GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   ALERT! Business Thread burte force attacks and deny from (https://gfy.com/showthread.php?t=848785)

mikesouth 08-18-2008 03:28 PM
ALERT! Business Thread burte force attacks and deny from
 
Every so often I get brute force attacks, of course strongbox catches them and diables the IP at which point the cript uses another IP and strongbox disables it....and on and on

My question is...

Is there any value to adding these IPs to the .htaccess file in a deny from

or is that just futility?

TheDoc 08-18-2008 03:39 PM
It's not smart to auto deny IP's via .htaccess for members. As an example, Ripe is a huge ISP that you will have brute force attacks on but you also have lots of members using it. One wrong IP block and you could take out a small group of people.

Now, part of the Asia Pac network, if you break the IP's down you can kill out entire countries/cities/regions that you know can't process so no reason to let them be a password leak or a possible attack.

mikesouth 08-18-2008 03:44 PM
so these password guessing scripts are forging random IPs

not using a proxy server ?

Due 08-18-2008 03:46 PM
Quote:
Originally Posted by TheDoc (Post 14625905)
Now, part of the Asia Pac network, if you break the IP's down you can kill out entire countries/cities/regions that you know can't process so no reason to let them be a password leak or a possible attack.
There is no such things as countries you can't process from :2 cents:

ladida 08-18-2008 03:48 PM
Quote:
Originally Posted by mikesouth (Post 14625945)
so these password guessing scripts are forging random IPs

not using a proxy server ?
No, they're using proxies.

mikesouth 08-18-2008 03:51 PM
so I would assume the proxies have a finite list of IPs they can use so if I block individual IPs wouldnt it eventually run out. This appears to be the same script every time guess at the same list of usernames and passes

mikesouth 08-18-2008 03:52 PM
itll go through about 100 guesses then stop

TheDoc 08-18-2008 03:58 PM
Quote:
Originally Posted by Due (Post 14625961)
There is no such things as countries you can't process from :2 cents:
Maybe so, but if you calculate net profit percentages on income earned vs damage produced in some regions, it just isn't worth it to allow the transactions. Which is why I recommend selling the traffic off totally, to someone like you that can process it and handle the members :)

TheDoc 08-18-2008 04:03 PM
Mike, it's not normal proxies, as people think of proxies.

If you start tracking your attacks, use geoip lookup on the ip's and reverse lookup, you will start to see many of the IP's are from hosting companies. The Webmaster has say 20 IP's, and he will rotate through them, like a proxy. You just have to be careful that it isn't also a dial up ISP.

A quick lookup of the hosting company name + spam on google, will let ya know if it's legit or not. From here you can block the entire hosting company, which will lower your overall brute force attacks.

Just make sure you put a notice up that actually tells the people they have been blocked, and if it's an error give them a clean way to contact you so you can unblock the ip.

mikesouth 08-18-2008 04:05 PM
Gotcha doc...thanks man that makes sense now


All times are GMT -7. The time now is 07:04 PM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123