Top 10 Global Spammers 1Q 2010
March 22nd, 2010
Our list of the Top 10 Global Spammers is out. The biggest surprise on the list is Korea, as it takes over the number one global spammer spot from China. With the improved high speed internet infrastructure in Korea and ease of network access, we knew Korea would be on the rise. We just did not expect it to be so soon.
Here is our complete Global Spanner Top Ten List for the first quarter of 2010:
- Korea
- China
- India
- Russia
- Turkey
- Viet Nam
- Ukraine
- Brazil
- Venezuela
- Pakistan
Here are the countries in our Top Ten Global Spammers list:
| Country | CIDR | Netmask | IP Range | .htaccess deny |
|---|---|---|---|---|
| Korea | CIDR | Netmask | IP Range | .htaccess deny |
| China | CIDR | Netmask | IP Range | .htaccess deny |
| India | CIDR | Netmask | IP Range | .htaccess deny |
| Russia | CIDR | Netmask | IP Range | .htaccess deny |
| Turkey | CIDR | Netmask | IP Range | .htaccess deny |
| Viet Nam | CIDR | Netmask | IP Range | .htaccess deny |
| Ukraine | CIDR | Netmask | IP Range | .htaccess deny |
| Brazil | CIDR | Netmask | IP Range | .htaccess deny |
| Venezuela | CIDR | Netmask | IP Range | .htaccess deny |
| Pakistan | CIDR | Netmask | IP Range | .htaccess deny |
© 2010 – 2011, Stewart White. All rights reserved.
I noticed the CPU on the email servers decrease and I see hits in the firewall on the Linux email servers. I have to say this site is AWESOME! I have eliminated bandwidth thieves from India/Russia/China and other unsavory countries.
I am managing 2 email servers, I have been bombarded by attacks, spam and unwanted traffic from China/Russia/Africa/India/Middle_East. I created my iptables separate firewall listing, it has about 10,000 lines, I do not see a performance impact. All of the servers are running Linux. You mentioned about a database, how would this data be accessed via a database? Thank you again for the BEST website on dealing with spammers/Denial_service_attackers and other unwanted traffic.
Glad to hear you are finding our website useful.
We have several options we are considering:
A per user administrative section where you could log in, create your lists using our database and either download this data, access it via your control panel or through a text file created specifically for your use.
Read only access to our database.
A downloadable administrative template, including SQL files that will allow webmasters to directly block IP traffic or net admins to generate iptables or other formats.
Ah, BTW, thanks for the good work, I’ll take a closer look at your site now
I block all of Israel and all of Ukraine. Those are the worst harvesters, and the harvester bots are the ones you would want to block first of all. Furthermore, nothing good has ever come out from these countries.
Then I block all user agents whcih contains “java”, since those are harbesters as well.
I allso only accept POSTing from IPs that accepts GZIP, since almost no bots understand it (they do not have the library).
Lastly I block all querystrings that contains anything else than alphanumeric chars (and plus).
Have kept me free of spam and injection for half a year now.
Ok i want to block chines .What to do in order to block them shall i copy pate these in to our .htaccc file ? Please reply asap as its bloody really anoying .Every day our social network is full of their shity blogs etc.
Add them to your .htaccess file as follows:
<Limit GET HEAD POST>
order allow,deny
# Country: CHINA
# ISO Code: CN
# Total Networks: 1,848
# Total Subnets: 276,586,240
1.12.0.0/14
1.24.0.0/13
1.45.0.0/16
……………..
allow from all
</Limit>
Brilliant! Just what I needed!!
How do i do things differently?
I mean, how can I allow IPs from certain country only and block everybody else without bloating the .htaccess file with ranges from all over the world?
somethink like
#blab
allow from 10.10.0.0/16
deny all
#
will it work?
hi i want the list of ip spam from united states to put on the .htacesss because i have a lot of spam from united states thanks
thanks for the list. hopefully this will stop those damn chinese ddosers.
i’ve been having problems with them for over a month, after htaccess denying one another two would show up to take his place.
Very resourceful. Thanks for this generous move towards web security implementation. Any chance for the message board to go live? Couldn’t register or post there.
Regards.
This is awesome thank you so much
Just what I needed! 
)
very useful website…
Problem with a CIDR dotted quad conversion on the cheat sheet. CIDR /20 is missing a trinary.
Should read /20 = 255.255.240.0 4096
Thanks again
Good eye. Thanks.
Thank you so much for this site and this information. I use it all of the time to block these terrible spammers. Really awesome of you.
Yes, I have noticed a ton of spam traffic from Korea. You would think that they would have a little more respect for the US since we protect their ass from N Korea. I guess they are just trying to make a buck just like all of them are.
I am using “.htaccess deny” to block all of africa and Asia, but still they are visiting my site.
Is the list not updated or am I missing something here?
One such example is visitor from Senegal: 80.87.92.48
The Country IP Database is updated at least daily. The IP address you provided, 80.87.92.48, is located in Ghana and is found in the 80.87.64.0/19 network and is part of the African Continent files. You should recheck your .htaccess syntax and configuration to be certain your format is correct and that your server credentials provide you the opportunity to use the system configuration files.
Thank you for this tool. I’m Indian, and I want to block most of the Indian and Paki ip ranges. Trust me, I know BSNL (an Indian ISP) subnets are a source of a lot of spam.
@Mark, you remark was offtrack and unnecessary, and a crass generalization. I don’t shake my head side to side when I talk and neither does any of my co-workers.
@Bapi, maybe you are not spamming but 80% of the spam I get is from the Indian sub-continent which includes India and Paki. You should talk to BSNL and complain to the Dept of Telecommunications director Sam Pitroda, he never replies to my emails.
Sorry Bapi but 99% of forum spam coming through our site is from Indian and Pakistani “SEO” companies.
Now I have the tools to block the muppets. Thanks very much.
That’s like saying Indians don’t shake their heads side to side when they talk. LOL
BTW, thank you so much for putting together these IP ranges.
Thank you soooooooooo much for this! I get spammed from India daily then they call me everyday. They also spam my customer intake forms wanting me to outsource to them. Now with this ip range I can now have peace of mind knowing that they will have to be in the US if they want to spam me. Thanks again for the great work!
We Indians are not spamming. Anyway thanks for put the ip range of my country India.
just what I need it, thank you very much!!!
your Russian list, line 2620 and 2808 have an incorrect net/mask:
193.194.153.0/23 should be 193.194.152.0/23 and
194.149.65.0/23 should be 194.149.64.0/23 (replace previous line with /23 mask)
The IP Ranges you describe are both listed correctly within the Russian network lists.
Ripe has them assigned as follows:
ripencc|FR|ipv4|193.194.152.0|256|19990603|assigned
193.194.152.0/24 is assigned to France as of 6/3/1999
ripencc|RU|ipv4|193.194.153.0|512|19990604|assigned
193.194.153.0/23 is assigned to Russia as of 6/4/1999
ripencc|RU|ipv4|194.149.64.0|256|19990223|assigned
194.149.64.0/24 is assigned to Russia as of 2/23/1999
ripencc|RU|ipv4|194.149.65.0|512|19990223|assigned
194.149.65.0/23 is assigned to Russia as of 2/23/1999
very, very nice. just what i was looking 4… there is a little problem thou -
Not Found : TR_range.txt i live very close to them, and i hate them …
The TR_range.txt has been added.