Where can I find a list of IP addresses of hosting providers?

Question

I am attempting to fend off a spam attack against a web api I run and would like to obtain a list of IP addresses of public web hosting providers from which spammers are launching their attacks. I'm talking about sites like bluehost, rackspace, hostgator, godaddy, Amazon AWS, etc etc. My customers are never accessing me from IP addys at these services, and instead access me via things like DSL, cable, and mobile phone networks.

I looked at Spamhaus but from what I could ascertain that was about email.

Thanks!

Answer 1

At some level, every IP block is announced with a source BGP AS number. You can download full tables from http://www.ripe.net/data-tools/stats/ris/ris-raw-data.

AS Names are available from http://bgp.potaroo.net/cidr/autnums.html.

Match the IP to the most recent source number (keep those raw data tables updated somewhat regularly) and match the source number to the names table.

Answer 2

Blocking all hosting providers is both slow and pointless. Instead you should do two things:

• Devise a way to identify spammers that hit your app. Say via captcha or hashcash.
• Log those attempts to syslog.
• Use fail2ban on your server to parse the log file and block those spam bots.

For example there is a guide on how to stop bots from brute forcing WordPress logins:

http://abdussamad.com/archives/616-Stop-Brute-Force-WordPress-Login-Attempts-with-Fail2Ban.html

Answer 3

For providers who use IP space they've registered themselves, you can mostly find this via the regional registry (ARIN for North America) - though a lot of the records are a bit of a mess, with the IP ranges split into a number of different organization records. Search for one IP address belonging to the provider, click on the organization that owns the range (hopefully the actual company, not an ISP they use), then click on "related networks"; this will give you all the ranges they've registered under that organization.

(As an addendum to Jeff's answer, you can also look up BGP AS number owners via ARIN's search; search for AS123 for the owner of AS 123.)

They might also publish the full list, like Amazon, where they've actually made the registrations under several different regional registrars and under several different organizations within some of the registrars.