| Author |
Message |
hitwalker
Sells PC To Pay For Divorce
Joined:
Posts: 5661
|
 Posted:
Mon Oct 18, 2004 3:45 pm |
|
Anyone that already have countries with IP 2 country blocked ?
Any list of ranges available yet ?
John |
| |
|
|
|
beetraham
Regular
Joined: Dec 13, 2003
Posts: 94
Location: Finland (EU)
|
| Posted:
Mon Oct 18, 2004 8:29 pm |
|
| hitwalker wrote: |
Anyone that already have countries with IP 2 country blocked ?
Any list of ranges available yet ?
John |
I'm not sure whether I undestood your question perfectly, but if I did, then I probably should tell that I created a Tool today that generates BANNED MySQL DUMPS for ALL THE COUNTRIES extractable from the *ip-2-country.csv* file - according to the NukeSentinel 2.10 format.
<=> each DUMP blocks an entire COUNTRY
(there are ca. 240 DUMPS - one for each COUNTRY)
So, we're talking about a minor Tool that can be re-used at Site Admin's end, whenever there's an update to *ip-2-country.csv* database (approximately (1)/month)
At practical level, all you need to do is to pick up the countries you consider malicious and upload those to MySQL server - voila, and have those countries banned (all IP Ranges associated with those countries).
Suprisingly, I now have all the DUMPS for every and each of the countries - willing to share those, as CSH script as well that produces those DUMPS, in case of interest.
Just finished uploading some 20+ COUNTRIES that got entirely banned via this used approach.
Just let me know.
-beetraham |
_________________
- Let there be no windows at your home - |
|
|
|
|
64bitguy
The Mouse Is Extension Of Arm
Joined: Mar 06, 2004
Posts: 1164
|
| Posted:
Mon Oct 18, 2004 9:09 pm |
|
I've got a ton of ranges banned, but I was using this feature with Protector first so I merely migrated that data over to NukeSentinel.. I'm about a day away from uninstalling Protector in favor of using NukeSentinel for everything. I just have to rethink my login block solution to something similar to what I have now which is Protector's solution using IP monitoring and tracking of online users. |
_________________
Steph Benoit
100% Section 508 and W3C HTML5 and CSS Compliant (Truly) Code, because I love compliance. |
|
|
|
|
hitwalker
|
| Posted:
Tue Oct 19, 2004 4:43 am |
|
hi ,
yes that was exactly what i mean.
For some time ago ...before the nuke community started to develop scripts like protector,sentinel and the rest ....the security was a big problem and i remember a lot of topics were about keeping out entire countries...(if needed)
So indeed for this nice tool its a gift if there are already some lists around with parts of countries that have been proven nothing more then dirty hackers.
But i do feel that in this case we all have to be certain in the ranges we block.
For example...i cannot visit madmans (author admin secure) website anymore.
Im almost sure he probably uses something that blocks ranges.
So im the victim of that now and if thats the result of this type of banning then the ranges should be shorter in range.... |
| |
|
|
|
|
64bitguy
|
| Posted:
Tue Oct 19, 2004 5:26 am |
|
Ah, but that's what emails are for. Send him a message with your IP address asking him to unban you or to exclude you from his range. Of course if you're on dialup you're in serious trouble aren't you? |
| |
|
|
|
|
hitwalker
|
| Posted:
Tue Oct 19, 2004 5:43 am |
|
well he knows i cannot visit his site but he says it probably because im behind a firewall or a proxy...if not i should be able to visit.
well ....there isnt a direct need for me to visit cause im nut using admin secure anymore but it makes any form of converstation a little bit easier.
but i will mail him see if that helps... |
| |
|
|
|
|
beetraham
|
| Posted:
Tue Oct 19, 2004 5:58 am |
|
| hitwalker wrote: |
yes that was exactly what i mean.
For some time ago ...before the nuke community started to develop scripts like protector,sentinel and the rest ....the security was a big problem and i remember a lot of topics were about keeping out entire countries...(if needed)
|
I fully agree on this as a retrospective scenario. It's a joy to have these security mechanisms now evolved in a such way, that there's basically no mandatory reason to get equipped with pre-defensive attitude from the security/protection point of view, as the security mechanisms dynamically protect us (in 99,99% cases) from the bad guys.
So why do I personally still choose to have it handled *in the old-fashioned* way - i.e. via brute-force pre-defensive banning?
Well, I surelly do not want to sound provocative, but from my personal point of view, there are some global regions (countries) around that I do wish to deliberately interact *close to nothing* at all stages. This all is arranged with a swing, now that I have the flexible chance for controlling these buffers by the active use of NukeSentinel 2.1.0.
As I evaluate those regions from slightly different angle than potentionally caused direct cyber threads for my site(s), it all comes down pretty quickly to an end, where the further evaluation of the potentionally caused cyber threads by those regions become extremely irrelevant.
| hitwalker wrote: |
So indeed for this nice tool its a gift if there are already some lists around with parts of countries that have been proven nothing more then dirty hackers.
|
Yeah, I understand this point of view, too. In this sense I most likely refuse to get influenced by the available *blacklist information* (that was my interpretation), as there's simply too much *white noise* along the propagation paths from my point of view - i.e. not enough information (trusted one) to rely on this forms of infomation deliveries. Of course, it's always a matter of making a choice - it's not that black'n'white at all.
On the other hand, the things that I accept to trust in this sense are the NukeSentinel (dynamic shield + predefensive buffer equipped with regional bans) and my own made observations at ground zero.
| hitwalker wrote: |
But i do feel that in this case we all have to be certain in the ranges we block.
For example...i cannot visit madmans (author admin secure) website anymore.
Im almost sure he probably uses something that blocks ranges.
So im the victim of that now and if thats the result of this type of banning then the ranges should be shorter in range.... |
Yeah, I know the this feeling, how familiar indeed, as I got banned from a particular place for some time ago that I would have not chosen to get banned.
Basically, this is what may turn out to be as a consequence of *more or less blindfolded* IP Range Bans. However, as I will put my best efforts at my end on ensuring that only the regions that I consider worth banning for will get banned, that's well enough for me.
The weakest link from this perspective in the performed IP Range Bans is the contemporarily associated accuracy of the database being used as a reference for issuing (sub-)regional/IP Range bans. I have made a conclusion at my end, that the pros and cons are way beoynd the offset.
The Nuke CMS security scene is gradually getting to look really good and bright - thanks to those individuals having put their efforts on developing such precious CMS Security Tools as NukeSentinel™ - amongst others.
BR,
-beetraham |
| |
|
|
|
|
hitwalker
|
| Posted:
Tue Oct 19, 2004 6:25 am |
|
I used the function to ban a complete range only once.
That was with the protector when i had the first dos attack.
but i edded up with a million pages with IP's and knew at that time that wasnt the solution.
After that i never banned entire ranges anymore.
But it seems that the dirty hackers more and more choose the nuke community as their potential target.
2 days ago a member of my got attacked.
not that very big but he suddenly had 130 "visitors" online .
and for what ?
A small community website of a fanclub.
Sentinel is doing the work for me and i only ban someone if they realy ask me to.
But a list with ranges.....well i do feel it has to be from someone we all trust... |
| |
|
|
|
|
64bitguy
|
| Posted:
Tue Oct 19, 2004 7:22 am |
|
Personally, I can't imagine what anyone in Syria or afghanistan wants with my site OTHER than abuse. For them, I'm a target.
My particular target audience is very select and 80% of my resources aren't visible to even regular registered users, instead I have special controls for users and use common Nuke tables for my cross-domain controls.
As I have yet to EVER have one user from any of these nations so much as even post a forum message, the question arises, "Do you eventually get sick of them trying every type of abuse possible coupled with the fact that they've made zero contributions to finally enact regional access restrictions as a "reasonable" course of action to protect your interests?"
In my case the answer is yes; however, "Your mileage may vary".
I'm not saying it's right for everyone, but there are certain sites that it is definately right for!
On top of counties, I've also seen abuse from particular Telecom sources (IE... acts of Corporately Sponsored Terrorism) and while I may not be banning an entire Country in some of those cases, I may be banning an entire Service Provider. Again, range banning in NukeSentinel / Protector have filled these voids. Sure there are other ways, but these are the easiest and will at least give you some interactive feedback.
By the way, last time I had 100 users online (last week), it was Google... And I have no complaints about that.... Index away! Now I can thank Mr. Exclude Range List and not worry they'll get banned.... errr... I guess that would be Bob. |
| |
|
|
|
|
gator
Hangin' Around
Joined: Jul 24, 2003
Posts: 36
Location: Canada
|
| Posted:
Tue Oct 19, 2004 7:58 am |
|
[ Only registered users can see links on this board! Get registered or login! ]
A great tool that lets you see all the ip ranges by country...
was able to ban brazil, S Korea, and iran in 2 min using excel. I hate to do it, but... |
| |
|
|
|
hitwalker
|
| Posted:
Tue Oct 19, 2004 8:01 am |
|
exel ?
mmmm...never touched anything before like that.... |
| |
|
|
|
|
BobMarion
Former Admin in Good Standing
Joined: Oct 30, 2002
Posts: 1037
Location: RedNeck Land (known as Kentucky)
|
| Posted:
Tue Oct 19, 2004 10:18 am |
|
I'm currently working on an update pack for 2.1.0. In this pack you will get a few new functions:
1) Tracked Users, like Tracked IP's but by username instead.
2) IP2C filter that allows you to list just one country in the listing.
3) After reading this thread I may very well add a BLOCK link to the IP2C listing that would allow an admin to click a link and ban the range from the IP2C db.
beetraham - I'm interested in your tool you wrote of.
hitwalker - nice to see you sparking some really usefull ideas here |
_________________
Bob Marion
Codito Ergo Sum
http://www.nukescripts.net |
|
|
|
gator
|
| Posted:
Tue Oct 19, 2004 10:55 am |
|
| hitwalker wrote: | exel ?
mmmm...never touched anything before like that.... |
This program allows you to export all the ip ranges by country. I then exported the list into excel and added it, with the relevant code, to my hosts.deny file. |
| |
|
|
|
|
hitwalker
|
| Posted:
Tue Oct 19, 2004 11:51 am |
|
ahh thats refreshing,but there are a lot of things i never looked into or even touched....but im not to old to learn.(i hope)
Hi bob....well sometimes i have good ideas...nice to see your doing better and better...
so a update package.?....i love updates.... |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
