I’ve decided to block all traffic from all McColo Corporation users.
Not all are guilty I’m sure, but I just got hit by one of their customers called “Digital Infinity”, reportedly a Moscow based company. I was crawled repeatedly by IP 12 IP addresses within the 188.8.131.52-184.108.40.206 range. Now, <100mb of transfers isn't so much to loose over a couple days, but it's enough to catch my eye.
Looking up one of those IP addresses shows McColo Corporation has leased 220.127.116.11-18.104.22.168 to “Digital Infinity”. However, several of the IP addresses that scanned me are within McColo Corporation generic pool. I’ve also seen posts related McColo Corporation’s 208.66.192.* range being a major source of WordPress comment spam.
So, guys, you’re outta here.
I’m blocking them via .htaccess. I suggest you might want to do the same for at least 22.214.171.124-126.96.36.199 if you’re feeling more charitable than I am this morning.
Since they have four groups of addresses, I add four lines to my .htaccess file. As a whole, that section now looks something like this:
deny from 208.66.192
deny from 208.66.193
deny from 208.66.194
deny from 208.66.195
allow from all