RE: (ot) Blocking IPs
LOL .. whoops .. didn't realise it was so long since I checked the list! -Original Message- From: Matt Quackenbush [mailto:quackfu...@gmail.com] Sent: 01 November 2012 19:26 To: cf-talk Subject: Re: (ot) Blocking IPs You do realize that the post you replied to is 6 months old, right? On Thu, Nov 1, 2012 at 2:21 PM, Jenny Gavin-Wear jenn...@fasttrackonline.co.uk wrote: I have found it effective to block troublesome IPs for some length of time, usually an hour to a day does it. This was my security policy as an IT Manager and it is working fine on my dedicated server. Hope this helps! -Original Message- From: Robert Harrison [mailto:rob...@austin-williams.com] Sent: 02 May 2012 13:51 To: cf-talk Subject: (ot) Blocking IPs I have a host who, for the most part, I am satisfied with. However, he is in the habit of blocking IP ranges for various reasons... DDOS attacks, repeated port scans, etc. I've had complaints from some of my clients who do international business that some people cannot access their sites other parts of the world, like places in Asia, the Middle East, South and Central America, etc. I'm not surprised at the complaints. Is this a normal practice, or is this host over-zealous? Robert Harrison Director of Interactive Services Austin Williams Advertising I Branding I Digital I Direct 125 Kennedy Drive, Suite 100 I Hauppauge, NY 11788 T 631.231.6600 X 119 F 631.434.7022 http://www.austin-williams.com Blog: http://www.austin-williams.com/blog Twitter: http://www.twitter.com/austin_ ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353048 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: (ot) Blocking IPs
LMAO ! :P It's cruel to mock the afflicted ;) -Original Message- From: Gerald Guido [mailto:gerald.gu...@gmail.com] Sent: 01 November 2012 23:30 To: cf-talk Subject: Re: (ot) Blocking IPs That sir, made my day. Classic. G! On Thu, Nov 1, 2012 at 4:06 PM, Dave Watts dwa...@figleaf.com wrote: I have found it effective to block troublesome emails for some length of time, usually 6 months does it. http://instantrimshot.com/ Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353049 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: (ot) Blocking IPs
I have found it effective to block troublesome IPs for some length of time, usually an hour to a day does it. This was my security policy as an IT Manager and it is working fine on my dedicated server. Hope this helps! -Original Message- From: Robert Harrison [mailto:rob...@austin-williams.com] Sent: 02 May 2012 13:51 To: cf-talk Subject: (ot) Blocking IPs I have a host who, for the most part, I am satisfied with. However, he is in the habit of blocking IP ranges for various reasons... DDOS attacks, repeated port scans, etc. I've had complaints from some of my clients who do international business that some people cannot access their sites other parts of the world, like places in Asia, the Middle East, South and Central America, etc. I'm not surprised at the complaints. Is this a normal practice, or is this host over-zealous? Robert Harrison Director of Interactive Services Austin Williams Advertising I Branding I Digital I Direct 125 Kennedy Drive, Suite 100 I Hauppauge, NY 11788 T 631.231.6600 X 119 F 631.434.7022 http://www.austin-williams.com Blog: http://www.austin-williams.com/blog Twitter: http://www.twitter.com/austin_ ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353041 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: (ot) Blocking IPs
You do realize that the post you replied to is 6 months old, right? On Thu, Nov 1, 2012 at 2:21 PM, Jenny Gavin-Wear jenn...@fasttrackonline.co.uk wrote: I have found it effective to block troublesome IPs for some length of time, usually an hour to a day does it. This was my security policy as an IT Manager and it is working fine on my dedicated server. Hope this helps! -Original Message- From: Robert Harrison [mailto:rob...@austin-williams.com] Sent: 02 May 2012 13:51 To: cf-talk Subject: (ot) Blocking IPs I have a host who, for the most part, I am satisfied with. However, he is in the habit of blocking IP ranges for various reasons... DDOS attacks, repeated port scans, etc. I've had complaints from some of my clients who do international business that some people cannot access their sites other parts of the world, like places in Asia, the Middle East, South and Central America, etc. I'm not surprised at the complaints. Is this a normal practice, or is this host over-zealous? Robert Harrison Director of Interactive Services Austin Williams Advertising I Branding I Digital I Direct 125 Kennedy Drive, Suite 100 I Hauppauge, NY 11788 T 631.231.6600 X 119 F 631.434.7022 http://www.austin-williams.com Blog: http://www.austin-williams.com/blog Twitter: http://www.twitter.com/austin_ ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353042 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: (ot) Blocking IPs
I have found it effective to block troublesome emails for some length of time, usually 6 months does it. On Thu, Nov 1, 2012 at 3:25 PM, Matt Quackenbush quackfu...@gmail.comwrote: You do realize that the post you replied to is 6 months old, right? On Thu, Nov 1, 2012 at 2:21 PM, Jenny Gavin-Wear jenn...@fasttrackonline.co.uk wrote: I have found it effective to block troublesome IPs for some length of time, usually an hour to a day does it. ... ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353043 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: (ot) Blocking IPs
Heh. :-) On Thu, Nov 1, 2012 at 2:30 PM, Cameron Childress camer...@gmail.comwrote: I have found it effective to block troublesome emails for some length of time, usually 6 months does it. On Thu, Nov 1, 2012 at 3:25 PM, Matt Quackenbush quackfu...@gmail.com wrote: You do realize that the post you replied to is 6 months old, right? On Thu, Nov 1, 2012 at 2:21 PM, Jenny Gavin-Wear jenn...@fasttrackonline.co.uk wrote: I have found it effective to block troublesome IPs for some length of time, usually an hour to a day does it. ... ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353044 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: (ot) Blocking IPs
I have found it effective to block troublesome emails for some length of time, usually 6 months does it. http://instantrimshot.com/ Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353045 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: (ot) Blocking IPs
Ha! I was about to reply with the exact same link... On 11/1/12 4:06 PM, Dave Watts dwa...@figleaf.com wrote: I have found it effective to block troublesome emails for some length of time, usually 6 months does it. http://instantrimshot.com/ Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353046 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: (ot) Blocking IPs
That sir, made my day. Classic. G! On Thu, Nov 1, 2012 at 4:06 PM, Dave Watts dwa...@figleaf.com wrote: I have found it effective to block troublesome emails for some length of time, usually 6 months does it. http://instantrimshot.com/ Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353047 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
(ot) Blocking IPs
I have a host who, for the most part, I am satisfied with. However, he is in the habit of blocking IP ranges for various reasons... DDOS attacks, repeated port scans, etc. I've had complaints from some of my clients who do international business that some people cannot access their sites other parts of the world, like places in Asia, the Middle East, South and Central America, etc. I'm not surprised at the complaints. Is this a normal practice, or is this host over-zealous? Robert Harrison Director of Interactive Services Austin Williams Advertising I Branding I Digital I Direct 125 Kennedy Drive, Suite 100 I Hauppauge, NY 11788 T 631.231.6600 X 119 F 631.434.7022 http://www.austin-williams.com Blog: http://www.austin-williams.com/blog Twitter: http://www.twitter.com/austin_ ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350951 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: (ot) Blocking IPs
Sounds over-zealous. Before I even block a single IP, I'll query my DB to try to determine whether valid traffic *ever* came from that IP. And, in general, blocking IP's is a last resort. I've never blocked a range. There're better ways to prevent the stuff he's trying to prevent. He should have a firewall that's smart/configurable enough to detect and prevent that stuff at a granular level. On Wed, May 2, 2012 at 7:51 AM, Robert Harrison rob...@austin-williams.comwrote: I have a host who, for the most part, I am satisfied with. However, he is in the habit of blocking IP ranges for various reasons... DDOS attacks, repeated port scans, etc. I've had complaints from some of my clients who do international business that some people cannot access their sites other parts of the world, like places in Asia, the Middle East, South and Central America, etc. I'm not surprised at the complaints. Is this a normal practice, or is this host over-zealous? Robert Harrison Director of Interactive Services Austin Williams Advertising I Branding I Digital I Direct 125 Kennedy Drive, Suite 100 I Hauppauge, NY 11788 T 631.231.6600 X 119 F 631.434.7022 http://www.austin-williams.com Blog: http://www.austin-williams.com/blog Twitter: http://www.twitter.com/austin_ ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350952 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: (ot) Blocking IPs
The problem with IP blocking is that 99% of the time the IP is a fake IP, and that means that legitimate IP's are and do get blocked for no good reason. Who is the Hosting Provider? -- Regards, Andrew Scott WebSite: http://www.andyscott.id.au/ Google+: http://plus.google.com/108193156965451149543 On Wed, May 2, 2012 at 10:51 PM, Robert Harrison rob...@austin-williams.com wrote: I have a host who, for the most part, I am satisfied with. However, he is in the habit of blocking IP ranges for various reasons... DDOS attacks, repeated port scans, etc. I've had complaints from some of my clients who do international business that some people cannot access their sites other parts of the world, like places in Asia, the Middle East, South and Central America, etc. I'm not surprised at the complaints. Is this a normal practice, or is this host over-zealous? Robert Harrison Director of Interactive Services Austin Williams Advertising I Branding I Digital I Direct 125 Kennedy Drive, Suite 100 I Hauppauge, NY 11788 T 631.231.6600 X 119 F 631.434.7022 http://www.austin-williams.com Blog: http://www.austin-williams.com/blog Twitter: http://www.twitter.com/austin_ ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350953 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: (ot) Blocking IPs
The problem with IP blocking is that 99% of the time the IP is a fake IP, I'm not a protocol specialist, just curious, but how can an IP be forged? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350954 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: (ot) Blocking IPs
