News: Cexx forums, with volunteers dedicated to helping you remove malware and stay protected
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
October 02, 2014, 08:27:30
Pages: [1]   Go Down
  Print  
Topic: Start blocking IP addresses...  (Read 4265 times)
0 Members and 1 Guest are viewing this topic.
« on: January 25, 2010, 07:08:44 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8297



Updated: 2010.03.15

Similar to an Intrusion Detection System*, dynamic updates blocking known malware sites can serve a similar function. AdBlock Plus can serve in that capacity, and it will still be available in the foreseeable future (all "freebies"):
* http://en.wikipedia.org/wiki/Intrusion_Detection_System
(IPS) "... reactive system... block network traffic from the suspected malicious source..."

AdBlock Plus addon for Firefox:
- https://addons.mozilla.org/en-US/firefox/addon/1865

- http://www.youtube.com/watch?v=oNvb2SjVjjI

- http://www.malwaredomains.com/wordpress/?page_id=2
The DNS-BH project creates and maintains a listing of domains that are known to be used to propagate malware and spyware. This project creates the Bind and Windows zone files required to serve fake replies to localhost for any requests to these, thus preventing many spyware installs and reporting.
This list is also available in AdBlock and ISA Format..."

Blocking malicious sites with Adblock Plus
- http://adblockplus.org/blog/blocking-malicious-sites-with-adblock-plus
"... another layer of protection..."
Scroll down to: "... click here to subscribe to the list in Adblock Plus..." and click on the link - click OK to the popup for "Add subscription" - done.

 Wink
« Last Edit: December 05, 2013, 19:13:42 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #1 on: February 04, 2011, 10:01:08 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8297



Updated: 2011.07.08

DNS blocklists ...
Malware samples on the Web and on malicious sites have reached levels of 50 million or more**, and that number increased in 2011-Q1 at an average rate of 73,000 malware samples per day***. There is no way a static blocklist will suffice. It is HIGHLY RECOMMENDED that the Malware Domain Blocklist, which is updated regularly, be put in place as one of the better primary defense mechanisms in the system. On the client/end-user side, this can easily be put in place by using the Firefox addon AdBlockPlus with an added subscription to the Malware Domain Blocklist that can provide dynamic updates blocking known malicious sites. Setup procedure is here* - an added layer of security - for FREE.
* http://adblockplus.org/blog/blocking-malicious-sites-with-adblock-plus
"... another layer of protection... Adblock Plus users can add a subscription with slightly over 40000 filters that will block access to the known malicious domains..."

** http://www.sunbeltsoftware.com/alex/gblog/avtest4.png

Malware Domain Blocklist: http://www.malwaredomains.com/
___

*** http://www.theregister.co.uk/2011/04/06/malware_trends/
6 April 2011
___

Adblock Plus v1.3.9
- https://addons.mozilla.org/en-US/firefox/addon/1865

- http://adblockplus.org/releases/adblock-plus-139-released
2011-06-28

- http://adblockplus.org/en/changelog-1.3.9

 Shocked
« Last Edit: July 24, 2011, 12:30:51 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #2 on: December 19, 2011, 04:43:26 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8297



FYI... updated 5 Dec 2012:

Malware samples on the Web and on malicious sites have reached levels near 95 million*, with over 100,000 new malicious programs every day.
* http://www.av-test.org/en/statistics/malware/

 You can use any of several methods to block some of these "Bad actors", 'not suggesting any of which are 100%, but this is a good place to start. One way (for example) would be utilizing the AdBlockPlus** browser extention (updated to v2.2.1 for FF):
** https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/

... then creating/adding a "Custom filter" that can include simple IP address blocks:
> https://adblockplus.org/blog/blocking-malicious-sites-with-adblock-plus

... with good reason:
- https://blogs.msdn.com/themes/blogs/generic/post.aspx?WeblogApp=alexhomer&y=2011&m=02&d=06&WeblogPostName=blocking-malware-domains-in-isa-2006&GroupKeys=
"... malware that connects using an IP address instead of a domain name will -not- be blocked when you use just domain name lists..."
i.e.: https://zeustracker.abuse.ch/blocklist.php
"... some ZeuS hosts are just hosted on an ip address and not on a domain..."

Google - Infected sites discovered monthly
- http://2.bp.blogspot.com/-NdmiLOfBQpo/T9mVbbSqMcI/AAAAAAAACSY/p9B-jzuh1jA/s500/malware-landing.png
June 19, 2012

Google - Phishing sites discovered monthly
- http://1.bp.blogspot.com/-VrIyBqxOokI/T9mTxXnBkMI/AAAAAAAACSI/kVg1acMfNaw/s500/phishing.png
June 19, 2012

> http://googleonlinesecurity.blogspot.com.au/2012/06/safe-browsing-protecting-web-users-for.html
___

Whatever method you choose, here are a few IP address blocks that you may want to include:

1. AS:48691 Specialist: SQL injections, malicious software // IP: 194.28.112-115.*
- http://blog.dynamoo.com/2011/12/evil-network-revisited-specialist-ltd.html
12 December 2011
2. AS:43473 UKRSTAR:
- http://blog.dynamoo.com/2011/12/evil-network-ukrstar-isp-ukrstar-net.html
12 December 2011 - "... there appear to be no legitimate sites here and blocking the whole lot could save you some grief..."
91.195.10.0 - 91.195.11.255 [ 91.195.10-11.* ]
3. Blackhole Exploit kits:
- http://blog.dynamoo.com/2011/11/bredretru-domains-to-block.html
23 November 2011
195.254.135.72 (FastWeb SRL, Romania. Recommend blocking 195.254.134.0/23)
[195.254.134-135.*]
89.208.34.116 (Digital Networks SRL, Russia. Recommend blocking 89.208.34.0/24)
[89.208.34.*]
95.163.89.193 (Digital Networks JSC, Russia. Recommend blocking 95.163.64.0/19)
[95.163.64-89.*]
4. https://zeustracker.abuse.ch/blocklist.php
(Several different formats there.)

'Not suggesting that is an "all-inclusive list", but it may be a good place to get started.

* https://adblockplus.org/blog/blocking-malicious-sites-with-adblock-plus
> https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/
.
« Last Edit: December 05, 2012, 08:02:56 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #3 on: December 05, 2012, 08:24:55 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8297



FYI...

Malware samples on the Web and on malicious sites have reached levels over 160 million*, with over 200,000 new malicious programs every day.
* http://www.av-test.org/en/statistics/malware/
Last update: 12-01-2013

You can use any of several methods to block some of these "Bad actors", 'not suggesting any of which are 100%, but this is a good place to start. One way (for example) would be utilizing the AdBlockPlus** browser extention:
** https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/

... then creating/adding a "Custom filter" that can include simple IP address blocks:
> https://adblockplus.org/blog/blocking-malicious-sites-with-adblock-plus

... with good reason:
- https://blogs.msdn.com/themes/blogs/generic/post.aspx?WeblogApp=alexhomer&y=2011&m=02&d=06&WeblogPostName=blocking-malware-domains-in-isa-2006&GroupKeys=
"... be aware that malware that connects using an IP address instead of a domain name will -not- be blocked when you use just domain name lists..."
i.e.: https://zeustracker.abuse.ch/blocklist.php
"... some ZeuS hosts are just hosted on an ip address and not on a domain..."

 Evil or Very Mad Shocked Exclamation
« Last Edit: December 05, 2013, 19:14:11 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
 
Pages: [1]   Go Up
  Print  
 
Jump to:  

Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Page created in 0.224 seconds with 19 queries.