List of IPS to blocked

[misterbit]

Hello, in this thread I will post the Ips that I am personally blocking, I was doing here, but already they do not fit more characters and have updated the list I'm going to publish on pastebin.

This list includes Tor Ips, VPN, Vps etc...
The list must be in the .htaccess

List of IPS Blocked service and getIPIntel blocked by ranges

Code:

http://pastebin.com/J91Lj6ce

List of IPS Tor

Code:

http://pastebin.com/af0WxMwA

The blocking of these IPS will generate a 403 error which means? they will not have access to the web, but we can make a custom page if we want to and divert that traffic or thus blocking full access.

To direct traffic to a page customized just put in the .htaccess this rule:

Code:

ErrorDocument 403 /pagecustomized.html
Either
ErrorDocument 403 http://www.pagecustomized.com

As this code is used to block some proxies also it is counterproductive if you use Cloudflare if I am not mistaken.

Code:

RewriteEngine on
RewriteCond %{HTTP:VIA}                 !^$ [OR]
RewriteCond %{HTTP:FORWARDED}           !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA}       !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR}     !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION}    !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION}   !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP}      !^$
RewriteRule ^(.*)$ - [F]

Similar to the 403 can take advantage and put a destination url as well

Code:

RewriteEngine on
RewriteCond %{HTTP:VIA} !^$ [OR]
RewriteCond %{HTTP:FORWARDED} !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$
RewriteRule ^(.*)$ http://www.pagecustomized.com/ [R=302,L]

I particularly also add this in the head of the template index.php on <!DOCTYPE html>

Code:

<?php if( @fsockopen( $_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1 ) )
{
echo '<META HTTP-EQUIV="Refresh" Content="0; URL=http://www.pagecustomized.com/">';
   exit;
}
?>

Other herbs:
Protecting the .htaccess

Code:

<Files ~ "^.*\.([Hh][Tt][Aa])">
 order allow,deny
 deny from all
 satisfy all
</Files>

And the config.php

Code:

<Files config.php>
order allow,deny
deny from all
</Files>

Use it under your responsibility, if you see an IP that should not be there please advise.

[lilSpender]

Hi.

Nice list you've got there.

May i advice to use regex patterns, and / or wildcards?
This will make the list much much smaller, which also presents much less server load?
It also keeps the code more clean and readable.

I believe, in all honesty (i have to look into that  )
you can for example change this:

deny from 216.158.192.54
deny from 216.158.192.97

into this:

deny from 216.158.192.*

Or something like that. My apache tricks and htaccess code like modRewrite is getting rusty.
Must be the age 

Yet, i can figure that out if you want me to.

Regards,

LS.

[maokoto]

I know that there might be many that use VPN to get more from faucets, but also there are some that have to use it for whatever reason (privacy for example) and it is really a pain to log out only to make faucet claims that are worth fractions of a cent.

Are really the damage from those IPs that big?

[misterbit]

Hi.

Nice list you've got there.

May i advice to use regex patterns, and / or wildcards?
This will make the list much much smaller, which also presents much less server load?
It also keeps the code more clean and readable.

I believe, in all honesty (i have to look into that  )
you can for example change this:

deny from 216.158.192.54
deny from 216.158.192.97

into this:

deny from 216.158.192.*

Or something like that. My apache tricks and htaccess code like modRewrite is getting rusty.
Must be the age 

Yet, i can figure that out if you want me to.

Regards,

LS.

Friend, but I don't know if it is necessary the * it seems to me that with that end point is enough I think.

Deny from 216.158.192.

Correct me if I'm wrong.

The issue is that they are so many ips that need time to check if belong ranges.

[misterbit]

I know that there might be many that use VPN to get more from faucets, but also there are some that have to use it for whatever reason (privacy for example) and it is really a pain to log out only to make faucet claims that are worth fractions of a cent.

Are really the damage from those IPs that big?

Privacy to receive satoshi?

[lilSpender]

@maokoto:

Well,

that depends.

In legit cases, with people that have some proper ethics,
with a vpn address from europe, revenue from ads are higher, as are the rewards from faucets.
So both parties benefit from this. That's just fine.

BUT:
If you have a malicous crew of 250 people from a third world country, all with different wallets,
using vpn and referring each other they can rape your faucet dry within hours, even minutes?

About using vpn for privacy, that's a legit reason. Like using TOR for example,
when someone in china wants to inform the media of something, and not get put in jail for 50.000 year.

So it's a fine balance you need to keep in check.

Not that easy.

For starters, i'd block all TOR traffic. Nobody will use TOR for claiming faucets.
For as far as i know.

Maybe someone can add more info about this?
It's a complicated problem for all faucet owners IMHO.

For example: i can make 50 wallets. Then abuse vpn servers to keep claiming from your faucet.
That's hard to battle.


@misterbit:

Not privacy for satoshi, higher revenue from ads for faucet owners, which results in higher faucet claims.

About htaccess code: You're probably right. I am not sure, i can look this up real easy.
But it is something like that, with or without wildcard which reduces the list a lot.

LS.

[rkandrades]

Thank you for this list, misterbit.

I added this to my security topic too: https://bitcointalk.org/index.php?topic=1200700.0

My advice to you is create a cache/local backlist that is checked by a PHP code every time the page loads (into index.php).

This way you just need to update your cache/blacklist (could be a local txt file) to block new address. It is easier than putting all adresses manually into .htaccess and you can automate this.

In addition to.. Caching the GetIpIntel results will save some requests to its service since you will check your cache file first.

[misterbit]

Thank you for this list, misterbit.

I added this to my security topic too: https://bitcointalk.org/index.php?topic=1200700.0

My advice to you is create a cache/local backlist that is checked by a PHP code every time the page loads (into index.php).

This way you just need to update your cache/blacklist (could be a local txt file) to block new address. It is easier than putting all adresses manually into .htaccess and you can automate this.

In addition to.. Caching the GetIpIntel results will save some requests to its service since you will check your cache file first.

Thank you friend, because I don't know how you do that, get a tutorial.

[lilSpender]

My advice to you is create a cache/local backlist that is checked by a PHP code every time the page loads (into index.php).

This is asking for the most simplest of all DoS attacks.

100 people (or bots) keep requesting the page will make php do nothing more then check the list and not serve pages anymore?
What you propose presents heavy server load, as php has to open and read the file for every visit.

There are better ways.
Read up on how to block ip's with a dot-htaccess file.

LS.

[rkandrades]

My advice to you is create a cache/local backlist that is checked by a PHP code every time the page loads (into index.php).

This is asking for the most simplest of all DoS attacks.

100 people (or bots) keep requesting the page will make php do nothing more then check the list and not serve pages anymore?
What you propose presents heavy server load, as php has to open and read the file for every visit.

There are better ways.
Read up on how to block ip's with a dot-htaccess file.

LS.

Of course I am preparated for this.

I'm not using ONLY the cache file.

I have more than 10 additional defenses since I installed my faucet together with the Wordpress platform. Through wordpress I did configurations to improve my defenses.

Translating, I have a barrier against DDoS and other attacks...

[lilSpender]

Ok good.

I just wanted to make sure you are not being victimized.
For help, i am always available.

LS.

[rkandrades]

Ok good.

I just wanted to make sure you are not being victimized.
For help, i am always available.

LS.

Nice.

Thank you.

I am available to help you too always you need.

All together against scammers.