| Author |
Message |
Susann
Moderator
Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support
|
 Posted:
Tue Oct 03, 2006 10:49 am |
|
I hope you don´t ban Germany. 
The problem is that there are different categories of hackers I don´t explain this in detail but I´m sure you know the difference between script-kiddies, religious, fanatic or political hackers and the group of criminal hackers who hacked great websites like Microsoft, phpBB or the Firefox Marketing site etc.
Of course the result is the same...and the people are tired to restore and fix holes again and again.
Its sad to say but Make Love, not War doesn´t help anymore. Should I have sympathy with one of these hacker groups ?
Not everybody can pay for a certified ethical hacker to prevent such things.If you are against extortion and its not possible to fix all security holes the easiest way is to ban the complete country.
If you would like to know more about the motivation of cyber attacks just read one of the many reports:
http://www-03.ibm.com/industries/financialservices/doc/content/news/pressrelease/1500860103.html |
| |
|
|
|
Truden
New Member
Joined: Dec 14, 2004
Posts: 18
Location: Johannesburg/South Africa
|
| Posted:
Tue Oct 03, 2006 11:39 am |
|
I don't want to dilute your "Turkey IP topic" with preaching...
The number of the reasons is covered by the number of the excuses multiplied by n. |
| |
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
| Posted:
Tue Oct 03, 2006 9:19 pm |
|
True, there are hackers of all nations and cultures. But if your audience is not Turkish nor in any way would have Turkish users, I'd say ban them. Hackers are the only connections from Turkey I ever get. I really can't say that about any other country, but Brazil would probably be the next on my list. |
_________________
- Only registered users can see links on this board! Get registered or login! -
Need help? Only registered users can see links on this board! Get registered or login! |
|
|
|
|
GUNZ
New Member
Joined: Sep 23, 2003
Posts: 15
|
| Posted:
Wed Nov 01, 2006 2:48 pm |
|
|
|
|
|
ctec
New Member
Joined: Aug 18, 2005
Posts: 4
Location: Texas
|
| Posted:
Tue Nov 14, 2006 8:05 am |
|
There are people out there with nothing but malice in what they do. Not the whole country but enough of them to make banning the entire IP segment worth doing so. Banning IP's is only one of many small tools we who own website can use to keep unwanted people out. I found a perl script that bans folks after 5 tries into my SFTP/SSH servers and logs it. Look up fail2ban. Most useful.
1. Not allowing open FTP's or telnets.
2. Not allowing root logins. (This one should be a NEVER statement).
3. Never start your services with root or an account with high or open access to the rest of the server file structure.
4. Limiting the user names that can sftp or SSH in.
5. Passwords that are not simple. They should not even make close to words. Hackers use l33t add-in to the dictionary attacks.
6. Do not use the same password for all of your accounts even though they do different things. You'll pay for that if you do. Make a written list of users and passwords for your site and services. They need to be complex to keep simple WAR attacks from succeeding.
7. Make your PHPnuke (what ever flavor it is) site as close to bullet proof as you can.
99% of this is common things to do.
Not knowing how, or too inconvenient causes security to have holes in it. Like leaving a sendmail server running from a full install of an O/S and not shutting it down (because you don't need it running) or misconfiguring it so hackers gain access. Worse yet they use your email address as the sender and you get beat up over sending spam out. Personal experience there, tough lessons are the best remembered.
I do not claim to know 1/10th of whats needed to keep hacks out. Just sharing my own mistakes in the past and how I corrected them.
Keep on Trucking Raven.
CTec. |
| |
|
|
|
|
benny_tllh
Hangin' Around
Joined: Dec 29, 2006
Posts: 31
|
| Posted:
Fri Jul 13, 2007 6:11 am |
|
Luckily im not getting much attention from hackers, so i thought "what to do with the abuse report !" I forward the mail to the Company responsible for the IP and contact the domain host where the script is.
Have just started but has anyone else tried ? Know it will prob. change nothing (no replies yet) but if they can boot a IP customer it would be nice. Or annoy IP/domain host to either loose resources or to do something about it (beside the quick fix : block my mails  )
Anyway i could bann every country except 2-3 because my site is pure local, but i think its against the spirtit of the net and havnt done it yet. Im so lucky my site is almost static so a quick upload fixed the onetime hack i have had. (actualy from turkey refering to a company that could help with security) 10 min and its back.
(btw. i dont use the forum, have blocked the folder,so im at no risk atm. because 100% i targeted forum) |
| |
|
|
|
|
evaders99
|
| Posted:
Fri Jul 13, 2007 8:23 am |
|
Well I try. For places like Turkey, its relatively pointless because it seems every script kiddie and his mother is hacking as a living.
Better are webhost ISPs whose servers are controlled by botnets. Every one taken down can stop hundreds or thousands of other scans against other hosts. |
| |
|
|
|
|
benny_tllh
|
| Posted:
Fri Jul 13, 2007 2:51 pm |
|
atm. 75% of attacks are IP's from US and alarge amount from RIPE in NL (anything but turkey or brasil) and it would be real nice if ISP's got a report abuse/hacker instead of only a report abuse/spam. Worst to find was yahoo, where i ended up sending to customer service US instead of reporting abuse.
IP are a lot easier, they often has a abuse mail adress ind the whois sent by sentinell. But i just considered (this sec) do they use "fake" ips so the report is of no use ? The one that are trying hard at this moment with a script on "http://br.geocities.com/edmidg/cmd.txt" are switching IP providers and its strange all companies from US and CA. (think i will ask in a report to the provided mail).
If its the case (and not diff. people using the same script) sentinell could proide whois to the script domain instead of the IP. |
| |
|
|
|
|
7ekno
New Member
Joined: Dec 22, 2005
Posts: 13
|
| Posted:
Sun Aug 05, 2007 10:31 pm |
|
| Raven wrote: | http://software77.net/cgi-bin/ip-country/geo-ip.pl
Get up-2-date Country vs IP database for free. |
How do we go about getting that information into Sentinel / Nuke?!?
I only ask because I have not found an easy way to do it ... I manually pulled out the countries I was interested in, and changed it to the .data format in the import directory ...
But to do that for all countries is a pain, is there an easier way that I am overlooking?!?
Thanks,
Tek |
| |
|
|
|
|
fkelly
Former Moderator in Good Standing
Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY
|
| Posted:
Mon Aug 06, 2007 7:07 am |
|
See this recent post:
Only registered users can see links on this board! Get registered or login!
Other posts in other threads have stated that you use the import feature. This writes the IP's for a selected country to the banned ranges table. I think that effectively bans them, however they are not in htaccess. Try that for now and maybe we can get clarification at some point from the author. |
| |
|
|
|
|
7ekno
|
| Posted:
Tue Aug 07, 2007 3:09 am |
|
| fkelly wrote: | See this recent post:
Only registered users can see links on this board! Get registered or login!
Other posts in other threads have stated that you use the import feature. This writes the IP's for a selected country to the banned ranges table. I think that effectively bans them, however they are not in htaccess. Try that for now and maybe we can get clarification at some point from the author. |
Thanks, had a read of that, but didn't answer the original question 
Basically, the site Raven linked allows you to download a huge 5+MB .CSV spreadsheet that has up-to-date IP2C data ... but, the .CSV sheet is not in a format that NS / IP2C can read directly ...
I basically search the sheet for a given country, deleted the extra columns and used two | characters to delimit the cells (so that the format matched that of the .data files in the import directory of RN)
I then FTPed the individual countries .data file to the /import/ directory, and then used NS "Import to Block Range" to import just that countries up-to-date data ....
But to do that for every country is going to take me weeks, was just wondering if there was an easier way to get the .CSV from the site Raven linked into NS?!?
Anyway, thanks for the help,
Tek |
| |
|
|
|
|
evaders99
|
| Posted:
Tue Aug 07, 2007 7:27 am |
|
You can get either the SQL files or the import data files from NukeScripts
Sentinel should automatically refresh the country page when you hit the first one... using a bit of Javascript. All it takes is a couple of minutes (assuming your database server can take the load) |
| |
|
|
|
|
fkelly
|
| Posted:
Tue Aug 07, 2007 7:28 am |
|
Sorry, I didn't read your post carefully enough. I don't have an answer to your original question now that I read it properly. I just wait for Sentinel to come up with an update for me. |
| |
|
|
|
|
fkelly
|
| Posted:
Tue Aug 07, 2007 8:36 am |
|
Evaders, when you import to IP2country what you say is true. It steps thru all the countries, one by one. The design there is a little unfriendly: you select one and then all of a sudden you have this runaway train doing them all. However when you import to blocked ranges it just does one country at a time. But I think the original question was essentially: "what if you want something more up to date than NS provides". I don't think that's been answered but I've kind of replied with "why duplicate NS efforts?" as long as they are going to provide the data. |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
