I'd like to include this in QMT somewhere. We should look into including it when we put spamdyke in the stock packaging, which I'm hoping will happen sometime this year.
Thanks Dave! -- -Eric 'shubes' On 04/09/2013 06:42 PM, David Milholen wrote: > That is the ticket.. > My turn contribute :) > I have a secondary/backup server I will install your script on and allow > some production traffic to pass through and > I will get started on a time out script for this. > Maybe Eric can include this as a whole on the QMT WIKI site. > When I can, I will submit a follow up with results. > Thanks > Dave > > On 4/9/2013 9:15 AM, Sam Clippinger wrote: >> It came from pure desperation. IP filtering wasn't doing the trick >> for me, so I started paying attention to the rDNS names and checking >> out their websites. When I saw the same site again and again, I knew >> I had a way to stop them. Then I also noticed that a lot of identical >> sites were hosted on IPs in the same subnets, so I extended the script >> to search out neighboring IPs. It works pretty well. >> >> The script generates entries in a blacklist directory structure, not a >> file, so the number of blacklist entries shouldn't be a problem. >> Because each entry is a separate file, you could write a very simple >> script to automatically delete any files older than X days. That >> would make them automatically expire. >> >> -- Sam Clippinger >> >> >> >> >> On Apr 9, 2013, at 7:08 AM, David Milholen wrote: >> >>> Very Clever, >>> Where did this idea come from? >>> Also, is there tick timer per IP so as not to load up the blacklist file? >>> I like using the timers in router OS when performing firewall rule sets. >>> Basically lists the bad ip or name for a time limit then drops it but >>> it will get >>> added again if it is still bad. >>> >>> Dave >>> >>> On 1/27/2013 4:00 PM, Sam Clippinger wrote: >>>> I've been asked for these scripts a few times and I've finally made >>>> the time to package them up. They can be downloaded here: >>>> http://www.spamdyke.org/releases/hunter_seeker/ >>>> http://www.spamdyke.org/releases/spamtrap/ >>>> Of the two, the hunter_seeker script is the most effective. My rDNS >>>> blacklist is up to 92500 entries and stops a significant number of >>>> incoming messages every day. >>>> >>>> -- Sam Clippinger >>>> >>>> >>>> >>>> >>>> On Jan 18, 2013, at 4:44 PM, Denny W. Jones wrote: >>>> >>>>> Mr Clippinger, >>>>> >>>>> In this message: >>>>> >>>>> http://www.mail-archive.com/spamdyke-users-/x2b3zmi7jpg9huczpv...@public.gmane.org/msg01162.html >>>>> >>>>> you refer to a script you wrote for scanning for IP's to blacklist. >>>>> I was wondering if you were able to make this available for >>>>> download. I'd be very interested in experimenting with it on my server. >>>>> >>>>> Thanks for your time. >>>>> >>>>> Denny >>>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> spamdyke-users mailing list >>>> spamdyke-users-/x2b3zmi7jpg9huczpv...@public.gmane.org >>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>> >>> >>> -- >>> >>> David Milholen >>> Project Engineer >>> P:501-318-1300 >>> _______________________________________________ >>> spamdyke-users mailing list >>> spamdyke-users-/x2b3zmi7jpg9huczpv...@public.gmane.org >>> <mailto:spamdyke-users-/x2b3zmi7jpg9huczpv...@public.gmane.org> >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >> >> >> >> _______________________________________________ >> spamdyke-users mailing list >> spamdyke-users-/x2b3zmi7jpg9huczpv...@public.gmane.org >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users > > > -- > > David Milholen > Project Engineer > P:501-318-1300 > > > _______________________________________________ > spamdyke-users mailing list > spamdyke-users-/x2b3zmi7jpg9huczpv...@public.gmane.org > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
