NukeCops - IP Address Blacklist Revisited

You are missing our premiere tool bar navigation system! Register and use it for FREE!

Create an account

• Home • Downloads • Gallery • Your Account • Forums •

Readme First

- Readme First! -
Read and follow the rules, otherwise your posts will be closed

Modules

· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account

Who's Online

There are currently, 319 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here

IP Address Blacklist Revisited

dmolavi writes "With the recent release of several known exploits in the phpBB2 forums software (the highlighting code exploit), as well as issues in PHP itself, I have seen a huge surge in the number of attempts at my site to gain unauthorized access; reaching nearly unique 550 IP addresses being blocked on 3 January 2005.

I'm sure that many other website administrators will notice the same trend. As such, I'm reminding everyone about the IP Address Blacklist available at NukedGallery.net (Downloads -> PHPNuke -> Misc Code).

This is a file which is updated nightly, currently containing nearly 17000 entries, with all the new addresses which have attempted to break into my servers, either via port 80, or other ports (see http://www.nukedgallery.net/modules.php?name=IPBan for a complete listing).

Registration is required, to prevent bandwidth leaching bots from pulling the files."

Posted on Thursday, January 06 @ 14:14:23 CET by VinDSL

Most read story about Security:
PHP-Nuke admin.php security hole - PATCHED

Article Rating

Average Score: 0
Votes: 0

Options

Printer Friendly Page

Send to a Friend

The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

Re: IP Address Blacklist Revisited (Score: 1)
by shokk on Thursday, January 06 @ 14:24:17 CET
(User Info | Send a Message) http://ww.shokk.com

What kind of performance decrease do you see for handling such a large list?

Re: IP Address Blacklist Revisited (Score: 1)
by dmolavi on Thursday, January 06 @ 14:53:17 CET
(User Info | Send a Message) http://www.nukedgallery.net

actually, the way i've got it setup is that the addresses are stored in iptables for a week. (i own my own server and can use iptables for blocking, routing, etc). if the counter from the iptables-save -c command doesn't change in 7 days, the entry is removed, otherwise it remains in the list. if the address pops up later, it is readded for the 7 day period.

excepting lasts weeks spike, i usually have about 50-100 entries in the iptables list at any given time. i see very little performance degradation due to this rotation.

]

Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.026 Seconds - 1318 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)

:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::