Results 1 to 2 of 2

Thread: Bad actors on the Web... Start blocking IP addresses...

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. 2011-12-19, 13:54 #1
    AplusWebMaster
    AplusWebMaster is offline
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Bad actors on the Web... Start blocking IP addresses...

    FYI... updated 5 Dec 2012:

    Malware samples on the Web and on malicious sites have reached levels near 95 million*, with over 100,000 new malicious programs every day.
    * http://www.av-test.org/en/statistics/malware/

    You can use any of several methods to block some of these "Bad actors", 'not suggesting any of which are 100%, but this is a good place to start. One way (for example) would be utilizing the AdBlockPlus** browser extention (updated to v2.2.1 for FF):
    ** https://addons.mozilla.org/en-US/fir.../adblock-plus/

    ... then creating/adding a "Custom filter" that can include simple IP address blocks:
    > https://adblockplus.org/blog/blockin...h-adblock-plus

    ... with good reason:
    - https://blogs.msdn.com/themes/blogs/...006&GroupKeys=
    "... malware that connects using an IP address instead of a domain name will -not- be blocked when you use just domain name lists..."
    i.e.: https://zeustracker.abuse.ch/blocklist.php
    "... some ZeuS hosts are just hosted on an ip address and not on a domain..."

    Google - Infected sites discovered monthly
    - http://2.bp.blogspot.com/-NdmiLOfBQp...re-landing.png
    June 19, 2012

    Google - Phishing sites discovered monthly
    - http://1.bp.blogspot.com/-VrIyBqxOok...0/phishing.png
    June 19, 2012

    > http://googleonlinesecurity.blogspot...users-for.html
    ___

    Whatever method you choose, here are a few IP address blocks that you may want to include:
    1. AS:48691 Specialist: SQL injections, malicious software // IP: 194.28.112-115.*
    - http://blog.dynamoo.com/2011/12/evil...alist-ltd.html
    12 December 2011
    2. AS:43473 UKRSTAR:
    - http://blog.dynamoo.com/2011/12/evil...rstar-net.html
    12 December 2011 - "... there appear to be no legitimate sites here and blocking the whole lot could save you some grief..."
    91.195.10.0 - 91.195.11.255 [ 91.195.10-11.* ]
    3. Blackhole Exploit kits:
    - http://blog.dynamoo.com/2011/11/bred...-to-block.html
    23 November 2011
    195.254.135.72 (FastWeb SRL, Romania. Recommend blocking 195.254.134.0/23)
    [195.254.134-135.*]
    89.208.34.116 (Digital Networks SRL, Russia. Recommend blocking 89.208.34.0/24)
    [89.208.34.*]
    95.163.89.193 (Digital Networks JSC, Russia. Recommend blocking 95.163.64.0/19)
    [95.163.64-89.*]
    4. https://zeustracker.abuse.ch/blocklist.php
    (Several different formats there.)

    'Not suggesting that is an "all-inclusive list", but it may be a good place to get started.

    * https://adblockplus.org/blog/blockin...h-adblock-plus
    > https://addons.mozilla.org/en-US/fir.../adblock-plus/
    .
    Last edited by AplusWebMaster; 2012-12-05 at 17:03.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules