It is currently 28 Mar 2024, 17:41




 Page 1 of 1 [ 4 posts ] 
Author Message
 Post subject: If you ever get blacklisted from accessing LDDb.com
PostPosted: 12 Sep 2015, 07:11 
Site Admin
Site Admin
User avatar

Joined: 07 Aug 2002, 23:37
Posts: 4540
Location: Tokyo
Has thanked: 292 times
Been thanked: 1136 times
Hello!

LDDb runs on a single server fully accessible from anyone. That also means fully accessible by the wrong type of people trying to crash/hack/attack the server either for their own fun, to try to dump passwords or personal information, or to relay spam for profit.

They would find little data worthwhile of stealing here (passwords are one-way encrypted with random salt, no credit card/payment information, etc.) but once in a while I get flagged as a SPAM box because some email account got compromised -- usually my sister's -- and this blocks LDDb notifications from being accepted by ISPs until tings are cleaned up.

Until recently I would run both a static blacklist (lots of Ukrainian, Russian, Chinese, etc. IP blocks) + a Fail2ban automatic custom set of tight rules to keep bad guys out. Now I removed the static list but started logging the blocked IPs, along with the reason for it, in a database and will review from time to time which IPs are constantly coming back with the same pattern of attacks to indefinitely block them.

You can see what it looks like here with the currently blocked IPs showed on a Google map. Serious attacks will trigger a month of banning, medium risk attacks only one week, and potentially honest typos only a few minutes.

http://banhammer.lddb.com/

Now, once in a while you might trigger one of the automated defenses by entering dubious information while using LDDb (broken URL, wrongly generated link, etc.). When that happens, you might check if the trouble you have accessing LDDb is due to a possible (false-positive) blacklisting by first finding what your potentially blocked public IP truly is:

https://www.whatismyip.com/

Then, if you are able to access internet from another path (your mobile phone, office internet, etc.) just add this IP address to the Banhammer URL like this (ex: 1.2.3.4):

http://banhammer.lddb.com/1.2.3.4

It will tell you if this IP is blocked and why. Then just contact me to ask for a review of the reasons you got blocked and a manual removal. Sometimes my filters are too strong, or new legit hits are created by browsers that didn't exist before. IExplorer or iOS are good at that kind of seemingly random hits that might be consider attacks.

Hope this will help you get back with us and hopefully also help me improve my filters!

Julien
_________________
HARDWARE DATABASE
HLD-X0/9 LD-S9 OPPO 105/205 SL-1200G
LDD-1 MSC-4000 R2144 PONTUS II C45 MC257
Offline
 Profile  
 
 Post subject: Re: If you ever get blacklisted from accessing LDDb.com
PostPosted: 12 Sep 2015, 12:47 
Absolute fan
Absolute fan
User avatar

Joined: 02 May 2006, 13:59
Posts: 1652
Location: United Kingdom
Has thanked: 86 times
Been thanked: 69 times
Good day Julien,

Thank you for notifying us all here about those issues of concern.

I hope this site remains healthy, maintained and taken care of by your good self Friend.

I value this site very much and have gained a close friendship with a member who means a great deal to me.

I am grateful for all that you do for us, and appreciate you due diligence.

I hope you are well and taking good care of yourself

Kindest Regards

:wave: :thumbup:
_________________
Το ταξίδι για την αλήθεια κάθε σκάφος δεμένα, κατόπιν δεν είναι να ληφθούν, ή μάλλον βάδισαν
Offline
 Profile  
 
 Post subject: Re: If you ever get blacklisted from accessing LDDb.com
PostPosted: 05 Sep 2016, 04:33 
Site Admin
Site Admin
User avatar

Joined: 07 Aug 2002, 23:37
Posts: 4540
Location: Tokyo
Has thanked: 292 times
Been thanked: 1136 times
Hello everyone,

LDDb's server has been under elevated probes and attacks these past few weeks (mostly from India and Vietnam IPs).

I had to add additional protection mechanisms (SPF, greylisting, RBLs) to block early attacks as early as possible.
While it's designed to only stop the bad guys from sneaking in, I might potentially block good people here by mistake.

Don't hesitate to contact me if you think you can't access LDDb.com anymore.

Julien
_________________
HARDWARE DATABASE
HLD-X0/9 LD-S9 OPPO 105/205 SL-1200G
LDD-1 MSC-4000 R2144 PONTUS II C45 MC257
Offline
 Profile  
 
 Post subject: Re: If you ever get blacklisted from accessing LDDb.com
PostPosted: 26 Sep 2016, 05:23 
Site Admin
Site Admin
User avatar

Joined: 07 Aug 2002, 23:37
Posts: 4540
Location: Tokyo
Has thanked: 292 times
Been thanked: 1136 times
Update on blocked IP addresses

Reviewing past logs, it turned out that TOR networks (anonymous web browsing) are regularly hitting this server for hack attempts.

Using the public information on "which TOR exit nodes can reach your IP" provided here, I'm now regularly refreshing a complete ban of these IPs.

Short version: you can't access LDDb.com from the TOR network anymore.

Julien
_________________
HARDWARE DATABASE
HLD-X0/9 LD-S9 OPPO 105/205 SL-1200G
LDD-1 MSC-4000 R2144 PONTUS II C45 MC257
Offline
 Profile  
 
Display posts from previous:  Sort by  
 Page 1 of 1 [ 4 posts ] 


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to: