Check Website
Inclusion Status
It is currently Tue Dec 10, 2019 7:05 pm

All times are UTC




Post new topic Reply to topic  [ 5 posts ] 
Author Message
 Post subject: IP Block Lists
PostPosted: Mon Oct 13, 2008 3:33 pm 
I read on the blog about the Italian hosts:

http://hphosts.blogspot.com/

My only statement is NOT to block the entire address space of 194.242.61.0 - 194.242.61.255. All of the hosts at 194.242.61.128 are using the same Apache Server running on RHEL. I have accordingly added a TEMPORARY block.

http://securemecca.blogspot.com/

Let me know when I can remove it please. I am working 40 hours per week on a day-time job, 50 hours per week on this and trying to move things forward with my girlfriend. That means that 40 hours per week job needs to be replaced with a much better one soon - very soon.

hhh



IP:
top
Top
  
Reply with quote  
 Post subject: Re: IP Block Lists
PostPosted: Mon Oct 13, 2008 4:12 pm 
Offline
Site Admin

Joined: Thu May 28, 2009 10:25 am
Posts: 6018
It's actually just the single IP (194.242.61.128) I recommend blocking for now, not their entire net-range Wink (I'll update the blog entry to make that clear)

I've still not had any luck getting hold of the hosting company, but will let you know as soon as I do Smile

I've not checked any of the sites on the rest of their range.

_________________
Regards
Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

Keeping it FREE!



IP:
top
Top
 Profile  
Reply with quote  
 Post subject: Re: IP Block Lists
PostPosted: Mon Oct 13, 2008 7:22 pm 
i noticed that hpHosts is not showing that any domains at the ip address are blocked:

http://hosts-file.net/?s=194.242.61.128



IP:
top
Top
  
Reply with quote  
 Post subject: Re: IP Block Lists
PostPosted: Mon Oct 13, 2008 8:35 pm 
Offline
Site Admin

Joined: Thu May 28, 2009 10:25 am
Posts: 6018
I've been having some problems with the laptop and have only just gotten back, so haven't had a chance to add them yet Sad

I'll be adding them within the hour Smile

/edit

The domains on this IP have been added, and as mentioned on the blog, since I've not had any luck getting hold of the hosting company themselves, I've escalated the issue to their upstream provider to see if there's anything they can do to help.

_________________
Regards
Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

Keeping it FREE!



IP:
top
Top
 Profile  
Reply with quote  
 Post subject: Re: IP Block Lists
PostPosted: Wed Oct 22, 2008 10:49 am 
I have also tried contacting them, so far unsuccessfully. The reason why is that most of the contact information is wrong. But I did block as promised. I have our PAC filter (with the help of Airelle and Rodney - domainanalysis gat yahoo.com) blocking all *.2o7.net hosts, most of the realmedia servers (if anybody can make sense of the UK's and IT's 247realmedia.com and realmedia.com I am all ears), and quite a few other spy services and all by IP. You have to be careful and edge up on them. I couldn't believe that huge block Omniture (2o7.net) got, but the following rule:

BadNetworks[i++] = "66.235.128.0, 255.255.224.0";

will be replacing these two rules shortly:

// BadNetworks[i++] = "66.235.132.0, 255.255.254.0"; // 2008-09-03
// BadNetworks[i++] = "66.235.142.0, 255.255.254.0"; // 2008-09-14

The reason why is this false positive turned out to be a true negative.

sc.questia.com

I couldn't figure out what rule could have caused the problem. Then I did a DNS query on it to find that not only was it really a CNAME record, but what it was aliased to - questia.com.112.2o7.net - veered out of the ranges that were the only ones used heretofore into other areas of that huge block. So now all of 66.235.128.0 ... 66.235.159.255 will soon be blocked. I have lived with the rule for two months now and can now assume that it is not only safe, but because of this host needed. I would not have known about it otherwise.

What I am trying to convey is that you have to sneak up on these IP blocks. Sometimes you can get the erroneous opinon looking at the massive amount of IPs that a block is needed. Then you try it only to learn that GoDaddy or one of the others literally have several dozen and sometimes more than a hundred hosts on one machine. So for general rules for IP blocking:

1. Step timidly for others (block just this IP)
2. Step boldly for yourself when you think it is warranted with IP blocks but live with only just a few of these at a time and monitor them like a hawk for false positives.

Oh yes, I do not block doubleclick in the normal manner. I block it this way:

BadHostParts[i++] = "doubleclick";

The reason was all of the *.doubleclick.fr, doubleclick.it, *.doubleclick.es, *.doubleclick.ne.jp, and others I encounter as I work. I tried doing IP blocks for them but:

096.017.111.011 a.as-eu.falkag.net 2008-09-21
096.017.111.011 ads.americanidol.com 2008-09-21
096.017.111.011 ads.dotomi.com 2008-09-21
096.017.111.011 anon.doubleclick.speedera.net 2008-09-21
096.017.111.011 bw.as-eu.falkag.net 2008-09-21
096.017.111.011 by.optimost.com 2008-09-21
096.017.111.011 c6.edgesuite.net 2008-09-21
096.017.111.011 e.as-eu.falkag.net 2008-09-21
096.017.111.011 edge.quantserve.com 2008-09-21
096.017.111.011 f.as-eu.falkag.net 2008-09-21
096.017.111.011 falk.speedera.net 2008-09-21
096.017.111.011 imagec05.247realmedia.com 2008-09-10
096.017.111.011 media-5.vpptechnologies.com 2008-09-21
096.017.111.011 motifcdn2.doubleclick.net 2008-09-21

led me to believe that approach was wrong and so far I haven't found any aliases of doubleclick servers. The others here are not aliases into doubleclick. So welcome to the wonderful world of IP blocking - I have been bit by it so many times you can't believe it

J'espère être bientôt de retour avec une liste d'hôtes



IP:
top
Top
  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC


Who is online

Users browsing this forum: Google [Bot] and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
hpHosts and hpHosts Online are copyright © Malwarebytes Corp - All Rights Reserved

Powered by phpBB © 2000-2009 phpBB Group