http://en.wikipedia.org/wiki/IP_address_spoofing On Wed, May 2, 2012 at 8:29 AM, wrote: The problem with IP blocking is that 99% of the time the IP is a fake IP, I'm not a protocol specialist, just curious, but how can an IP be forged? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350955 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: (ot) Blocking IPs
I run a SmarterMail server, and have blocked a few IPs, very selectively, only after I notice that consistent spam comes from those IPs that Barracuda or the other RBLs do not catch. No complaints from clients so far. I don't block entire countries or regions, though I have heard of administrators who do so. Some of my clients travel a lot, so I don't block countries. I send out friendly reminders to my clients to teach them how to recognize spam and use spam filters in MS Outlook. I hope at least a few people read them. =) Perhaps you can have a conversation with your hosting provider about using RBLs and configuring a firewall to do the spam blocking that he needs. Eric -Original Message- From: Andrew Scott [mailto:andr...@andyscott.id.au] Sent: Wednesday, May 02, 2012 7:58 AM To: cf-talk Subject: Re: (ot) Blocking IPs The problem with IP blocking is that 99% of the time the IP is a fake IP, and that means that legitimate IP's are and do get blocked for no good reason. Who is the Hosting Provider? -- Regards, Andrew Scott WebSite: http://www.andyscott.id.au/ Google+: http://plus.google.com/108193156965451149543 On Wed, May 2, 2012 at 10:51 PM, Robert Harrison rob...@austin-williams.com wrote: I have a host who, for the most part, I am satisfied with. However, he is in the habit of blocking IP ranges for various reasons... DDOS attacks, repeated port scans, etc. I've had complaints from some of my clients who do international business that some people cannot access their sites other parts of the world, like places in Asia, the Middle East, South and Central America, etc. I'm not surprised at the complaints. Is this a normal practice, or is this host over-zealous? Robert Harrison Director of Interactive Services Austin Williams Advertising I Branding I Digital I Direct 125 Kennedy Drive, Suite 100 I Hauppauge, NY 11788 T 631.231.6600 X 119 F 631.434.7022 http://www.austin-williams.com Blog: http://www.austin-williams.com/blog Twitter: http://www.twitter.com/austin_ ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350956 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: (ot) Blocking IPs
http://en.wikipedia.org/wiki/IP_address_spoofing Thanks. I can't believe it is that simple. It would be so simple if the protocol was something like: - sender: I have a message for you my IP is x.x.x.x - receiver: Ok, here is the key: (UUID) - sender: Ok, your key is (UUID), here is the message:... ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350957 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: (ot) Blocking IPs
The problem with IP blocking is that 99% of the time the IP is a fake IP, This is not true. If you receive a message from an IP address, and the attacker's action relies on a response to that IP address, it will not be a fake IP address. It may not be the original IP address of the attacker, but it is definitely the IP address of the host connecting to you. and that means that legitimate IP's are and do get blocked for no good reason. This is true, in the sense that they may well be on the same range. But blocking individual addresses doesn't scale very well, to be honest. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350959 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: (ot) Blocking IPs
The problem with IP blocking is that 99% of the time the IP is a fake IP, and that means that legitimate IP's are and do get blocked for no good reason. It really depends on the type of attack. If they're just flodding as part of a DDOS attack then spoofing is viable, but for something like a SQL injection attack the IP can't be spoofed per se. In those cases the biggest problem, in my opinion, is that it is ridiculously easy to reroute (think TOR) and come from a different, unrelated IP in a matter of seconds. -Justin ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350960 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: (ot) Blocking IPs
http://en.wikipedia.org/wiki/IP_address_spoofing That is only useful for very specific, limited sorts of things. You can't carry on a conversation with a remote server using a spoofed IP address, because the server would have no way to respond. If you're concerned about blocking spam email, for example, you don't have to worry about people sending email through a spoofed IP address, because SMTP is a TCP application, and TCP requires sequence numbers. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350961 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: (ot) Blocking IPs
Well, I've checked with some contacts I have who are experts in security. One of them works in internet security for the DOD in Arlington, VA, one is the Security Director at a fortune 100 company, and one owns a large nationwide hosting company. All frowned on the practice of blocking port 80 by range of IP and said it's rare and extreme to totally block even a specific IP, but that it does happen. All thought that blocking mail traffic by IP was very normal. I'm having conversations with my ISP about removing the blocks now. He is resistant, but the consensus is against blanket IP blocking. Robert Harrison Director of Interactive Services Austin Williams Advertising I Branding I Digital I Direct 125 Kennedy Drive, Suite 100 I Hauppauge, NY 11788 T 631.231.6600 X 119 F 631.434.7022 http://www.austin-williams.com Blog: http://www.austin-williams.com/blog Twitter: http://www.twitter.com/austin_ ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350962 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: (ot) Blocking IPs
