I was getting heavily spammed by 220.127.116.11, So I blocked the IP on our firewall. Then immediately spam began from 18.104.22.168 and then from 22.214.171.124
The particular spam they are doing is malicious. They are "botting" our contact forms and trying to send junk mail to our users. Now even though their messages are getting filtered (users aren't getting them), I still see them. So ideally, I just want to block them entirely from our website altogether by putting them in a firewall block at the server level (instead of blocking them at the form level) - that way, these abusers cannot even get to our site to begin with.
It looks like all of these IP's belong to the same network. I would like to ban the entire range of IP's on this network. How do I figure that out?
That should then give you the details of the address group that the IP addresses belong to:
Open in new window
In the example above the NetRange indicates the range of IP addresses supported by the group.
Check that the OrgName is not something that appears to be generic or likely to have some traffic you may want.
Then add a rule into your sonic wall to block the range shown.