You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 133 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - [Interest Check] IP blacklist resource [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

 
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
Author Message
MGCJerry
Elite Nuker
Elite Nuker


Joined: Jun 16, 2003
Posts: 220


PostPosted: Sat May 09, 2009 7:57 pm Reply with quoteBack to top

I know, its been awhile since ive done nuke related posts, but the XSS & sql injections seem to be really getting out of hand. The same old bandwidth wasting exploits seem to be on a rise as of late so I thought of something... Something which I'm going to use on my other sites but I'm curious to see if anyone else could use this. While it's not unique to phpnuke, it could run with or without phpnuke.

I've accumulated 800 or so IPs where attacks have come from and I thought of yet another blacklist site and I'm curious as to what others think. Here's what I have in mind.

* An IP blacklist "server" site who has an ever increasing database of IPs that have spammed and/or ran exploit checks (on my site at least).
* A "client" bit of php code that gets pasted into mainfile.php that checks the blacklist site when a user visits the site, and if its found in the database, blocks the user from accessing and/or participating.

Yes, I know about dynamic IPs, spoofed IPs, proxies, etc, etc etc. I also know that there is no such thing 100% internet security, unplug from the internet entirely is the most security you can do. It wont stop the most determined attacker, but it keeps the bottom shelf ballers out.

If theres any interest in such a service I'll see about making my code more user/webmaster friendly so there can be a fully dynamic IP blacklist that can be utilized by any site who uses the service.

_________________
Original creator of
* Fetch Mod
* RPG Races Module
* 2 The Xtreme Theme
Find all posts by MGCJerryView user's profileSend private message
Evaders99
Site Admin
Site Admin


Joined: Aug 17, 2003
Posts: 12482


PostPosted: Sat May 09, 2009 8:55 pm Reply with quoteBack to top

I have quite a log myself, but I think they way attackers spread so easily, it probably won't slow them down at all. There are numerous DNS-based block lists for spam.. and given that something like 99% of email is spam, you see how ineffective that actually is.

_________________
Helping those that help themselves
Read FIRST or DIE!

"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding
Find all posts by Evaders99View user's profileSend private messageVisit poster's websiteAIM Address
MGCJerry
Elite Nuker
Elite Nuker


Joined: Jun 16, 2003
Posts: 220


PostPosted: Sun May 10, 2009 4:05 am Reply with quoteBack to top

Thats also true. While most of the IPs are only a single hit and run, I have a fair amount of them that keep returning to spam and hack. A few have been repeat hack attempts the last 101 times and several spam IPs have returned to spam or hack up to 67 times.

Its not really about slowing them down, you can never stop spammers or skript kiddies its all about taking a more proactive approach to removing repeat offenders to where you don't waste your bandwidth telling them to piss off. Sure, they can always use an anonymous proxy or a r00td server but those are the kind of IPs you don't want either.

Actually.... I think we all need a script to call the skript kiddies and spammers mommys and daddys so they can spank spammer billy, and hacker joe with a belt and get their computer time taken away. Mr. Green

_________________
Original creator of
* Fetch Mod
* RPG Races Module
* 2 The Xtreme Theme
Find all posts by MGCJerryView user's profileSend private message
Evaders99
Site Admin
Site Admin


Joined: Aug 17, 2003
Posts: 12482


PostPosted: Sun May 10, 2009 3:04 pm Reply with quoteBack to top

I send reports to ISPs myself when I detect repeated attacks. 90% of ISPs really don't do anything, but some of them (mostly webhosts) will terminate accounts.

- Bandwidth wise, they are a nuisance but not a significant factor. There is very little data transferred (even when I'm averaging about 400 attacks an hour)

_________________
Helping those that help themselves
Read FIRST or DIE!

"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding
Find all posts by Evaders99View user's profileSend private messageVisit poster's websiteAIM Address
Display posts from previous:      
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.046 Seconds - 180 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::