed one music cue: half the band started a half a measure before the other half of the band, and none of the singers came in at the right point, but we recognised it almost immediately, and kiki said “wait, can we start that again?” and everybody came in on cue when we tried it again… and there was one place at the end of the panto, where the giant chops down the beanstalk, and the ogress (represented by a puppet) falls from the castle in the sky, along a zip-line, to the back of the palladium. but, this time, the doors to the castle opened, but no ogress came out… so we just continued, where the ogress (this time, the real actor) then “falls” back up to the front of the stage, and has a few lines… and then the puppet ogress decided it was time to fall… 🤣

but, all in all, the panto is going well.

calm… i hope no storm…

the past three full days now, i have gotten SIGNIFICANTLY less spam than normal… like, normally i’ll get anywhere from two to six DOZEN spam messages a day, and, since saturday, i have gotten, maybe two dozen total

i’ve been blocking ranges of IP addresses in argentina and peru and china and india and denmark and kazakhstan and iran and lithuania and brazil and germany and LOTS of ranges for russia, and luxembourg and vietnam and turkey and indonesia and romania and the UK and georgia (the country, not the state in the united states), and nigeria and egypt and cambodia and myanmar (and that’s only up to the 45.0.0.0/8 range) like a mad fiend, for about two months prior to saturday… and all of those places are places from which i have never received email that was not spam…

literally, i’ve been blocking JUST ranges connected with the 1LfYcbCsssB2niF3VWRBTVZFExzsweyPGQ “bitcoin porn sextortion” scam since october 4th. 🤬

maybe i’ve finally caught up with the script. i’ve got 1,043 filter rules, and a fair portion of them are IP ranges…

but it feels weird… nobody has complained that they’re not getting important emails, and the false positives that have been coming through are usually either dealt with by changing “contains” to “matches regex”, or by deleting rules that i don’t need any longer… like the one for the .mp TLD, which was giving me false positives all the time because of mailchi.mp, which, while spammy, is not universally spammy, and, as far as i can tell, is the only NON-spammy use of the .mp TLD… but i decided that, instead of figuring out how to rule out legitimate use of a spammy TLD, i just started banning the countries that the spam was coming from…

but it feels weird… i’ve been on edge for a couple of days now, and i’m pretty sure it’s directly related to my relationship with the computer and the ‘net… 😒

but not entirely related… i had a pair of blue sunglasses that i got before i went to oregon to busk, a few months ago, and i lost them about a week ago. since then i’ve been losing a whole bunch of other things — keys, tools, credit cards, that sort of thing — and i’ve been finding them again, usually in the same day, sometimes within the same 15 minutes or so… but i haven’t been able to find my sunglasses, and it PISSES ME OFF because the reason i got them, primarily, was to help aleviate some of my depression, and they have worked ADMIRABLY for that purpose… and i remember thinking, if i put them… wherever it was that i put them… 😕 and left them there for too long, i would probably not remember where they were, the next time i looked for them… 😒

it’s possible that they’re somewhere around the house, but i’ve looked at least three times in every place i can think of, and quite a few that i couldn’t have thought of in a long time, and have nothing to show for it except a much cleaner house. they’re not in the car, as far as i can tell, nor are they in my tuba case, or my tuba bag.

moe is going away for a few days — travelling for stuff related to her book — starting friday, which means that i won’t be able to go busking. and then panto starts (shudder) saturday: two shows, and two shows on sunday, which means that i won’t even be here to take care of the pets for significant portions of both days… fortunately, i’m picking her up at the airport after sunday’s shows are over.

and, on the unicycle side of things, i think i am actually learning to ride the unicycle… i have been consistently riding, in a “more-or-less” controlled fashion, in a marginally straight line, without falling over, half to three-quarters of the way across the gym, for two weeks now. and, i just got “certified” to come in and use the gym for practicing unicycle on days that we’re not having class, so i actually have a place to practice.

/8 blocks

i now have three /8 blocks in my email filters.

