Re: [spamdyke-users] Script You Mentioned on the Archive List
I'd like to include this in QMT somewhere. We should look into including it when we put spamdyke in the stock packaging, which I'm hoping will happen sometime this year. Thanks Dave! -- -Eric 'shubes' On 04/09/2013 06:42 PM, David Milholen wrote: That is the ticket.. My turn contribute :) I have a secondary/backup server I will install your script on and allow some production traffic to pass through and I will get started on a time out script for this. Maybe Eric can include this as a whole on the QMT WIKI site. When I can, I will submit a follow up with results. Thanks Dave On 4/9/2013 9:15 AM, Sam Clippinger wrote: It came from pure desperation. IP filtering wasn't doing the trick for me, so I started paying attention to the rDNS names and checking out their websites. When I saw the same site again and again, I knew I had a way to stop them. Then I also noticed that a lot of identical sites were hosted on IPs in the same subnets, so I extended the script to search out neighboring IPs. It works pretty well. The script generates entries in a blacklist directory structure, not a file, so the number of blacklist entries shouldn't be a problem. Because each entry is a separate file, you could write a very simple script to automatically delete any files older than X days. That would make them automatically expire. -- Sam Clippinger On Apr 9, 2013, at 7:08 AM, David Milholen wrote: Very Clever, Where did this idea come from? Also, is there tick timer per IP so as not to load up the blacklist file? I like using the timers in router OS when performing firewall rule sets. Basically lists the bad ip or name for a time limit then drops it but it will get added again if it is still bad. Dave On 1/27/2013 4:00 PM, Sam Clippinger wrote: I've been asked for these scripts a few times and I've finally made the time to package them up. They can be downloaded here: http://www.spamdyke.org/releases/hunter_seeker/ http://www.spamdyke.org/releases/spamtrap/ Of the two, the hunter_seeker script is the most effective. My rDNS blacklist is up to 92500 entries and stops a significant number of incoming messages every day. -- Sam Clippinger On Jan 18, 2013, at 4:44 PM, Denny W. Jones wrote: Mr Clippinger, In this message: http://www.mail-archive.com/spamdyke-users-/x2b3zmi7jpg9huczpv...@public.gmane.org/msg01162.html you refer to a script you wrote for scanning for IP's to blacklist. I was wondering if you were able to make this available for download. I'd be very interested in experimenting with it on my server. Thanks for your time. Denny ___ spamdyke-users mailing list spamdyke-users-/x2b3zmi7jpg9huczpv...@public.gmane.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- David Milholen Project Engineer P:501-318-1300 ___ spamdyke-users mailing list spamdyke-users-/x2b3zmi7jpg9huczpv...@public.gmane.org mailto:spamdyke-users-/x2b3zmi7jpg9huczpv...@public.gmane.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users-/x2b3zmi7jpg9huczpv...@public.gmane.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- David Milholen Project Engineer P:501-318-1300 ___ spamdyke-users mailing list spamdyke-users-/x2b3zmi7jpg9huczpv...@public.gmane.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Script You Mentioned on the Archive List
Very Clever, Where did this idea come from? Also, is there tick timer per IP so as not to load up the blacklist file? I like using the timers in router OS when performing firewall rule sets. Basically lists the bad ip or name for a time limit then drops it but it will get added again if it is still bad. Dave On 1/27/2013 4:00 PM, Sam Clippinger wrote: I've been asked for these scripts a few times and I've finally made the time to package them up. They can be downloaded here: http://www.spamdyke.org/releases/hunter_seeker/ http://www.spamdyke.org/releases/spamtrap/ Of the two, the hunter_seeker script is the most effective. My rDNS blacklist is up to 92500 entries and stops a significant number of incoming messages every day. -- Sam Clippinger On Jan 18, 2013, at 4:44 PM, Denny W. Jones wrote: Mr Clippinger, In this message: http://www.mail-archive.com/spamdyke-users@spamdyke.org/msg01162.html you refer to a script you wrote for scanning for IP's to blacklist. I was wondering if you were able to make this available for download. I'd be very interested in experimenting with it on my server. Thanks for your time. Denny ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- David Milholen Project Engineer P:501-318-1300 ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Script You Mentioned on the Archive List
It came from pure desperation. IP filtering wasn't doing the trick for me, so I started paying attention to the rDNS names and checking out their websites. When I saw the same site again and again, I knew I had a way to stop them. Then I also noticed that a lot of identical sites were hosted on IPs in the same subnets, so I extended the script to search out neighboring IPs. It works pretty well. The script generates entries in a blacklist directory structure, not a file, so the number of blacklist entries shouldn't be a problem. Because each entry is a separate file, you could write a very simple script to automatically delete any files older than X days. That would make them automatically expire. -- Sam Clippinger On Apr 9, 2013, at 7:08 AM, David Milholen wrote: Very Clever, Where did this idea come from? Also, is there tick timer per IP so as not to load up the blacklist file? I like using the timers in router OS when performing firewall rule sets. Basically lists the bad ip or name for a time limit then drops it but it will get added again if it is still bad. Dave On 1/27/2013 4:00 PM, Sam Clippinger wrote: I've been asked for these scripts a few times and I've finally made the time to package them up. They can be downloaded here: http://www.spamdyke.org/releases/hunter_seeker/ http://www.spamdyke.org/releases/spamtrap/ Of the two, the hunter_seeker script is the most effective. My rDNS blacklist is up to 92500 entries and stops a significant number of incoming messages every day. -- Sam Clippinger On Jan 18, 2013, at 4:44 PM, Denny W. Jones wrote: Mr Clippinger, In this message: http://www.mail-archive.com/spamdyke-users@spamdyke.org/msg01162.html you refer to a script you wrote for scanning for IP's to blacklist. I was wondering if you were able to make this available for download. I'd be very interested in experimenting with it on my server. Thanks for your time. Denny ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- David Milholen Project Engineer P:501-318-1300 ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Script You Mentioned on the Archive List
That is the ticket.. My turn contribute :) I have a secondary/backup server I will install your script on and allow some production traffic to pass through and I will get started on a time out script for this. Maybe Eric can include this as a whole on the QMT WIKI site. When I can, I will submit a follow up with results. Thanks Dave On 4/9/2013 9:15 AM, Sam Clippinger wrote: It came from pure desperation. IP filtering wasn't doing the trick for me, so I started paying attention to the rDNS names and checking out their websites. When I saw the same site again and again, I knew I had a way to stop them. Then I also noticed that a lot of identical sites were hosted on IPs in the same subnets, so I extended the script to search out neighboring IPs. It works pretty well. The script generates entries in a blacklist directory structure, not a file, so the number of blacklist entries shouldn't be a problem. Because each entry is a separate file, you could write a very simple script to automatically delete any files older than X days. That would make them automatically expire. -- Sam Clippinger On Apr 9, 2013, at 7:08 AM, David Milholen wrote: Very Clever, Where did this idea come from? Also, is there tick timer per IP so as not to load up the blacklist file? I like using the timers in router OS when performing firewall rule sets. Basically lists the bad ip or name for a time limit then drops it but it will get added again if it is still bad. Dave On 1/27/2013 4:00 PM, Sam Clippinger wrote: I've been asked for these scripts a few times and I've finally made the time to package them up. They can be downloaded here: http://www.spamdyke.org/releases/hunter_seeker/ http://www.spamdyke.org/releases/spamtrap/ Of the two, the hunter_seeker script is the most effective. My rDNS blacklist is up to 92500 entries and stops a significant number of incoming messages every day. -- Sam Clippinger On Jan 18, 2013, at 4:44 PM, Denny W. Jones wrote: Mr Clippinger, In this message: http://www.mail-archive.com/spamdyke-users@spamdyke.org/msg01162.html you refer to a script you wrote for scanning for IP's to blacklist. I was wondering if you were able to make this available for download. I'd be very interested in experimenting with it on my server. Thanks for your time. Denny ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- David Milholen Project Engineer P:501-318-1300 ___ spamdyke-users mailing list spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- David Milholen Project Engineer P:501-318-1300 ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Script You Mentioned on the Archive List
I've been asked for these scripts a few times and I've finally made the time to package them up. They can be downloaded here: http://www.spamdyke.org/releases/hunter_seeker/ http://www.spamdyke.org/releases/spamtrap/ Of the two, the hunter_seeker script is the most effective. My rDNS blacklist is up to 92500 entries and stops a significant number of incoming messages every day. -- Sam Clippinger On Jan 18, 2013, at 4:44 PM, Denny W. Jones wrote: Mr Clippinger, In this message: http://www.mail-archive.com/spamdyke-users@spamdyke.org/msg01162.html you refer to a script you wrote for scanning for IP's to blacklist. I was wondering if you were able to make this available for download. I'd be very interested in experimenting with it on my server. Thanks for your time. Denny ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
