LaserDisc Database
https://forum.lddb.com/

If you ever get blacklisted from accessing LDDb.com
https://forum.lddb.com/viewtopic.php?f=2&t=5558
Page 1 of 1

Author:  admin [ 12 Sep 2015, 07:11 ]
Post subject:  If you ever get blacklisted from accessing LDDb.com

Hello!

LDDb runs on a single server fully accessible from anyone. That also means fully accessible by the wrong type of people trying to crash/hack/attack the server either for their own fun, to try to dump passwords or personal information, or to relay spam for profit.

They would find little data worthwhile of stealing here (passwords are one-way encrypted with random salt, no credit card/payment information, etc.) but once in a while I get flagged as a SPAM box because some email account got compromised -- usually my sister's -- and this blocks LDDb notifications from being accepted by ISPs until tings are cleaned up.

Until recently I would run both a static blacklist (lots of Ukrainian, Russian, Chinese, etc. IP blocks) + a Fail2ban automatic custom set of tight rules to keep bad guys out. Now I removed the static list but started logging the blocked IPs, along with the reason for it, in a database and will review from time to time which IPs are constantly coming back with the same pattern of attacks to indefinitely block them.

You can see what it looks like here with the currently blocked IPs showed on a Google map. Serious attacks will trigger a month of banning, medium risk attacks only one week, and potentially honest typos only a few minutes.

http://banhammer.lddb.com/

Now, once in a while you might trigger one of the automated defenses by entering dubious information while using LDDb (broken URL, wrongly generated link, etc.). When that happens, you might check if the trouble you have accessing LDDb is due to a possible (false-positive) blacklisting by first finding what your potentially blocked public IP truly is:

https://www.whatismyip.com/

Then, if you are able to access internet from another path (your mobile phone, office internet, etc.) just add this IP address to the Banhammer URL like this (ex: 1.2.3.4):

http://banhammer.lddb.com/1.2.3.4

It will tell you if this IP is blocked and why. Then just contact me to ask for a review of the reasons you got blocked and a manual removal. Sometimes my filters are too strong, or new legit hits are created by browsers that didn't exist before. IExplorer or iOS are good at that kind of seemingly random hits that might be consider attacks.

Hope this will help you get back with us and hopefully also help me improve my filters!

Julien

Author:  benmbe [ 12 Sep 2015, 12:47 ]
Post subject:  Re: If you ever get blacklisted from accessing LDDb.com

Good day Julien,

Thank you for notifying us all here about those issues of concern.

I hope this site remains healthy, maintained and taken care of by your good self Friend.

I value this site very much and have gained a close friendship with a member who means a great deal to me.

I am grateful for all that you do for us, and appreciate you due diligence.

I hope you are well and taking good care of yourself

Kindest Regards

:wave: :thumbup:

Author:  admin [ 05 Sep 2016, 04:33 ]
Post subject:  Re: If you ever get blacklisted from accessing LDDb.com

Hello everyone,

LDDb's server has been under elevated probes and attacks these past few weeks (mostly from India and Vietnam IPs).

I had to add additional protection mechanisms (SPF, greylisting, RBLs) to block early attacks as early as possible.
While it's designed to only stop the bad guys from sneaking in, I might potentially block good people here by mistake.

Don't hesitate to contact me if you think you can't access LDDb.com anymore.

Julien

Author:  admin [ 26 Sep 2016, 05:23 ]
Post subject:  Re: If you ever get blacklisted from accessing LDDb.com

Update on blocked IP addresses

Reviewing past logs, it turned out that TOR networks (anonymous web browsing) are regularly hitting this server for hack attempts.

Using the public information on "which TOR exit nodes can reach your IP" provided here, I'm now regularly refreshing a complete ban of these IPs.

Short version: you can't access LDDb.com from the TOR network anymore.

Julien

Page 1 of 1 All times are UTC [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/