I'm having conversations with my ISP about removing the blocks now. He is resistant, but the consensus is against blanket IP blocking. Well, one thing to note here is that it's easier for big ISPs to not block IP blocks than small ones - big ISPs, by having more bandwidth, more hosts to respond, etc, may have higher tolerance for higher amounts of traffic (whether that traffic is legitimate or not). Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350963 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: (ot) Blocking IPs
We've certainly never done this as a permanent solution. Blocking IPs or ranges at the firewall wouldn't do much under a heavy DDOS, by the time the traffic is there it's probably saturating other parts of the hosts network. Better avenue would be to null route the destination IP on the edge routers and work with upstream providers to determine the source and have them block and/or shutdown the source. Null routing mitigates most of the effect of the DDOS on the rest of your network. Either way blocking at the firewall or null routing destinations would be temporary until the upstream provider could deal with things. I'd bet $1.50 that your host really doesn't understand mitigation or is hosting in another providers data center and doesn't have access to the core network gear. Also sounds like maybe they've had other customers complain about spam from specific IPs and did this as a quick fix. Byron Mann Lead Engineer and Architect HostMySite.com On Wed, May 2, 2012 at 8:51 AM, Robert Harrison rob...@austin-williams.comwrote: I have a host who, for the most part, I am satisfied with. However, he is in the habit of blocking IP ranges for various reasons... DDOS attacks, repeated port scans, etc. I've had complaints from some of my clients who do international business that some people cannot access their sites other parts of the world, like places in Asia, the Middle East, South and Central America, etc. I'm not surprised at the complaints. Is this a normal practice, or is this host over-zealous? Robert Harrison Director of Interactive Services Austin Williams Advertising I Branding I Digital I Direct 125 Kennedy Drive, Suite 100 I Hauppauge, NY 11788 T 631.231.6600 X 119 F 631.434.7022 http://www.austin-williams.com Blog: http://www.austin-williams.com/blog Twitter: http://www.twitter.com/austin_ ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350968 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
way OT: blocking IPs ?
Hi list, a customer of mine wants to block users from china and taiwan on his coldfusion driven website. How can I do this ? I thought of checking the IP and compare it with IPs (class-A/class-B) nets of those countries and blocking it. Would that be possible ? Uwe ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: way OT: blocking IPs ?
yikes! *discrimination :-) - Original Message - From: Uwe Degenhardt [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Tuesday, June 24, 2003 8:27 AM Subject: way OT: blocking IPs ? Hi list, a customer of mine wants to block users from china and taiwan on his coldfusion driven website. How can I do this ? I thought of checking the IP and compare it with IPs (class-A/class-B) nets of those countries and blocking it. Would that be possible ? Uwe ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: way OT: blocking IPs ?
Uwe Degenhardt wrote: a customer of mine wants to block users from china and taiwan on his coldfusion driven website. How can I do this ? I thought of checking the IP and compare it with IPs (class-A/class-B) nets of those countries and blocking it. Check the DevEx for GeoLocator from Paul Hastings. Jochem ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: way OT: blocking IPs ?
Hi list, a customer of mine wants to block users from china and taiwan on his coldfusion driven website. How can I do this ? I thought of checking the IP and compare it with IPs (class-A/class-B) nets of those countries and blocking it. Would that be possible ? It's usually a web server thing, not a CF thing If you're running IIS, then there's a setting that you can block IPs on it fairly easily ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: way OT: blocking IPs ?
Your not doing the White House site are you ;-) -Original Message- From: Uwe Degenhardt [mailto:[EMAIL PROTECTED] Sent: 24 June 2003 13:27 To: CF-Talk Subject: way OT: blocking IPs ? Hi list, a customer of mine wants to block users from china and taiwan on his coldfusion driven website. How can I do this ? I thought of checking the IP and compare it with IPs (class-A/class-B) nets of those countries and blocking it. Would that be possible ? Uwe ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Host with the leader in ColdFusion hosting. Voted #1 ColdFusion host by CF Developers. Offering shared and dedicated hosting options. www.cfxhosting.com/default.cfm?redirect=10481 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re[2]: way OT: blocking IPs ?
