masterluc (OP)
Legendary
Offline
Activity: 938
Merit: 1013
|
|
September 02, 2015, 03:51:23 PM Last edit: September 02, 2015, 05:57:42 PM by masterluc |
|
Is there any effective way to do this? UPDATE. Found solution. All paths are according to CeontOS 7. If you have different distrib, change paths. This goes to autostart: echo "/usr/bin/ipset create bitcoinxt iphash timeout 0" >> /etc/rc.local This goes to /etc/cron.hourly/bitcoinxt #!/bin/bash /bin/grep BitcoinXT /var/log/kern.log | /usr/bin/perl -e 'while (<>) { if (/SRC=(\d+\.\d+\.\d+\.\d+)/) {print "$1\n";} }' | /bin/sort | /usr/bin/uniq -u | /usr/bin/xargs -L 1 ipset -exist add bitcoinxt Also # chmod 755 /etc/cron.hourly/bitcoinxt This goes to iptables iptables -A INPUT -m set --set bitcoinxt src -j DROP iptables -A INPUT -p tcp -m tcp --dport 8333 -m string --string "Bitcoin XT" --algo bm --to 65535 -j LOG --log-prefix "BitcoinXT" --log-level 1 iptables -A OUTPUT -m set --match-set bitcoinxt dst -j DROP Dont forget to /etc/init.d/iptables save
|
|
|
|
Holliday
Legendary
Offline
Activity: 1120
Merit: 1012
|
|
September 02, 2015, 04:49:08 PM |
|
Depends on the OS. It's very easy if you use Windows.
|
If you aren't the sole controller of your private keys, you don't have any bitcoins.
|
|
|
masterluc (OP)
Legendary
Offline
Activity: 938
Merit: 1013
|
|
September 02, 2015, 04:59:35 PM |
|
Fuck the windows. Okay, I put this: iptables -A INPUT -p tcp -m tcp --dport 8333 -m string --string "Bitcoin XT" --algo bm --to 65535 -j LOG --log-prefix "BitcoinXT" --log-level 1 Now need a way to extract logged IP and put it to ipset Got log entry, found asshole 188.18.202.245 BitcoinXTIN=eth0 OUT= MAC=XXX SRC=188.18.202.245 DST=XXMYIPXX LEN=172 TOS=0x00 PREC=0x00 TTL=56 ID=64279 DF PROTO=TCP SPT=35311 DPT=8333 WINDOW=2840 RES=0x00 ACK PSH URGP=0
|
|
|
|
Carlton Banks
Legendary
Offline
Activity: 3430
Merit: 3080
|
|
September 02, 2015, 05:03:03 PM |
|
Fuck the windows. Okay, I put this: iptables -A INPUT -p tcp -m tcp --dport 8333 -m string --string "Bitcoin XT" --algo bm --to 65535 -j LOG --log-prefix "BitcoinXT" --log-level 1 Now need a way to extract logged IP and put it to ipset Got log entry, found asshole 188.18.202.245 BitcoinXTIN=eth0 OUT= MAC=XXX SRC=188.18.202.245 DST=XXMYIPXX LEN=172 TOS=0x00 PREC=0x00 TTL=56 ID=64279 DF PROTO=TCP SPT=35311 DPT=8333 WINDOW=2840 RES=0x00 ACK PSH URGP=0 petition to sticky this thread lol.
|
Vires in numeris
|
|
|
masterluc (OP)
Legendary
Offline
Activity: 938
Merit: 1013
|
|
September 02, 2015, 05:12:19 PM |
|
Got a list! # grep BitcoinXT /var/log/kern.log | perl -e 'while (<>) { if (/SRC=(\d+\.\d+\.\d+\.\d+)/) {print "$1\n";} }' | sort | uniq -u 188.18.202.245 195.78.126.113 86.102.161.110 92.49.177.97
|
|
|
|
knight22
Legendary
Offline
Activity: 1372
Merit: 1000
--------------->¿?
|
|
September 02, 2015, 05:14:47 PM |
|
I hope you people feel "safe" now.
|
|
|
|
meono
|
|
September 02, 2015, 05:18:26 PM |
|
Oh no blacklisting is so bad.... Bunch of hypocrites.
|
|
|
|
IIOII
Legendary
Offline
Activity: 1153
Merit: 1012
|
|
September 02, 2015, 05:20:27 PM |
|
petition to sticky this thread lol.
Supporting sticky thread. Those parasitic Altcoin nodes are trying to suck bandwidth resources out of the Bitcoin network.
|
|
|
|
masterluc (OP)
Legendary
Offline
Activity: 938
Merit: 1013
|
|
September 02, 2015, 05:23:38 PM |
|
Now create ipset # ipset create bitcoinxt iphash timeout 0
|
|
|
|
knight22
Legendary
Offline
Activity: 1372
Merit: 1000
--------------->¿?
|
|
September 02, 2015, 05:24:44 PM |
|
Oh no blacklisting is so bad.... Bunch of hypocrites. Ironic isn't it?
|
|
|
|
masterluc (OP)
Legendary
Offline
Activity: 938
Merit: 1013
|
|
September 02, 2015, 05:25:19 PM |
|
Now drop blacklisted IP using firewall iptables -A INPUT -m set --set bitcoinxt src -j DROP
|
|
|
|
masterluc (OP)
Legendary
Offline
Activity: 938
Merit: 1013
|
|
September 02, 2015, 05:32:14 PM |
|
Fill in ban list [root@localhost ~]# grep BitcoinXT /var/log/kern.log | perl -e 'while (<>) { if (/SRC=(\d+\.\d+\.\d+\.\d+)/) {print "$1\n";} }' | sort | uniq -u | xargs -L 1 ipset add bitcoinxt [root@localhost ~]# ipset list Name: bitcoinxt Type: hash:ip Header: family inet hashsize 1024 maxelem 65536 timeout 0 Size in memory: 8588 References: 1 Members: 95.52.18.154 timeout 0 31.162.118.16 timeout 0 188.18.202.245 timeout 0 92.37.204.174 timeout 0 92.37.173.6 timeout 0 95.37.186.63 timeout 0 86.102.161.110 timeout 0 178.44.216.148 timeout 0 195.78.126.113 timeout 0 92.49.177.97 timeout 0 This one should be done periodically grep BitcoinXT /var/log/kern.log | perl -e 'while (<>) { if (/SRC=(\d+\.\d+\.\d+\.\d+)/) {print "$1\n";} }' | sort | uniq -u | xargs -L 1 ipset add bitcoinxt
|
|
|
|
meono
|
|
September 02, 2015, 05:33:09 PM |
|
Oh no blacklisting is so bad.... Bunch of hypocrites. Ironic isn't it? BitcoinXT reminds me of the early days of bitcoin .... You know when you get blacklisted and blocked by financial institutions. It all starts like this. First they ignore you, then they fight you... BTW OP what you're doing is nothing compared to the piece of shit who is DDoSing XTnodes.
|
|
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
|
|
September 02, 2015, 05:36:28 PM |
|
bip 101 strikes fear into the hearts of paranoid bitcoiners.
|
|
|
|
meono
|
|
September 02, 2015, 05:38:13 PM |
|
Fill in ban list [root@localhost ~]# grep BitcoinXT /var/log/kern.log | perl -e 'while (<>) { if (/SRC=(\d+\.\d+\.\d+\.\d+)/) {print "$1\n";} }' | sort | uniq -u | xargs -L 1 ipset add bitcoinxt [root@localhost ~]# ipset list Name: bitcoinxt Type: hash:ip Header: family inet hashsize 1024 maxelem 65536 timeout 0 Size in memory: 8588 References: 1 Members: 95.52.18.154 timeout 0 31.162.118.16 timeout 0 188.18.202.245 timeout 0 92.37.204.174 timeout 0 92.37.173.6 timeout 0 95.37.186.63 timeout 0 86.102.161.110 timeout 0 178.44.216.148 timeout 0 195.78.126.113 timeout 0 92.49.177.97 timeout 0 This one should be done periodically grep BitcoinXT /var/log/kern.log | perl -e 'while (<>) { if (/SRC=(\d+\.\d+\.\d+\.\d+)/) {print "$1\n";} }' | sort | uniq -u | xargs -L 1 ipset add bitcoinxt You know you should write " hundreds thousands lines of code" (hi ! Turtlehuricane ) as a new blacklisting feature for the next version of bitcoin core. Gotta love to read how the hypocrites pos in here defend their god given bitcoin rule.
|
|
|
|
|
poeEDgar
|
|
September 02, 2015, 05:40:52 PM |
|
Oh no blacklisting is so bad.... Bunch of hypocrites. Huh? If you were actually reading the TOR IP list thread, one of the recurring arguments is that it's fine for nodes to individually ban IPs that are attacking them (obviously), but that it's unnecessary to introduce a centralized, trusted list of such IPs. There is nothing wrong with people in this thread individually banning IPs that they don't want connecting to them. There is nothing centralized or trust-adding about that.
|
I woulda thunk you were old enough to be confident that technology DOES improve. In fits and starts, but over the long term it definitely gets better.
|
|
|
knight22
Legendary
Offline
Activity: 1372
Merit: 1000
--------------->¿?
|
|
September 02, 2015, 05:43:00 PM |
|
Oh no blacklisting is so bad.... Bunch of hypocrites. Huh? If you were actually reading the TOR IP list thread, one of the recurring arguments is that it's fine for nodes to individually ban IPs that are attacking them (obviously), but that it's unnecessary to introduce a centralized, trusted list of such IPs. There is nothing wrong with people in this thread individually banning IPs that they don't want connecting to them. There is nothing centralized or trust-adding about that. True that. XT just like Core is supposed to stand on its own regardless of bad actors.
|
|
|
|
masterluc (OP)
Legendary
Offline
Activity: 938
Merit: 1013
|
|
September 02, 2015, 05:44:04 PM |
|
Ah, of course outgoing connections iptables -A OUTPUT -m set --match-set bitcoinxt dst -j DROP The result: [root@localhost ~]# ping 95.52.18.154 PING 95.52.18.154 (95.52.18.154) 56(84) bytes of data. ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted ^C --- 95.52.18.154 ping statistics --- 5 packets transmitted, 0 received, 100% packet loss, time 4524ms
[root@localhost ~]# ping 178.44.216.148 PING 178.44.216.148 (178.44.216.148) 56(84) bytes of data. ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted ^C Sorry guys, I have only 64 connections and don't want to waste them for XT
|
|
|
|
Holliday
Legendary
Offline
Activity: 1120
Merit: 1012
|
|
September 02, 2015, 05:47:01 PM |
|
Oh no blacklisting is so bad.... Bad: Client tells individual which information will be shared with whom. Good: Individual tells client which information will be shared with whom. Let's not be intentionally obtuse and conflate the two.
|
If you aren't the sole controller of your private keys, you don't have any bitcoins.
|
|
|
|