Call for donations from my blocklist users

Many of my regular visitors to this website (www.wizcrafts.net/) are aware of the fact that I maintain and publish, for free, various IP address blocklists. In fact, a lot of you are using one or more of these lists to protect your websites and forums from scammers, spammers, content thieves and exploits. If you are benefiting from using my blocklists I could sure use your help, in the form of PayPal Donations, in any amount you can afford.

All of the blocklists come in two forms: Apache .htaccess and Linux iptables. I'll discuss the differences later in this article. Note, that there is no real difference between a "blocklist" and a "blacklist" and while some people interchange them, blocklist is the correct technical term for ip and "host name" lists used to block access to a web server. Also, my IP blocklists are specifically formatted for use on Linux or Unix (or equivalent) operating systems and Apache web servers. The Apache web server is totally free and is the most widely deployed web server on the Internet.

It is my understanding that websites hosted on Windows IIS Servers can import the IP ranges into a special IIS configuration file, possibly only line by line, but I don't know the details. Ask your web host or server administrator if they can convert long .htaccess or iptables blocklists into Windows IIS format.

My earliest and most famous blocklist is the Nigerian Blocklist, which I began compiling during the summer of 2005. It came about as the result of me being a member of a specialty interest group buy and sell forum that was invaded by Nigerian 419 scammers. Soon there were wholesale reports of multiple daily scam messages being received by sellers on that forum. I asked the owner a few technical questions about the server and proceeded to begin compiling a flow of forwarded-as-attachments scam emails from the members, which contained the originating IP addresses of the scammers, in the headers. I researched each address to trace the ISP to which that IP was assigned and then discovered the full CIDR assigned to them. These IP CIDRs were accumulated into what soon became the Nigerian Blocklist, for use as a .htaccess file, on the forum's Apache-based server.

Today, about three and a half years later, webmasters around the World apply my Nigerian Blocklist to their .htaccess file, or iptables firewalls, keeping Nigerian and other African 419 scammers from conning their members out of their money and sometimes goods, as well. Many of these scams targeting sellers involved overpayment with a counterfeit cashiers' check, or Postal Money Order, with the seller refunding the difference by Western Union. It wasn't usually until two weeks had passed that the banks began notifying victims that they had deposited counterfeit checks and the victims were responsible for repaying the full amount to their bank. Yes, it really can take that long to find out if a cashiers' check is counterfeit, or drawn on a closed account.

Not to be sidetracked from the purpose of this article, I invest a lot of time creating and maintaining my blocklists and many of you may be using one or more of them, right now. To this date I haven't charged a cent for their use, or restricted them to protected directories. I feel that I am providing a useful service to you folks and the security of the Internet in general, in my own small way. But, now I have fallen on particularly hard times and am reaching out to any of the people using my blocklists to protect their assets and members from scammers, spammers, content thieves, hackers and exploiters, and who can afford to donate, to please do so. I have a payments page on my website, with a PayPal Donations button near the top. There is also a Donations button on my Blog's Home page, in the right sidebar. Finally, there are donation buttons placed twice on each html blocklist page and a text link to the payments page on my iptables blocklists. Some are already donating when they can afford to and I always send them my sincere thanks upon receipt. I appreciate all donations, whether small or large.

This work began evolving in the beginning of 2007 to cover other types of hostile actions aimed at my websites, including, form, log and blog spam, content theft, hacking probes and server exploit attacks and the work continues to this day. Each day I read through my raw access logs and use special software and regular expressions to separate hostile contacts from legitimate ones. After performing Whois lookups of the more frequent IP abuses I add their ISP or web hosting, or dedicated server leasing company to the appropriate blocklist and publish the updates. You'd be amazed at the sheer number of exploited servers being used to launch attacks against other servers, every day!

As of now I maintain four different blocklist, each available in both .htaccess and iptables formats. Webmasters who lease space on shared hosting servers are limited to using the .htaccess blocklists. These lists contain "directives" interpreted by an Apache web server, to control access to any, or all of your web pages. This is all they are able to block. They cannot stop spammers from sending email to your email server, hackers from trying to ftp into your account - and try tp crack your password. To block these things requires applying IP blocklists and individual offending IP addresses to the Linux automatic policy firewall, which protects your server box itself. Only a system administrator can do such things, so, if you rent a dedicated server you will have "Root" access. Some "VPS" servers also contain a mini-operating system for each account, allowing root access to the underlying operating system and firewall.

The different types of web hosting accounts can be confusing at first, so I maintain a web page all about web hosting. Yes it has links to commercial companies, and yes I will make a commission when somebody signs up through my links and banners. This is not a crime. It is a way to help offset to costs of hosting and updating my websites. I have to eat like the rest of you all!

I have created two landing pages to help new users determine which blocklists are best for their use and level of server privileges. If you only have .htaccess permissions, please visit my Htaccess Blocklists page. If you have Root access to the Linux firewall, please look at my Iptables Blocklists page. Each links to four different blocklists: Chinese-Korean, Exploited-Hostile Servers, Nigerian-African and Russian-Turkish blocklists. And, each landing page also has PayPal Donation buttons, which I hope some of you will be kind enough to use.

Further, each page on my website has a link to contact me, the Webmaster, to send reports of new IP addresses assigned to ISPs and servers used by forum spammers, blog and form scammers and server exploiters.

In closing, thanks to those who are already making occasional donations, as well as those of you who will in the future. I thank you from the bottom of my heart!

PS: I am available for hire as a website security consultant and can install and manage blocklists for you, on a contract, or as needed basis. See my Webmaster Services page for more details about my Webmaster services.

Trend Micro Internet Security products,

for home and office users, use in-the-cloud malware definitions that are updated every day, all day, as soon as new or altered strains of viruses and other malware are detected in the wild and analyzed. By offloading the bulk of these ever changing virus definitions to cloud servers, the load on your computers is greatly reduced. All users of Trend security programs are instantly protected from hostile web pages laden with malware exploits and hostile email, by the Trend Micro Smart Protection Network.