fortypoundhead.com

dwirch

Joined:
2005-01-01
08:24

Last Seen:
2017-10-22
05:18

Posted on:
2017-07-23
06:58

New security implemented

Report Back to Forum Back to All Forums

Due to the large number of security exploit and spam attempts from particular regions and netblocks, I've implement blocking of certain network blocks.

If you pay attention to the Malicious IP Checker and it's data, you might notice entries like this:

 

IP Address Date Banned Last Seen Ban Reason
212.7.220.13 7/23/2017 6:45:52 AM 7/23/2017 6:45:52 AM IP From Banned Netblock [PL - Poland - Dediserv]
212.7.220.13 7/23/2017 6:45:47 AM 7/23/2017 6:45:47 AM IP From Banned Netblock [PL - Poland - Dediserv]
212.7.220.13 7/23/2017 6:45:39 AM 7/23/2017 6:45:39 AM IP From Banned Netblock [PL - Poland - Dediserv]
144.12.26.18 7/23/2017 6:45:32 AM 7/23/2017 6:45:32 AM IP From Banned Netblock [CN - China]
46.19.86.146 7/23/2017 6:26:43 AM 7/23/2017 6:26:43 AM IP From Banned Netblock [NL - Netherlands - RIPE NCC]
123.125.125.182 7/23/2017 6:19:05 AM 7/23/2017 6:19:05 AM IP From Banned Netblock [CN - China]

I've noticed a decided uptick in attempted SQL injection attempts from China, Russia, Ukraine, Poland, and a few other places, so I've decided to try the heavy handed approached and block those locations from access to the site.

Users from those sites who reside in the blocked networks may get inadvertantly get banned. Sorry about that. You can place the blame on your neighbors.

dwirch

Joined:
2005-01-01
08:24

Last Seen:
2017-10-22
05:18

Posted on:
2017-08-08
06:43

Report Back to Forum Back to All Forums

I've removed the viewing of banned network data from the Malicious IP Checker home screen.  It was just too overwhelming.  The data is still there, and I'll make it available, if anyone would like to see it.  

There are still a lot of SQL injection attempts coming in from other random IP addresses, which are insta-banned.  Note that I do check the banned IP addresses daily, and if there are more than five attempts coming from a Class C network, that entire netblock gets blocked as well.

dwirch

Joined:
2005-01-01
08:24

Last Seen:
2017-10-22
05:18

Posted on:
2017-09-07
07:16

Report Back to Forum Back to All Forums

Since this new feature went into effect, the number of spam attempts have dropped to almost nothing.  The next thing to tackle are the SQL injection attempts and the PHP vulnerability scanning ...

You must be logged in order to post a reply.




Recent Forum Posts

Advanced search added
dwirch posted on September 23, 2017 at about 13:44 in Site News

Job Spammer: Gaurav Mehta - AgreeYa Solutions
dwirch posted on September 22, 2017 at about 10:35 in Spammers

Job Spammer: Prutha Siri - Javelin Systems
dwirch posted on September 10, 2017 at about 6:15 in Spammers

New security implemented
dwirch posted on September 7, 2017 at about 7:16 in Site News

Malicious IP Checker Companion Tool
dwirch posted on August 12, 2017 at about 20:24 in Site News

Job Spammer: Steve Adams
dwirch posted on August 8, 2017 at about 7:44 in Spammers