Hello Michael, Tuesday, June 24, 2003, 2:32:15 PM, you wrote: MTT yikes! *discrimination :-) MTT - Original Message - MTT From: Uwe Degenhardt [EMAIL PROTECTED] MTT To: CF-Talk [EMAIL PROTECTED] MTT Sent: Tuesday, June 24, 2003 8:27 AM MTT Subject: way OT: blocking IPs ? Hi list, a customer of mine wants to block users from china and taiwan on his coldfusion driven website. How can I do this ? I thought of checking the IP and compare it with IPs (class-A/class-B) nets of those countries and blocking it. Would that be possible ? Uwe MTT ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re[2]: way OT: blocking IPs ?
Hi Michael, I guess you are from Taiwan ? ;-) The customer is afraid of companies possibly stealing his product-ideas I guess. Uwe ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Re[2]: way OT: blocking IPs ?
Those countries also have the highest record of fraud with purchases over the internet. -Original Message- From: Uwe Degenhardt [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 24, 2003 9:33 AM To: CF-Talk Subject: Re[2]: way OT: blocking IPs ? Hi Michael, I guess you are from Taiwan ? ;-) The customer is afraid of companies possibly stealing his product-ideas I guess. Uwe ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re[4]: way OT: blocking IPs ?
Those countries also have the highest record of fraud with purchases over the internet. Thanks Dan, might also be the case, the customer is afraid of. Uwe ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re[2]: way OT: blocking IPs ?
Hello Jochem, Tuesday, June 24, 2003, 2:40:30 PM, you wrote: JvD Uwe Degenhardt wrote: JvD Check the DevEx for GeoLocator from Paul Hastings. Thanks Jochem. Unfortunately the server is running CF 5. Uwe ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Host with the leader in ColdFusion hosting. Voted #1 ColdFusion host by CF Developers. Offering shared and dedicated hosting options. www.cfxhosting.com/default.cfm?redirect=10481 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Re[2]: way OT: blocking IPs ?
Nope, Washington, DC :-) - Original Message - From: Uwe Degenhardt [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Tuesday, June 24, 2003 9:33 AM Subject: Re[2]: way OT: blocking IPs ? Hi Michael, I guess you are from Taiwan ? ;-) The customer is afraid of companies possibly stealing his product-ideas I guess. Uwe ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re[2]: way OT: blocking IPs ?
Hello Philip, Tuesday, June 24, 2003, 2:42:16 PM, you wrote: PA It's usually a web server thing, not a CF thing PA If you're running IIS, then there's a setting that you can block IPs on PA it fairly easily I did this once on IIS and didn't really work. Also it might be a major hustle to block and find out that many class-B/class-C networks, isn't it ? Uwe ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Host with the leader in ColdFusion hosting. Voted #1 ColdFusion host by CF Developers. Offering shared and dedicated hosting options. www.cfxhosting.com/default.cfm?redirect=10481 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Re[2]: way OT: blocking IPs ?
I've blocked Ips--I do it upon any submit functionality; I don't think it causes any harm to allow the reading of content, but all submits, etc. go against the database and performs a redirect. That's my way of doing it, at least. HTH, Russ -Original Message- From: Uwe Degenhardt [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 24, 2003 9:29 AM To: CF-Talk Subject: Re[2]: way OT: blocking IPs ? Hello Philip, Tuesday, June 24, 2003, 2:42:16 PM, you wrote: PA It's usually a web server thing, not a CF thing PA If you're running IIS, then there's a setting that you can block IPs PA on it fairly easily I did this once on IIS and didn't really work. Also it might be a major hustle to block and find out that many class-B/class-C networks, isn't it ? Uwe ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Re[2]: way OT: blocking IPs ?
I did this once on IIS and didn't really work. Also it might be a major hustle to block and find out that many class-B/class-C networks, isn't it ? grab the geoLocator CFC from devnet gallery, it should help determine a users country. its fairly accurate. ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Host with the leader in ColdFusion hosting. Voted #1 ColdFusion host by CF Developers. Offering shared and dedicated hosting options. www.cfxhosting.com/default.cfm?redirect=10481 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: way OT: blocking IPs ?
