Blocking Spammy or Malicious IPs with Nginx

Over the years I’ve added a bunch of sites and networks to my IP block list. They’re sources of spam, hack scripts, and traffic that just wastes my time and resources.

Not all of these sites are spam or malicious at this very moment (some had viruses or were otherwise compromised as part of a botnet), it’s just what I’ve found useful to block. The names are optional. I just added comments with what the network looked up as (or why it was blocked).

Here’s what I’ve blocked. To implement this in Nginx, edit the nginx.conf and in the main block add “include blockips.conf” with this file saved as blockips.conf in the same directory.

# Every one of these networks has been blocked because they have
# behaved in a spammy, botlike, no-account hackscript way.
# Add this to your /etc/nginx/nginx.conf like so:
# include blockips.conf;
# (assuming it's in the same directory)
deny 27.16.0.0/12; # CHINANET Hubei province network
deny 27.148.0.0/14; # CHINANET FUJIAN PROVINCE NETWORK
deny 27.152.0.0/13; # CHINANET FUJIAN PROVINCE NETWORK
deny 27.184.0.0/13; # CHINANET hebei province network
deny 36.248.0.0/14; # China Unicom Fujian Province Network
deny 39.64.0.0/11; # China Unicom Shandong province network
deny 42.224.0.0/12; # China Unicom Henan province network
deny 46.105.127.195; # OVH SAS - For spamming searches on WbSrch.
deny 50.21.178.17; # >30k spam queries from securedservers.net
deny 50.21.178.18; # >15k spam queries from securedservers.net
deny 58.20.0.0/16; # China Unicom HuNan province network
deny 58.22.0.0/15; # China Unicom FuJian province network
deny 58.240.0.0/15; # China Unicom Jiangsu province network
deny 58.248.0.0/13; # China Unicom Guangdong province network
deny 59.56.0.0/14; # CHINANET fujian province network
deny 59.60.0.0/15; # CHINANET fujian province network
deny 60.0.0.0/13; # China Unicom Hebei Province Network
deny 60.10.0.0/16; # China Unicom Hebei Province Network
deny 60.11.0.0/16; # China Unicom Heilongjiang Province Network
deny 60.12.0.0/16; # China Unicom Zhejiang province network
deny 60.168.0.0/13; # CHINANET anhui province network
deny 60.176.0.0/12; # CHINANET Zhejiang province network
deny 60.195.248.0/21; # Beijing Bitone United Networks Technology Service Co., Ltd.
deny 60.220.0.0/14; # China Unicom Shanxi Province Network
deny 60.252.192.0/19; # Daqing Zhongji Petroleum Communication
deny 61.140.0.0/14; # CHINANET Guangdong province network
deny 61.144.0.0/15; # CHINANET Guangdong province network
deny 61.147.123.0/24; # CHINANET jiangsu province network
deny 61.235.0.0/16; # China TieTong Telecommunications Corporation
deny 101.16.0.0/12; # China Unicom Hebei province network
deny 101.64.0.0/13; # UNICOM ZheJiang Province Network
deny 101.224.0.0/13; # CHINANET SHANGHAI PROVINCE NETWORK
deny 104.238.93.98; # GoDaddy site excitesubmit.com/excitesubmit.net/excitesubmit.org spamming domain searches (perhaps acting like they're a site submit service)
deny 110.80.0.0/13; # CHINANET FUJIAN PROVINCE NETWORK
deny 110.88.0.0/14; # CHINANET FUJIAN PROVINCE NETWORK
deny 110.152.0.0/14; # CHINANET xinjiang province network
deny 110.176.0.0/13; # CHINANET SHANXI PROVINCE NETWORK
deny 110.228.0.0/14; # China Unicom Hebei province network
deny 110.240.0.0/12; # China Unicom Hebei province network
deny 111.0.0.0/10; # China Mobile Communications Corporation
deny 112.0.0.0/10; # China Mobile Communications Corporation
deny 112.111.0.0/16; # China Unicom Fujian Province Network
deny 111.128.0.0/11; # North Star Information Hi.tech Ltd. Co. (China)
