It came from pure desperation. IP filtering wasn't doing the trick for me, so I started paying attention to the rDNS names and checking out their websites. When I saw the same site again and again, I knew I had a way to stop them. Then I also noticed that a lot of identical sites were hosted on IPs in the same subnets, so I extended the script to search out neighboring IPs. It works pretty well.
The script generates entries in a blacklist directory structure, not a file, so the number of blacklist entries shouldn't be a problem. Because each entry is a separate file, you could write a very simple script to automatically delete any files older than X days. That would make them automatically expire. -- Sam Clippinger On Apr 9, 2013, at 7:08 AM, David Milholen wrote: > Very Clever, > Where did this idea come from? > Also, is there tick timer per IP so as not to load up the blacklist file? > I like using the timers in router OS when performing firewall rule sets. > Basically lists the bad ip or name for a time limit then drops it but it will > get > added again if it is still bad. > > Dave > > On 1/27/2013 4:00 PM, Sam Clippinger wrote: >> I've been asked for these scripts a few times and I've finally made the time >> to package them up. They can be downloaded here: >> http://www.spamdyke.org/releases/hunter_seeker/ >> http://www.spamdyke.org/releases/spamtrap/ >> Of the two, the hunter_seeker script is the most effective. My rDNS >> blacklist is up to 92500 entries and stops a significant number of incoming >> messages every day. >> >> -- Sam Clippinger >> >> >> >> >> On Jan 18, 2013, at 4:44 PM, Denny W. Jones wrote: >> >>> Mr Clippinger, >>> >>> In this message: >>> >>> http://www.mail-archive.com/spamdyke-users@spamdyke.org/msg01162.html >>> >>> you refer to a script you wrote for scanning for IP's to blacklist. I was >>> wondering if you were able to make this available for download. I'd be very >>> interested in experimenting with it on my server. >>> >>> Thanks for your time. >>> >>> Denny >>> >> >> >> >> _______________________________________________ >> spamdyke-users mailing list >> spamdyke-users@spamdyke.org >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users > > > -- > > David Milholen > Project Engineer > P:501-318-1300 > _______________________________________________ > spamdyke-users mailing list > spamdyke-users@spamdyke.org > http://www.spamdyke.org/mailman/listinfo/spamdyke-users
_______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users