This list looks up to date. http://www.okean.com/asianspamblocks.html You could go to APNIC and do the legwork yourself though. -- jon mailto:[EMAIL PROTECTED] Tuesday, June 24, 2003, 8:27:00 AM, you wrote: UD Hi list, a customer UD of mine wants to block UD users from china and taiwan on his coldfusion driven website. UD How can I do this ? UD I thought of checking the IP UD and compare it with IPs (class-A/class-B) UD nets of those countries and blocking it. UD Would that be possible ? UD Uwe UD ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
OT: Blocking s.o. from utilize open SMTP-Ports ( was Blocking IPs )
Speaking of blocking. Does s.o. know of a blocking SW which blocks one IP (or several IPs) to prevent that s.o. uses the open SMTP-Mail-Server ? My Mail-server doesn't provide this feature or only on a domain-basis. But I want to use it for a static server IP. Uwe - Original Message - From: "Mike Sullivan" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Sent: Montag, 6. November 2000 23:54 Subject: RE: Blocking IPs -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Juan, You could block an intruder at your web server with the facilities of the httpd software, the server's tcp/ip features, you can also do it from CF (but you would have to wait for the intruder to request a Cf template... maybe you don't want to wait that long!). There are a lot of inetd sorts of security that depend on the platform you are using. The best (fastest, most robust and a goodie that is designed for it) would be at your firewall/router. You will shortly find that you need to see your site in the context of a greater security policy. Balance that with why you have a web site and what you keep there }:/. Formulate a real security policy and put it to work. Is your abuser always from the same IP address? Then report it to the upstream ISP and help protect the field. OTOH, a dial up account is easy to setup and abusive nut cases are very fond of them as it costs them nothing. Do you want to catch this black hat in the act? Put up a honey pot and attract all kinds of critters. But really, think about what you do with your server and get a working policy, firewall, router, etc. Get some books, investigate a DMZ, encryption etc. Visit CERT, Security Focus, l0pth and others. Enjoy, but remember, your not in Kansas any more. Mike - -Original Message- From: Juan Andres Alvarez Valenzuela [SMTP:[EMAIL PROTECTED]] Sent: Monday, November 06, 2000 8:30 AM To: CF-Talk Subject: Blocking IPs Hello everyone, Someone has experience in blocking the access to some IP number in CF ? We have a potential information robber and we are trying to block him. ideas? ~Juandres - -- - -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.3 for non-commercial use http://www.pgp.com iQA/AwUBOgc2K3YFmKomMlANEQJTLQCeJuiwku1xHTP+c3vCtLOaa72ZUnMAn1Y0 3QkmOUPy9j9RmrwsCSdAMzTS =Qopx -END PGP SIGNATURE- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED] Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED]
Re: Blocking s.o. from utilize open SMTP-Ports ( was Blocking IPs )
BlackIce should suffice, it will actually warn you and log smtp relay attempts. At which point you can block the ip. jon - Original Message - From: "CF-Talk" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Sent: Sunday, November 12, 2000 4:43 AM Subject: OT: Blocking s.o. from utilize open SMTP-Ports ( was Blocking IPs ) Speaking of blocking. Does s.o. know of a blocking SW which blocks one IP (or several IPs) to prevent that s.o. uses the open SMTP-Mail-Server ? My Mail-server doesn't provide this feature or only on a domain-basis. But I want to use it for a static server IP. Uwe - Original Message - From: "Mike Sullivan" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Sent: Montag, 6. November 2000 23:54 Subject: RE: Blocking IPs -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Juan, You could block an intruder at your web server with the facilities of the httpd software, the server's tcp/ip features, you can also do it from CF (but you would have to wait for the intruder to request a Cf template... maybe you don't want to wait that long!). There are a lot of inetd sorts of security that depend on the platform you are using. The best (fastest, most robust and a goodie that is designed for it) would be at your firewall/router. You will shortly find that you need to see your site in the context of a greater security policy. Balance that with why you have a web site and what you keep there }:/. Formulate a real security policy and put it to work. Is your abuser always from the same IP address? Then report it to the upstream ISP and help protect the field. OTOH, a dial up account is easy to setup and abusive nut cases are very fond of them as it costs them nothing. Do you want to catch this black hat in the act? Put up a honey pot and attract all kinds of critters. But really, think about what you do with your server and get a working policy, firewall, router, etc. Get some books, investigate a DMZ, encryption etc. Visit CERT, Security Focus, l0pth and others. Enjoy, but remember, your not in Kansas any more. Mike - -Original Message- From: Juan Andres Alvarez Valenzuela [SMTP:[EMAIL PROTECTED]] Sent: Monday, November 06, 2000 8:30 AM To: CF-Talk Subject: Blocking IPs Hello everyone, Someone has experience in blocking the access to some IP number in CF ? We have a potential information robber and we are trying to block him. ideas? ~Juandres - -- - -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.3 for non-commercial use http://www.pgp.com iQA/AwUBOgc2K3YFmKomMlANEQJTLQCeJuiwku1xHTP+c3vCtLOaa72ZUnMAn1Y0 3QkmOUPy9j9RmrwsCSdAMzTS =Qopx -END PGP SIGNATURE- -- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED] -- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED] Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED]
Re: Blocking IPs
From: David Cummins [EMAIL PROTECTED] If you want to be really sneaky, though, if its their IP, spit out a standard error message. You'll have them racking their brains for days! One security book I read discussed created a fake environment to lull info robbers into exploring. Filled with junk, it keeps them involved while you run phone traces, etc. to track down the person... -- Never apply a Star Trek solution to a Babylon 5 problem. Larry W. Virden mailto:[EMAIL PROTECTED] URL: http://www.purl.org/NET/lvirden/ Even if explicitly stated to the contrary, nothing in this posting should be construed as representing my employer's opinions. -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED]
RE: Blocking IPs
Here you go Juandres: http://www.decfug.org/SampleCode/BlockIPs/ John McKown, VP Business Services - Delaware.Net, Inc. Founder, Delaware Cold Fusion Users Group 30 Old Rudnick Lane, Suite 200 Dover, DE 19901 email: [EMAIL PROTECTED] phone: 302-736-5515 fax: 302-736-5945 icq: 1495432 -Original Message- From: Juan Andres Alvarez Valenzuela [mailto:[EMAIL PROTECTED]] Sent: Monday, November 06, 2000 11:30 AM To: CF-Talk Subject: Blocking IPs Hello everyone, Someone has experience in blocking the access to some IP number in CF ? We have a potential information robber and we are trying to block him. ideas? ~Juandres -- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED] Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED]
RE: Blocking IPs
Enjoy: http://www.decfug.org/SampleCode/BlockIPs John McKown, VP Business Services Delaware.Net, Inc. 30 Old Rudnick Lane, Suite 200 Dover, DE 19901 email: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] phone: 302-736-5515 fax: 302-736-5945 icq: 1495432 -Original Message- From: Juan Andres Alvarez Valenzuela [mailto:[EMAIL PROTECTED]] Sent: Monday, November 06, 2000 11:30 AM To: CF-Talk Subject: Blocking IPs Hello everyone, Someone has experience in blocking the access to some IP number in CF ? We have a potential information robber and we are trying to block him. ideas? ~Juandres -- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED] Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED]
Re: Blocking IPs
If you want to be really sneaky, though, if its their IP, spit out a standard error message. You'll have them racking their brains for days! For example, make it output the HTML of a standard 404 page... or if you know what scripting language they're using, make it spit out an error message which could be produced by that language. ;) Maybe put in extraneous junk HTML to break a badly-written parser? David Cummins Evan Lavidor wrote: You could throw something like cfif CGI.REMOTE_ADDR IS 'xxx.xxx.xxx.xxx' cflocation url="http://myserver.com/getout.cfm" addtoken="no" /cfif to the end of your application.cfm file. Evan -Original Message- From: Juan Andres Alvarez Valenzuela [mailto:[EMAIL PROTECTED]] Sent: Monday, November 06, 2000 11:30 AM To: CF-Talk Subject: Blocking IPs Hello everyone, Someone has experience in blocking the access to some IP number in CF ? We have a potential information robber and we are trying to block him. ideas? ~Juandres -- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED] Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED]
Blocking IPs
Hello everyone, Someone has experience in blocking the access to some IP number in CF ? We have a potential information robber and we are trying to block him. ideas? ~Juandres Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED]
RE: Blocking IPs
I have an application that I built that does this pretty well. It blocks IPs tanges, Phrases, Names, or email addresses. I will be happy to share it with you. John McKown, VP Business Services Delaware.Net, Inc. 30 Old Rudnick Lane, Suite 200 Dover, DE 19901 email: [EMAIL PROTECTED] phone: 302-736-5515 fax: 302-736-5945 icq: 1495432 -Original Message- From: Juan Andres Alvarez Valenzuela [mailto:[EMAIL PROTECTED]] Sent: Monday, November 06, 2000 11:30 AM To: CF-Talk Subject: Blocking IPs Hello everyone, Someone has experience in blocking the access to some IP number in CF ? We have a potential information robber and we are trying to block him. ideas? ~Juandres -- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED] Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED]
Re: Blocking IPs