25.0.0.0/8 in the UK, 53.0.0.0/8 in germany, and 133.0.0.0/8 in japan.

the “standard” email filters, built on “and/or” and “contains/does not contain”, break down when you’re dealing with 16.75 MILLION addresses.

they break down because you can’t just filter on 25. which appears in the middle and end of IP addresses, in message ID numbers, and, occaisionally, in the body of the message.

the result is A LOT of false positives: email which i can’t forward to the correct recipient, because it will get filtered AGAIN

which is quite annoying. 😒

so, with the help of my friend robert, i built a regular expression to handle it:

\D25\.\d{1,3}\.\d{1,3}\.\d{1,3}\D

finds non-digit character followed by “25.”, followed by three repititions of one to three digits, interspersed by periods, followed by another non-digit character.

technically, this regex could be adapted to accomodate any IP address, which means that, theoretically, i have a whole new, easier, and faster method of processing spam. 😈

the next step is to learn how to search for a specific range of digits… 😈

ETA 191127 i discovered that you can’t specify a range of digits with a regex. for that, you need a script, which is too much work. also, i determined that i DON’T need the white space character at the beginning and end of the regular expression, because, sometimes, the IP address is surrounded by parentheses, square brackets, or both.

ETA 191128 i changed it from white space character — \s — to non-digit character — \D — because some IP addresses are surrounded by parentheses or square brackets, but some are surrounded by white space characters. the only thing \D doesn’t capture is an empty string, so the IP address can’t be the first thing in the line of text.

and, even with the \D, this regex, modified to capture 27.16.0.0/12 in china, captures 2.2019.11.27.23.41.02, which is part of the message ID on a LEGITIMATE message. 😖😒😠🤬

this is why i’m rerouting these messages, rather than summarily deleting them, which is my inclination… summarily deleting what i think is spam has come back to bite me in the ass often enough that i don’t do it any longer. 😒

oy 😒

this morning i added a second /8 block to my email filters.

for those of you wondering what i’m talking about, a /8 block is the largest block of IP addresses allocated by the IANA.

16,777,216 individual IP addresses.

my first filtered /8 block was in japan. my second one was in germany.

and i STILL get spam from japan and from germany. 😒

it doesn’t seem like it was that long ago that spam was something in a monty python skit, and before that, it was a canned meat byproduct.

it’s not even UCE any longer, because most of it is devoted to scams of one kind or another. actual, commercial email is a tiny fraction of the volumes of script-generated spam, these days.

spam times 16,777,216²… which is a number so large my scientific calculator chokes on it… which is to say, it says 2.81474976711e+14 rather than giving me a number i can understand. 😒

knock wood…

for the first time in a VERY long time, i booted up my computer, checked my email, and did NOT have at least 10 “bitcoin-porn-scam-spam” messages in my spam folder…

in fact, i had NO “bitcoin-porn-scam-spam” messages in my spam folder… or anywhere else…

there was spam in my spam folder, but no “bitcoin-porn-scam-spam” messages.

maybe this is a good sign.

ETA: not as good a sign as i would have hoped, but on the plus side, i now have blocks on more of uzbekistan, kazakhstan, bangladesh, and south africa than i did before.

oh well… 🤷

spammers spamming spam! 🤬

just as a reminder, this has been posted at the Hybrid Elephant Contact Us form:

PLEASE NOTE: This contact form is solely for the use of Hybrid Elephant customers who need to get in contact with us. Every message that is sent with this form includes a unique IP address in the header, which identifies the computer from which the message was sent. If you use this form to spam us, all you will accomplish is to put your IP address on the list of IP addresses which are PERMANENTLY BANNED from accessing Hybrid Elephant for any reason. Please DO NOT USE THIS FORM to send us advertisements or solicitations. It WILL NOT WORK! You have been warned!

this morning, i got spam from my response form (big surprise).

the difference, this time, is that the following message was included at the end of the spam:

IMPORTANT NOTICE: This message has been posted via a Contact Us form on your site. Contact forms are publicly accessible and they can be used for posting messages by anyone. We don’t use, hold or archive your e-mail addresses.

yes, contact forms can be used by anyone, but, particularly when an anti-spam message like the one previously posted is present, a concientious user of internet won’t use it unless that person is also a “Hybrid Elephant customers who need to get in contact with us”.

the message that you sent me was definitely NOT because of a need to contact me about something having to do with my business. 😒

and the fact that you say you “don’t use, hold or archive your e-mail addresses” is a moot point, because you ALREADY HAVE used my email address, and the fact that you have already used it means that, very likely, it is stored somewhere on your system, and probably gets backed up with everything else on your computer, which, for all intents and purposes, is “using, holding and archiving”… 🤬

so, the IP address from which this spam was sent is 85.203.22.215, which is part of the 85.203.22.208/28 range, located in monaco.

as of now, 85.203.22.208/28 (16 individual IP addresses) is no longer able to access my domains for any reason whatsoever.

thanks, spammer.

the message also contained references to wexxluxurycars dot com, which also goes on my block list.

thanks, spammer.

the IP address to which that domain name corresponds is 198.46.134.35, which is located in new york. because of the fact that it’s in new york, that IP address goes on my email block list, with today’s date, so that, in case i get an inquiry regarding it at some future point, i can state, unequivocally, that it was added to the list on that date, in case the person inquiring wants me to remove it…

which i will do ONLY if they can convince me that they are no longer associated with spam.

thanks, spammer.

and, of course, nobody is going to be seriously affected by all of this falderal (except, possibly, me), because the message was, doubtlessly, sent by a script that scans for “Contact Us” forms, and dumps meaningless spam into them automatically, without any one person having to do anything other than launch the script, which is why i’ve taken to blocking CIDR ranges outside of north america with no further warning. if people are going to be that careless with their own security, it’s up to people like me to take their security seriously, for them.

thanks, spammer. 🤬

random reminder

great swaths of the internet from the following countries have been permanently banned from viewing my web sites and sending me email, due to ongoing, egregious spamming activity:

albania
angola
argentina
aruba
australia
bangladesh
belarus
belgium
bosnia
brazil
british virgin islands
bulgaria
canada
chile
china
colombia
congo
denmark
denmark
egypt
finland
france
germany
guatemala
herzegovina
hong kong
iceland
india
indonesia
ireland
israel
italy
japan
kenya
latvia
lithuania
macau
malasia
mexico
moldova
netherlands
nigeria
norway
pakistan
panama
philippines
poland
romania
russia
serbia
seychelles
singapore
slovakia
south africa
spain
sweden
switzerland
taiwan
thailand
turkey
UK
ukraine
uruguay
viet nam

and more than a few from the united states, for good measure. 😒

spam is bad. stop spam on internet.

tee…

i’ve recently taken to blocking great swaths of IP addresses in foreign countries, which only send me spam.

she has HUGE… tracts of land…

i have undertaken this policy because using a utility that automatically blocks IP addresses from foreign countries costs money (😒) and using a utility would only work on hybridelephant dot com, and nowhere else.

so, i learned about CIDR, learned how to identify host countries based on IP addresses, and learned how to block IP addresses based on CIDR numbers…

now, instead of blocking a single IP address — which is pointless, because spammers know that a single IP address only works until the spamees figure it out and block it, so they move on to the next one — i block entire swaths of IP addresses: the most common are the /24 range, which blocks 256 (28) IP addresses, and the /16 range, which blocks 65,536 (216) addresses.

and i can block spam from those IP addresses on ALL of my domains, not just hybridelephant dot com. 😉

which brings me to the point of this post: i recently blocked the third IN A SERIES of IP addresses from bangladesh: now i have 185.222.56.0/24, 185.222.57.0/24, AND 185.222.58.0/24 blocked.

which, technically, means that i could block 185.222.56.0/23 and 185.222.58.0/24 with the same effect, because 185.222.56.0/24 plus 185.222.57.0/24 equals 185.222.56.0/23

i love that i am able to do this.

i also love that i am able to understand this as much as i do… which is not very much, but enough that i have been successful in reducing the amount of spam i get by a SIGNIFICANT amount, and not affected my legitimate mail in the slightest degree. 😈

seriously…

i put a notice on hybrid elephant’s contact form, a few months ago:

PLEASE NOTE: This contact form is solely for the use of Hybrid Elephant customers who need to get in contact with us. Every message that is sent with this form includes a unique IP address in the header, which identifies the computer from which the message was sent. If you use this form to spam us, all you will accomplish is to put your IP address on the list of IP addresses which are PERMANENTLY BANNED from accessing Hybrid Elephant for any reason. Please DO NOT USE THIS FORM to send us advertisements or solicitations. It WILL NOT WORK! You have been warned!

this morning i received spam from the contact form, which said “my apologies for reaching out cold like this, just trying to see who I can help.”

if you’re really interested in helping, there’s a snail-mail address, AND a phone number posted on the same page as the contact form — which contains the warning mentioned previously. there’s absolutely no reason why you could not have called me on the phone, or written me a snail-mail message, instead of using our contact form SPECIFICALLY for something that i have warned you NOT to use it for.

not only that, but the header indicates that you’re one of those suckers who bought into the spam that has been going around recently, which says that you can send your spam through contact forms, because they’re already approved. i know this because your return address is to a server in scottsdale, arizona, but the message was sent through 105.235.192.0/21, which is located in nigeria. not only that, but the domain name you registered is hosted by microsoft, and registered at godaddy, both of which are known, notorious spam havens, despite what they may say in their advertisements… so your domain name also goes into my spam filter.

congratulations, spammer: you have successfully participated in BLOCKING yourself, your domain, and a /21 range (2,048 individual IP addresses) in nigeria. you will never again be able to access any of my domains, for any reason, any email that you send to me will go unread, and there is absolutely NO WAY i will ever use your “instagram marketing” service… primarily because i do not now, and never have had an instagram account, and i do not intend to open one in the future.

which you could have found out just as easily over the telephone, and you wouldn’t have blocked yourself. spam doesn’t work. give it up.

🤬

spam update

as of 190729, the following IP addresses, and top-level domains are BLOCKED from my web sites, for egregious spamming behaviour:

5.104.108.0/24 – germany
5.188.210.0/24 – russia
5.226.136.0/21 – UK
23.19.0.0/19 – russia
23.82.128.0/22 – VIRGINIA, USA
31.13.191.0/24 – sweden
37.120.135.0/24 – italy
37.120.159.0/24 – UK
45.12.176.0/22 – india
45.81.0.0/22 – UK
51.15.0.0/18 – france/belgium
51.38.157.0/26 – poland
51.89.30.128/26 – denmark
77.81.105.0/24 – romania
77.81.106.0/24 – romania
80.211.253.0/24 – aruba/italy
85.25.236.0/22 – germany
85.204.49.0/24 – romania
85.204.50.0/24 – romania
85.206.165.8/29 – lithuania/canada
85.254.72.0/24 – latvia
86.109.170.0/24 – spain
88.201.208.0/20 – russia
88.247.0.0/18 – turkey
88.247.64.0/20 – turkey
89.36.224.0/25 – romania
89.44.138.0/23 – romania
89.238.128.0/18 – UK
92.101.192.0/22 – russia
93.125.99.0/24 – belarus/canada
95.37.128.0/17 – russia
95.216.0.0/15 – finland
103.39.132.0/22 – india
103.62.92.0/22 – india
103.76.22.0/23 – indonesia
103.113.3.0/24 – indonesia
103.138.238.0/24 – india
104.245.144.0/22 – canada
105.174.0.0/15 – angola
109.93.128.0/17 – serbia
109.158.0.0/16 – UK
109.175.96.0/19 – bosnia and herzegovina
109.245.80.0/21 – serbia
118.107.180.0/24 – hong kong
133.0.0.0/8 – japan (this represents 16,777,216 individual IP addresses, the largest block allocated by the IANA 🤬)
134.90.149.176/29 – norway
139.99.0.0/17 – singapore
142.59.228.0/22 – canada
150.95.104.0/21 – vietnam
151.106.10.154/31 – china/france
151.106.12.240/28 – romania
157.157.87.0/24 – iceland
168.196.0.0/22 – argentina
176.9.0.0/16 – bulgaria
177.36.246.0/24 brazil
178.17.160.0/21 – moldova
178.17.168.0/21 – moldova
178.162.208.0/21 – germany
178.162.220.0/22 – germany
178.175.128.0/18 – moldova
181.214.60.0/22 – brazil
181.215.96.0/19 – brazil (london, columbia, chicago)
182.50.128.0/19 – singapore
182.52.0.0/15 – japan/thailand
182.56.0.0/14 – india
183.80.144.0/20 – vietnam
183.89.0.0/16 – thailand
185.9.147.0/24 – russia
185.93.3.0/24 – UK
185.94.189.128/27 – romania
185.103.110.0/24 – finland
185.125.32.0/22 – turkey
185.128.27.0/24 – italy
185.156.173.0/24 – france
185.206.224.0/24 – denmark
185.220.101.0/25 – germany
185.222.58.0/24 – bangladesh
185.230.127.0/24 – germany
185.234.0.0/22 – ireland/UK
188.209.52.0/24 – macau
193.56.28.0/24 – UK
193.201.224.0/22 – ukraine
195.181.166.0/24 – UK
199.249.230.0/24 – TEXAS, USA
200.40.96.0/24 – uruguay
201.138.46.0/24 – mexico
203.113.160.0/19 – vietnam

.bid – auctions
.br – brazil
.casa – “house”
.cf – central african republic
.club – groups, organizations, assemblies, communities, general
.cn – china
.date – online dating
.direct – general
.do – dominican republic
.download – technology
.es – spain
.faith – religion and churches
.fun
.gq – equatorial guinea
.hk – hong kong
.host – network companies
.icu – entrepreneurs and business owners
.life
.live
.loan – banks and lenders
.md – moldova
.moda – “fashion”
.mp – northern mariana islands (and anyone using mailchi.mp)
.ms – montserrat
.ooo
.online
.party – nightclubs and social gatherings
.pro – professions/professionals
.racing – racing
.review – public reviews
.ru – russia
.site
.space – as a creative space
.store – stores
.stream
.top
.trade – businesses
.webcam – web cam shows and video sharing
.website
.win – games, micro$oft windoesn’t
.world
.xyz
.za – south africa

if you recognise your IP address, or if you are one of the unfortunates whose web sites have one of the preceding TLDs, i’m sorry, but it had to be done… maybe if you contacted your ISP and complained, they might do something about it. 😒

spam

this kind of thing REALLY annoys me! 🤬

Hi! hybridelephant.com

We make available

Sending your message through the feedback form which can be found on the sites in the Communication section. Contact form are filled in by our software and the captcha is solved. The superiority of this method is that messages sent through feedback forms are whitelisted. This method increases the odds that your message will be read.

Our database contains more than 25 million sites around the world to which we can send your message.

The cost of one million messages 99 USD

FREE TEST mailing of 50,000 messages to any country of your choice.

i put this up on my contact form, but it doesn’t seem to have done any good… in fact, i think it may have encouraged them:

PLEASE NOTE: This contact form is solely for the use of Hybrid Elephant customers who need to get in contact with us. Every message that is sent with this form includes a unique IP address in the header, which identifies the computer from which the message was sent. If you use this form to spam us, all you will accomplish is to put your IP address on the list of IP addresses (789 as of 190601) which are PERMANENTLY BANNED from accessing Hybrid Elephant for any reason. Please DO NOT USE THIS FORM to send us advertisements or solicitations. It WILL NOT WORK! You have been warned!

HAHAHAHAHAHAHAHAHA!!! 🤪🤣

last year i switched away from my then-new host provider after a very short period of time because it turned out that they were a spam-haven.

before i switched, it got so bad that i set up a monitor at MXToolbox to check whether or not my IP address had been listed at any blacklists.

the host provider was incensed at this, and swore up and down that they had robust anti-spam policies that were enforced with an iron fist, but i switched away from them shortly afterwards, anyway.

today i got a notice from the monitor. apparently 69.162.87.36 is running an open relay and has a poor reputation

so much for “robust anti-spam policies enforced with an iron fist”. 🤣🤣🤣🤣🤣