deny 112.224.0.0/11; # China Unicom Shandong province networ
deny 113.64.0.0/11; # CHINANET Guangdong province network
deny 113.96.0.0/12; # CHINANET Guangdong province network
deny 113.240.0.0/13; # CHINANET HUNAN PROVINCE NETWORK
deny 115.48.0.0/12; # China Unicom Henan province network
deny 114.80.0.0/16; # CHINANET SHANGHAI PROVINCE NETWORK
deny 115.192.0.0/11; # CHINANET Zhejiang province network
deny 115.224.0.0/12; # CHINANET Zhejiang province network
deny 166.62.101.30; # >50k Spam queries from secureserver.net.
deny 117.24.0.0/13; # CHINANET Fujian province network
deny 117.32.0.0/13; # CHINANET Shanxi(SN) province network
deny 117.128.0.0/10; # China Mobile Communications Corporation
deny 118.186.0.0/15; # Building D, No.2 Shangdi Xinxi Road Pioneering Park,
deny 118.213.0.0/16; # CHINANET Qinghai Province Network
deny 119.4.0.0/14; # China Unicom SiChuan province network
deny 119.39.0.0/16; # China Unicom HuNan province network
deny 119.48.0.0/13; # China Unicom Jilin province network
deny 119.233.128.0/17; # Xiamen Broadcasting & TV Network Transmit Co.Ltd
deny 119.248.0.0/14; # China Unicom Heibei Province Network
deny 120.0.0.0/12; # China Unicom Heibei Province Network
deny 120.32.0.0/13; # CHINANET FUJIAN PROVINCE NETWORK
deny 120.40.0.0/14; # CHINANET FUJIAN PROVINCE NETWORK
deny 120.192.0.0/10; # China Mobile Communications Corporation
deny 121.204.0.0/14; # CHINANET Fujian province network
deny 121.224.0.0/12; # CHINANET jiangsu province network
deny 123.4.0.0/14; # China Unicom Henan province network
deny 123.128.0.0/13; # China Unicom Shandong Province Network
deny 123.168.0.0/14; # CHINANET SHANDONG PROVINCE NETWORK
deny 124.128.0.0/13; # China Unicom Shandong province network
deny 125.88.0.0/13; # CHINANET Guangdong province network
deny 153.3.0.0/16; # China Unicom Jiangsu province network
deny 175.0.0.0/12; # CHINANET HUNAN PROVINCE NETWORK
deny 175.42.0.0/15; # China Unicom Fujian Province Network
deny 175.44.0.0/16; # China Unicom Fujian Province Network
deny 180.76.0.0/16; # Beijing Baidu Netcom Science and Technology Co., Ltd.
deny 180.96.0.0/11; # Chinanet Jiangsu Province Network
deny 182.128.0.0/12; # CHINANET Sichuan province network
deny 183.64.0.0/13; # CHINANET Chongqing Province Network
deny 183.128.0.0/11; # CHINANET Zhejiang province network
deny 183.192.0.0/10; # China Mobile Communications Corporation
deny 202.228.204.204; # server.hiraishoten.net
deny 210.73.208.0/20; # Beijing Blue Ocean information technology co.LTD
deny 218.6.0.0/17; # CHINANET fujian province network
deny 218.56.0.0/15; # China Unicom Shandong province network
deny 218.80.0.0/16; # CHINANET Shanghai province network
deny 218.204.0.0/14; # China Mobile Communications Corporation
deny 219.128.0.0/13; # CHINANET Guangdong province network
deny 220.160.0.0/15; # CHINANET Fujian province network
deny 220.168.0.0/15; # CHINANET Hunan province network
deny 221.0.0.0/15; # China Unicom Shandong province network
deny 221.10.0.0/16; # China Unicom SiChuan province network
deny 221.224.0.0/13; # CHINANET jiangsu province network
deny 222.76.0.0/14; # CHINANET fujian province network
deny 222.136.0.0/13; # China Unicom Henan province network
deny 222.176.0.0/13; # CHINANET Chongqing province network
deny 222.240.0.0/13; # CHINANET Hunan province network
deny 223.8.0.0/13; # CHINANET SHANXI PROVINCE NETWORK
deny 223.64.0.0/11; # China Mobile Communications Corporation
deny 222.84.0.0/16; # CHINANET Guangxi province network

Xangis.com

Software and Music Mad Scientist

Blocking Spammy or Malicious IPs with Nginx