- Original Message - From: "Juan Andres Alvarez Valenzuela" [EMAIL PROTECTED] Sent: Monday, November 06, 2000 4:29 PM Someone has experience in blocking the access to some IP number in CF ? We have a potential information robber and we are trying to block him. You can do this at the webserver i.e. in IIS using the Directory Security - IP Address and Domain Name restrictions - options of the website properties, I think Website (the server product) will do this as well - but not sure. Adrian Cooper. Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED]
RE: Blocking IPs
Someone has experience in blocking the access to some IP number in CF ? We have a potential information robber and we are trying to block him. There are much more creative ways to stop him (or her) than just blocking... :) Check #CGI.REMOTE_ADDR# for the visitor's IP address... -Cameron Cameron Childress ElliptIQ Inc. p.770.460.7277.232 f.770.460.0963 -Original Message- From: Juan Andres Alvarez Valenzuela [mailto:[EMAIL PROTECTED]] Sent: Monday, November 06, 2000 11:30 AM To: CF-Talk Subject: Blocking IPs Hello everyone, Someone has experience in blocking the access to some IP number in CF ? We have a potential information robber and we are trying to block him. ideas? ~Juandres -- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED] Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED]
RE: Blocking IPs
You could throw something like cfif CGI.REMOTE_ADDR IS 'xxx.xxx.xxx.xxx' cflocation url="http://myserver.com/getout.cfm" addtoken="no" /cfif to the end of your application.cfm file. Evan -Original Message- From: Juan Andres Alvarez Valenzuela [mailto:[EMAIL PROTECTED]] Sent: Monday, November 06, 2000 11:30 AM To: CF-Talk Subject: Blocking IPs Hello everyone, Someone has experience in blocking the access to some IP number in CF ? We have a potential information robber and we are trying to block him. ideas? ~Juandres -- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED] Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED]
Re: Blocking IPs
Someone has experience in blocking the access to some IP number in CF ? We have a potential information robber and we are trying to block him. ideas? Application.cfm + REMOTE_ADDR + REMOTE_HOST + table with "ban" IP should help. Cheers, Gennadi Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED]
RE: Blocking IPs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Juan, You could block an intruder at your web server with the facilities of the httpd software, the server's tcp/ip features, you can also do it from CF (but you would have to wait for the intruder to request a Cf template... maybe you don't want to wait that long!). There are a lot of inetd sorts of security that depend on the platform you are using. The best (fastest, most robust and a goodie that is designed for it) would be at your firewall/router. You will shortly find that you need to see your site in the context of a greater security policy. Balance that with why you have a web site and what you keep there }:/. Formulate a real security policy and put it to work. Is your abuser always from the same IP address? Then report it to the upstream ISP and help protect the field. OTOH, a dial up account is easy to setup and abusive nut cases are very fond of them as it costs them nothing. Do you want to catch this black hat in the act? Put up a honey pot and attract all kinds of critters. But really, think about what you do with your server and get a working policy, firewall, router, etc. Get some books, investigate a DMZ, encryption etc. Visit CERT, Security Focus, l0pth and others. Enjoy, but remember, your not in Kansas any more. Mike - -Original Message- From: Juan Andres Alvarez Valenzuela [SMTP:[EMAIL PROTECTED]] Sent: Monday, November 06, 2000 8:30 AM To: CF-Talk Subject:Blocking IPs Hello everyone, Someone has experience in blocking the access to some IP number in CF ? We have a potential information robber and we are trying to block him. ideas? ~Juandres - -- - -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.3 for non-commercial use http://www.pgp.com iQA/AwUBOgc2K3YFmKomMlANEQJTLQCeJuiwku1xHTP+c3vCtLOaa72ZUnMAn1Y0 3QkmOUPy9j9RmrwsCSdAMzTS =Qopx -END PGP SIGNATURE- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED]
Re: Blocking IPs
Yes. If he has a static IP address, you can block him in you webserver or by a cf script like: For the IP Address 198.3.96.103 cfif gettoken(cgi.remote_addr,1,".") is 198 cfif gettoken(cgi.remote_addr,2,".") is 3 cfif gettoken(cgi.remote_addr,3,".") is 96 cfif gettoken(cgi.remote_addr,4,".") is 103 cflocation url = "block.cfm" /cfif /cfif /cfif /cfif If he is on aol or earthlink or other ISPs with dynamic IP, will not working against him alone. At 05:29 PM 11/6/00 +0100, you wrote: Hello everyone, Someone has experience in blocking the access to some IP number in CF ? We have a potential information robber and we are trying to block him. ideas? ~Juandres Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED] Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED]
Blocking IPs
Better yet... For the IP Address 198.3.96.103 cfif gettoken(cgi.remote_addr,1,".") is 198 and gettoken(cgi.remote_addr,2,".") is 3 and gettoken(cgi.remote_addr,3,".") is 96 and gettoken(cgi.remote_addr,4,".") is 103 cflocation url = "block.cfm" /cfif Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED]