Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™
Author Message
hitwalker
Sells PC To Pay For Divorce


Joined:
Posts: 5661

PostPosted: Mon Oct 18, 2004 3:45 pm Reply with quote

Anyone that already have countries with IP 2 country blocked ?
Any list of ranges available yet ?

John
 
View user's profile Send private message
beetraham
Regular
Regular


Joined: Dec 13, 2003
Posts: 94
Location: Finland (EU)

PostPosted: Mon Oct 18, 2004 8:29 pm Reply with quote

hitwalker wrote:

Anyone that already have countries with IP 2 country blocked ?

Any list of ranges available yet ?

John


I'm not sure whether I undestood your question perfectly, but if I did, then I probably should tell that I created a Tool today that generates BANNED MySQL DUMPS for ALL THE COUNTRIES extractable from the *ip-2-country.csv* file - according to the NukeSentinel 2.10 format.

<=> each DUMP blocks an entire COUNTRY

(there are ca. 240 DUMPS - one for each COUNTRY)

So, we're talking about a minor Tool that can be re-used at Site Admin's end, whenever there's an update to *ip-2-country.csv* database (approximately (1)/month)

At practical level, all you need to do is to pick up the countries you consider malicious and upload those to MySQL server - voila, and have those countries banned (all IP Ranges associated with those countries).

Suprisingly, I now have all the DUMPS for every and each of the countries - willing to share those, as CSH script as well that produces those DUMPS, in case of interest.

Just finished uploading some 20+ COUNTRIES that got entirely banned via this used approach.

Just let me know.

-beetraham

_________________
- Let there be no windows at your home - 
View user's profile Send private message
64bitguy
The Mouse Is Extension Of Arm


Joined: Mar 06, 2004
Posts: 1159
Location: Sanbornton, NH USA

PostPosted: Mon Oct 18, 2004 9:09 pm Reply with quote

I've got a ton of ranges banned, but I was using this feature with Protector first so I merely migrated that data over to NukeSentinel.. I'm about a day away from uninstalling Protector in favor of using NukeSentinel for everything. I just have to rethink my login block solution to something similar to what I have now which is Protector's solution using IP monitoring and tracking of online users.

_________________
Steph Benoit Only registered users can see links on this board! Get registered or login!
1CMS, 100% Section 508 and W3C XHTML/CSS Compliant (Truly) 
View user's profile Send private message Visit poster's website
hitwalker
PostPosted: Tue Oct 19, 2004 4:43 am Reply with quote

hi ,

yes that was exactly what i mean.
For some time ago ...before the nuke community started to develop scripts like protector,sentinel and the rest ....the security was a big problem and i remember a lot of topics were about keeping out entire countries...(if needed)

So indeed for this nice tool its a gift if there are already some lists around with parts of countries that have been proven nothing more then dirty hackers.

But i do feel that in this case we all have to be certain in the ranges we block.
For example...i cannot visit madmans (author admin secure) website anymore.
Im almost sure he probably uses something that blocks ranges.
So im the victim of that now and if thats the result of this type of banning then the ranges should be shorter in range....
 
64bitguy
PostPosted: Tue Oct 19, 2004 5:26 am Reply with quote

Ah, but that's what emails are for. Send him a message with your IP address asking him to unban you or to exclude you from his range. Of course if you're on dialup you're in serious trouble aren't you?
 
hitwalker
PostPosted: Tue Oct 19, 2004 5:43 am Reply with quote

well he knows i cannot visit his site but he says it probably because im behind a firewall or a proxy...if not i should be able to visit.
well ....there isnt a direct need for me to visit cause im nut using admin secure anymore but it makes any form of converstation a little bit easier.
but i will mail him see if that helps...
 
beetraham
PostPosted: Tue Oct 19, 2004 5:58 am Reply with quote

hitwalker wrote:

yes that was exactly what i mean.
For some time ago ...before the nuke community started to develop scripts like protector,sentinel and the rest ....the security was a big problem and i remember a lot of topics were about keeping out entire countries...(if needed)


I fully agree on this as a retrospective scenario. It's a joy to have these security mechanisms now evolved in a such way, that there's basically no mandatory reason to get equipped with pre-defensive attitude from the security/protection point of view, as the security mechanisms dynamically protect us (in 99,99% cases) from the bad guys.

So why do I personally still choose to have it handled *in the old-fashioned* way - i.e. via brute-force pre-defensive banning?

Well, I surelly do not want to sound provocative, but from my personal point of view, there are some global regions (countries) around that I do wish to deliberately interact *close to nothing* at all stages. This all is arranged with a swing, now that I have the flexible chance for controlling these buffers by the active use of NukeSentinel 2.1.0.

As I evaluate those regions from slightly different angle than potentionally caused direct cyber threads for my site(s), it all comes down pretty quickly to an end, where the further evaluation of the potentionally caused cyber threads by those regions become extremely irrelevant.

hitwalker wrote:

So indeed for this nice tool its a gift if there are already some lists around with parts of countries that have been proven nothing more then dirty hackers.


Yeah, I understand this point of view, too. In this sense I most likely refuse to get influenced by the available *blacklist information* (that was my interpretation), as there's simply too much *white noise* along the propagation paths from my point of view - i.e. not enough information (trusted one) to rely on this forms of infomation deliveries. Of course, it's always a matter of making a choice - it's not that black'n'white at all.

On the other hand, the things that I accept to trust in this sense are the NukeSentinel (dynamic shield + predefensive buffer equipped with regional bans) and my own made observations at ground zero.

hitwalker wrote:

But i do feel that in this case we all have to be certain in the ranges we block.
For example...i cannot visit madmans (author admin secure) website anymore.
Im almost sure he probably uses something that blocks ranges.
So im the victim of that now and if thats the result of this type of banning then the ranges should be shorter in range....


Yeah, I know the this feeling, how familiar indeed, as I got banned from a particular place for some time ago that I would have not chosen to get banned.

Basically, this is what may turn out to be as a consequence of *more or less blindfolded* IP Range Bans. However, as I will put my best efforts at my end on ensuring that only the regions that I consider worth banning for will get banned, that's well enough for me.

The weakest link from this perspective in the performed IP Range Bans is the contemporarily associated accuracy of the database being used as a reference for issuing (sub-)regional/IP Range bans. I have made a conclusion at my end, that the pros and cons are way beoynd the offset.

The Nuke CMS security scene is gradually getting to look really good and bright - thanks to those individuals having put their efforts on developing such precious CMS Security Tools as NukeSentinel™ - amongst others.

BR,

-beetraham
 
hitwalker
PostPosted: Tue Oct 19, 2004 6:25 am Reply with quote

I used the function to ban a complete range only once.
That was with the protector when i had the first dos attack.
but i edded up with a million pages with IP's and knew at that time that wasnt the solution.
After that i never banned entire ranges anymore.
But it seems that the dirty hackers more and more choose the nuke community as their potential target.
2 days ago a member of my got attacked.
not that very big but he suddenly had 130 "visitors" online .
and for what ?
A small community website of a fanclub.
Sentinel is doing the work for me and i only ban someone if they realy ask me to.
But a list with ranges.....well i do feel it has to be from someone we all trust...
 
64bitguy
PostPosted: Tue Oct 19, 2004 7:22 am Reply with quote

Personally, I can't imagine what anyone in Syria or afghanistan wants with my site OTHER than abuse. For them, I'm a target.

My particular target audience is very select and 80% of my resources aren't visible to even regular registered users, instead I have special controls for users and use common Nuke tables for my cross-domain controls.

As I have yet to EVER have one user from any of these nations so much as even post a forum message, the question arises, "Do you eventually get sick of them trying every type of abuse possible coupled with the fact that they've made zero contributions to finally enact regional access restrictions as a "reasonable" course of action to protect your interests?"

In my case the answer is yes; however, "Your mileage may vary".

I'm not saying it's right for everyone, but there are certain sites that it is definately right for!

On top of counties, I've also seen abuse from particular Telecom sources (IE... acts of Corporately Sponsored Terrorism) and while I may not be banning an entire Country in some of those cases, I may be banning an entire Service Provider. Again, range banning in NukeSentinel / Protector have filled these voids. Sure there are other ways, but these are the easiest and will at least give you some interactive feedback.

Smile

By the way, last time I had 100 users online (last week), it was Google... And I have no complaints about that.... Index away! Now I can thank Mr. Exclude Range List and not worry they'll get banned.... errr... I guess that would be Bob. Smile
 
gator
Hangin' Around


Joined: Jul 24, 2003
Posts: 36
Location: Canada

PostPosted: Tue Oct 19, 2004 7:58 am Reply with quote

Only registered users can see links on this board! Get registered or login!

A great tool that lets you see all the ip ranges by country...

was able to ban brazil, S Korea, and iran in 2 min using excel. I hate to do it, but...
 
View user's profile Send private message Visit poster's website
hitwalker
PostPosted: Tue Oct 19, 2004 8:01 am Reply with quote

exel ?
mmmm...never touched anything before like that....
 
BobMarion
Former Admin in Good Standing


Joined: Oct 30, 2002
Posts: 1037
Location: RedNeck Land (known as Kentucky)

PostPosted: Tue Oct 19, 2004 10:18 am Reply with quote

I'm currently working on an update pack for 2.1.0. In this pack you will get a few new functions:
1) Tracked Users, like Tracked IP's but by username instead.
2) IP2C filter that allows you to list just one country in the listing.
3) After reading this thread I may very well add a BLOCK link to the IP2C listing that would allow an admin to click a link and ban the range from the IP2C db.

beetraham - I'm interested in your tool you wrote of.

hitwalker - nice to see you sparking some really usefull ideas here Smile

_________________
Bob Marion
Codito Ergo Sum
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Send e-mail Visit poster's website
gator
PostPosted: Tue Oct 19, 2004 10:55 am Reply with quote

hitwalker wrote:
exel ?
mmmm...never touched anything before like that....


This program allows you to export all the ip ranges by country. I then exported the list into excel and added it, with the relevant code, to my hosts.deny file.
 
hitwalker
PostPosted: Tue Oct 19, 2004 11:51 am Reply with quote

ahh thats refreshing,but there are a lot of things i never looked into or even touched....but im not to old to learn.(i hope)
Hi bob....well sometimes i have good ideas...nice to see your doing better and better...
so a update package.?....i love updates....
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©