Ban IP Ranges

Posted: Thu Aug 26, 2004 2:54 am

The only feature I would really like to see in Sentinal is the ability to ban defined IP ranges.

Yes, I want to ban entire Class C's and B's, but also specific ranges (entire Countries and particual ISP's).

Thanks!

Posted: Fri Nov 05, 2004 2:06 pm

Why?

Posted: Fri Nov 05, 2004 2:11 pm

Hi

Well, first please notice that the date of my post is in august.

Next, I would think the reason would be obvious in that range banning permits admins to ban ranges of abusers (a particular telco for example).

Finally, as NukeSentinel now has this feature as requested, it's a moot point.

Thanks

Posted: Fri Nov 05, 2004 2:30 pm

I understand the old post thing Very Happy

I was just wondering why to ban everyone. Not so much if they had the feature or not.

If I banned who ranges of people that are in the same group as hackers ... I'd end up banning lots of innocent people. Also most companies are now changing their user IP's more often. When I first signed onto cable ISP I have my same IP for 5 years, now they change it every 2 months. More user now then back then. You could ban people that truely want to visit your site.

At most if someone is trying to harvest your site (what I ban most) then at most I receive an email letting me know of the ban. It's not like I have to do anything with the information.

Posted: Fri Nov 05, 2004 2:56 pm

Well, I can't speak for everyone, but I do ban entire ranges to eliminate access from entire counties and certain ISP's.

My site is targetted toward a specific group of users and if abusers known to enhabit certain ISP's (Like the syrian sponsored internet hackers group for example) want access to my site, they'll find themselves redirected to www.fbi.gov.

There are large numbers of ISPs out there that take no action against abusers and hackers. There are also those that actually promote this practice including Government and Corporate sponsored terrorism, hackers and even script kiddies via some ISPs.

The Ban range feature eliminates this problem for me and others. I have yet to find anyone that has been banned "innocently" by NukeSentinel (or by protector when I used these features there, before being incorporated into NukeSentinel).

I have designed an automated complaint system (while still somewhat unreliable) for my site that notifies the ISP of abusers to take this one step further. As my site also collects abuse and intrusion attempt information for Operation Web Snare, I take all forms of abuse extremely seriously.

Finally, as for companies having different ranges of IP's, you'll find that this is very rare. While your IP may change every 2 months, the block of IP's used by your service provider is static. Regardless, it is easy to find the allocated ranges of any ISP and thus, just as easy to ban those ranges or even when they obtain new ranges.

Domestically, I have had zero problems; however, Internationally, I have had many abuse attempts and find that (generally speaking) the ISP's in question take no action against these abusive users, as the ISP's just don't care. In those situations, I find it easier to ban the entire ISP or in some cases the entire country rather than put my site at risk simply because the hosts in question are not willing to take steps to curb the abuse. It's a "better safe than sorry" situation. If "innocent" people get caught up in that, I won't appologize but rather simply state that my site security is more important than providing access to blocks of "widely publicized and known" abusive ranges of IPs.

If I had a nickel for every script kiddie that attacked me with Union and Clike attempts from Syria, The United Arab Emerates, Iraq, Saudi Arabia, Iran and other places, I'd be a rich man.

I'm waiting for someone to invent a way that made it so that each abuse attempt triggered a click by that user on my adsense block. This way I'd at least get paid for the abuse attempt. Smile

Posted: Fri Nov 05, 2004 3:05 pm

64bitguy wrote:

I'm waiting for someone to invent a way that made it so that each abuse attempt triggered a click by that user on my adsense block. This way I'd at least get paid for the abuse attempt. Smile

That's too funny Smile

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

64BitGuy wrote:

I'm waiting for someone to invent a way that made it so that each abuse attempt triggered a click by that user on my adsense block. This way I'd at least get paid for the abuse attempt.

That's actually rather easy to do Wink

Posted: Fri Nov 05, 2004 5:27 pm

Wahoo Raven is going to make us all millionaires!!!!

Worker Joined: Aug 06, 2004 Posts: 192

64bitguy wrote:

I'm waiting for someone to invent a way that made it so that each abuse attempt triggered a click by that user on my adsense block. This way I'd at least get paid for the abuse attempt. Smile

Couldn't you just redirect them to the link to your adsense block?

Posted: Fri Nov 05, 2004 11:38 pm

Give the man a cigar Idea

Posted: Sat Nov 06, 2004 9:35 am

Given that the data is over 255 chars, would you change the field type of the nuke_nsnst_blockers table "Forward" field to be "text" instead of varchar(255)?

I was thinking blob at first, but then the issue of it binary threw me off.

Posted: Tue Nov 08, 2005 11:39 am

Hmm, this is interesting!
Not sure how redirecting to an adsense block would work as you would need to incorporate the publisher ID - call me stupid but js has never been something I have had any interest in but this thread might just change my mind.