Apparently I can't reply to this one any more. https://www.wilderssecurity.com/showthread.php?t=309308&page=2 So since the same problem is occurring, I wanted to continue to topic. I registered specifically to make this post, since it was the first result in google for 'reverse.lstn.net' who has been a very frequent brute force attacker to my server since I've kept track of reverseDNS details over the past 8 months, rather than just keeping an eye on IP address'. Clearly this webhost has an problem with the clients that use it and does little to stop it, since repeated attacks often occur month after month from the same IP address. All the IP's so far in the my recorded history are: 63.143.54.87 63.143.42.100 63.143.42.98 64.31.13.195 74.63.241.156 74.63.241.165 74.63.211.199 216.144.251.37 216.144.249.205 All resolve to a reverse DNS that resembles the below: 100-42-143-63.static.reverse.lstn.net If this continues I won't have much option but to do some pretty wide /16 blacklisting on my firewall. Since I'm starting to get a pattern lstn.net own, and thus operate from; 63.143.*.* 74.63.*.* 216.144.*.* Maybe more. As the referenced post, this happened also last year. Is anyone else experiencing this?
it's not a problem for myself. But according to: http://top.robtex.com/www.lstn.net.html#records there are more blocks to be added. Limestone: http://top.robtex.com/limestonenetworks.com.html#records
Hi Lethos. Yes I've got them banned in my personal server blacklist. I like to collect and blacklist all the most common dedicated server / vps hosts.. I think you would be best to just blacklist all the Limestone cidr ranges, and save your time for something else.. I generally use the hurricane electric site for investigating IP's: http://bgp.he.net/AS46475 http://bgp.he.net/AS46475#_prefixes There are a ton of dedicated server and VPS hosts which are favoured by attackers, usually the low cost servers are the most active in attacks and abuse. The typical traffic coming from those ranges will be proxies, spambots, scrapers, crawlers and other types of things you most likely don't want to have accessing your website or server.. You also have to consider the large number of compromised web sites / servers being used to compromise other sites and servers. One of the best sources of abuse I've seen for awhile was/is Hostnoc : http://stopmalvertising.com/security/hostnocs-christmas-hacking-bonanza.html
Thanks for the Tips and advice. I've recently started getting involved in project honey pot, and found they also had a good list of IP ranges to add to my banned list. Aswell as helping out of course.
