Results 1 to 2 of 2

Thread: Bad actors on the Web... Start blocking IP addresses...

  1. #1
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Bad actors on the Web... Start blocking IP addresses...

    FYI... updated 5 Dec 2012:

    Malware samples on the Web and on malicious sites have reached levels near 95 million*, with over 100,000 new malicious programs every day.
    * http://www.av-test.org/en/statistics/malware/

    You can use any of several methods to block some of these "Bad actors", 'not suggesting any of which are 100%, but this is a good place to start. One way (for example) would be utilizing the AdBlockPlus** browser extention (updated to v2.2.1 for FF):
    ** https://addons.mozilla.org/en-US/fir.../adblock-plus/

    ... then creating/adding a "Custom filter" that can include simple IP address blocks:
    > https://adblockplus.org/blog/blockin...h-adblock-plus

    ... with good reason:
    - https://blogs.msdn.com/themes/blogs/...006&GroupKeys=
    "... malware that connects using an IP address instead of a domain name will -not- be blocked when you use just domain name lists..."
    i.e.: https://zeustracker.abuse.ch/blocklist.php
    "... some ZeuS hosts are just hosted on an ip address and not on a domain..."

    Google - Infected sites discovered monthly
    - http://2.bp.blogspot.com/-NdmiLOfBQp...re-landing.png
    June 19, 2012

    Google - Phishing sites discovered monthly
    - http://1.bp.blogspot.com/-VrIyBqxOok...0/phishing.png
    June 19, 2012

    > http://googleonlinesecurity.blogspot...users-for.html
    ___

    Whatever method you choose, here are a few IP address blocks that you may want to include:
    1. AS:48691 Specialist: SQL injections, malicious software // IP: 194.28.112-115.*
    - http://blog.dynamoo.com/2011/12/evil...alist-ltd.html
    12 December 2011
    2. AS:43473 UKRSTAR:
    - http://blog.dynamoo.com/2011/12/evil...rstar-net.html
    12 December 2011 - "... there appear to be no legitimate sites here and blocking the whole lot could save you some grief..."
    91.195.10.0 - 91.195.11.255 [ 91.195.10-11.* ]
    3. Blackhole Exploit kits:
    - http://blog.dynamoo.com/2011/11/bred...-to-block.html
    23 November 2011
    195.254.135.72 (FastWeb SRL, Romania. Recommend blocking 195.254.134.0/23)
    [195.254.134-135.*]
    89.208.34.116 (Digital Networks SRL, Russia. Recommend blocking 89.208.34.0/24)
    [89.208.34.*]
    95.163.89.193 (Digital Networks JSC, Russia. Recommend blocking 95.163.64.0/19)
    [95.163.64-89.*]
    4. https://zeustracker.abuse.ch/blocklist.php
    (Several different formats there.)

    'Not suggesting that is an "all-inclusive list", but it may be a good place to get started.

    * https://adblockplus.org/blog/blockin...h-adblock-plus
    > https://addons.mozilla.org/en-US/fir.../adblock-plus/
    .
    Last edited by AplusWebMaster; 2012-12-05 at 18:03.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #2
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Bad actors on the Web... Start blocking IP addresses...

    FYI...

    Malware samples on the Web and on malicious sites have reached levels over 100 million*, with over 100,000 new malicious programs every day.
    * http://www.av-test.org/en/statistics/malware/
    Last update: 01-27-2013

    You can use any of several methods to block some of these "Bad actors", 'not suggesting any of which are 100%, but this is a good place to start. One way (for example) would be utilizing the AdBlockPlus** browser extention (updated to v2.2.2 for FF):
    ** https://addons.mozilla.org/en-US/fir.../adblock-plus/

    ... then creating/adding a "Custom filter" that can include simple IP address blocks:
    > https://adblockplus.org/blog/blockin...h-adblock-plus

    ... with good reason:
    - https://blogs.msdn.com/themes/blogs/...006&GroupKeys=
    "... be aware that malware that connects using an IP address instead of a domain name will -not- be blocked when you use just domain name lists..."
    i.e.: https://zeustracker.abuse.ch/blocklist.php
    "... some ZeuS hosts are just hosted on an ip address and not on a domain..."

    Last edited by AplusWebMaster; 2013-02-05 at 18:38.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •