Blocking poneytelecom.eu [#poneytelecom]

You may have found this page because your getting hacked from a rev.poneytelecom.eu address or your receiving spam from this address range, you may even have found it due to it hosting malicious content.

Poney Telecom is an internet server company run from France has been at the centre of multiple allegations of organised international criminal activity for a few years with all warnings, court summons and legal demands to be closed ignored.

I personally have have seen portscans that come from a rev.poneytelecom.eu address, I have also seen malware that has been hosted via them also.

Just take a look at the chat on Twitter againt the hashtage #poneytelecom here it is mostly people complaining about hacking attempts.

There is more info here and here

How To Block

In regards to this issue, we get a lot of messages asking how to block this, and other similar sites.  There is no easy way to answer this because every users situation is different, every router has a different way to block IP’s, every web host has a different way to block them.  The best thing we can say is to search the web for block IP addresses and then however you want to block them such as Apache webserver, IIS web server, cPanel, host file, htaccess file and so on.

Hosts To Block

Although there maybe many genuine users on this system, I have taken action and blocked all their ranges.

62.210.0.0/16
195.154.0.0/16
212.129.0.0/18
62.4.0.0/19
212.83.128.0/19
212.83.160.0/19
212.47.224.0/19
163.172.0.0/16
51.15.0.0/16
151.115.0.0/16 (Added 29-08-2017)
51.158.0.0/15 (Added 19-03-18)
2001:bc8::/32



This page was last updated 4th July 2018

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

12 thoughts on “Blocking poneytelecom.eu [#poneytelecom]

  • November 5, 2017 at 9:19 am
    Permalink

    Poneytelecom have added 151.115.0.0/16 to their ip blocks according to their website.

    Reply
    • November 6, 2017 at 9:45 am
      Permalink

      Thanks for the info Simon.

      Reply
  • January 9, 2018 at 7:40 am
    Permalink

    Many thanks for the info

    has almost endless SIP connection attempts to my PBX from there ranges for months
    have been blocking them bit by bit,
    now blocke the lot

    Reply
  • April 6, 2018 at 8:32 am
    Permalink

    My site has been hacked by them and they are also using ip of 51.15.157.216

    Reply
  • June 30, 2018 at 3:14 pm
    Permalink

    Thanks for the info, I found an additional IPv6 block being used:
    2001:41d0::/32

    Reply
    • October 30, 2018 at 9:43 pm
      Permalink

      great, but how do you block it. I need more specific instructions as to how and where to set up the block. It would be appreciated as they flood my email with crap. Thanks

      Reply
  • September 3, 2018 at 10:17 am
    Permalink

    How do you block it? I am not bad with computers just not great either I do have a college education (for what that’s worth in vhemichemand took comocompsxiend and am a huge nerd who has the addiction where you Google everything to learn as much as you can sbaboas nuch as you can so can figure it out…hopef hopebut do have a brain injury from a car wreck so something’s are harder to remember and do then others

    Reply
  • November 15, 2018 at 2:02 am
    Permalink

    yeahow do you block it? please answer anyone. 11/14/18

    Reply
  • February 26, 2019 at 8:55 am
    Permalink

    If you have access to your own DNS settings you can set DMARC DKIM and SPF for your own email domain. If all Domain admins do this we can fight against the Spoofing.

    Reply
  • April 18, 2019 at 11:07 pm
    Permalink

    You’d block it either at the WAN level on your firewall or at the system level using a system firewall such as firewalld (redhat) or ipfilter (most other NIX). Otherwise you’d need to modify your deny list in postfix (assuming your mail system is running that).

    Reply

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: