Wiz's Computer and Website Security Blog: General Topics Archives

March 5, 2009

Call for donations from my blocklist users

Many of my regular visitors to this website (www.wizcrafts.net/) are aware of the fact that I maintain and publish, for free, various IP address blocklists. In fact, a lot of you are using one or more of these lists to protect your websites and forums from scammers, spammers, content thieves and exploits. If you are benefiting from using my blocklists I could sure use your help, in the form of PayPal Donations, in any amount you can afford.

All of the blocklists come in two forms: Apache .htaccess and Linux iptables. I'll discuss the differences later in this article. Note, that there is no real difference between a "blocklist" and a "blacklist" and while some people interchange them, blocklist is the correct technical term for ip and "host name" lists used to block access to a web server. Also, my IP blocklists are specifically formatted for use on Linux or Unix (or equivalent) operating systems and Apache web servers. The Apache web server is totally free and is the most widely deployed web server on the Internet.

It is my understanding that websites hosted on Windows IIS Servers can import the IP ranges into a special IIS configuration file, possibly only line by line, but I don't know the details. Ask your web host or server administrator if they can convert long .htaccess or iptables blocklists into Windows IIS format.

My earliest and most famous blocklist is the Nigerian Blocklist, which I began compiling during the summer of 2005. It came about as the result of me being a member of a specialty interest group buy and sell forum that was invaded by Nigerian 419 scammers. Soon there were wholesale reports of multiple daily scam messages being received by sellers on that forum. I asked the owner a few technical questions about the server and proceeded to begin compiling a flow of forwarded-as-attachments scam emails from the members, which contained the originating IP addresses of the scammers, in the headers. I researched each address to trace the ISP to which that IP was assigned and then discovered the full CIDR assigned to them. These IP CIDRs were accumulated into what soon became the Nigerian Blocklist, for use as a .htaccess file, on the forum's Apache-based server.

Today, about three and a half years later, webmasters around the World apply my Nigerian Blocklist to their .htaccess file, or iptables firewalls, keeping Nigerian and other African 419 scammers from conning their members out of their money and sometimes goods, as well. Many of these scams targeting sellers involved overpayment with a counterfeit cashiers' check, or Postal Money Order, with the seller refunding the difference by Western Union. It wasn't usually until two weeks had passed that the banks began notifying victims that they had deposited counterfeit checks and the victims were responsible for repaying the full amount to their bank. Yes, it really can take that long to find out if a cashiers' check is counterfeit, or drawn on a closed account.

Not to be sidetracked from the purpose of this article, I invest a lot of time creating and maintaining my blocklists and many of you may be using one or more of them, right now. To this date I haven't charged a cent for their use, or restricted them to protected directories. I feel that I am providing a useful service to you folks and the security of the Internet in general, in my own small way. But, now I have fallen on particularly hard times and am reaching out to any of the people using my blocklists to protect their assets and members from scammers, spammers, content thieves, hackers and exploiters, and who can afford to donate, to please do so. I have a payments page on my website, with a PayPal Donations button near the top. There is also a Donations button on my Blog's Home page, in the right sidebar. Finally, there are donation buttons placed twice on each html blocklist page and a text link to the payments page on my iptables blocklists. Some are already donating when they can afford to and I always send them my sincere thanks upon receipt. I appreciate all donations, whether small or large.

Continue reading "Call for donations from my blocklist users" »

Posted by Wiz at 2:17 AM | Permalink

July 19, 2007

Happy Birthday to Me!

Today is my 59th birthday and I want you all to have a beer on me! Bottoms Up! Had I known I was going to live this long I would have taken better care of myself! Not really ;-)

Posted by Wiz at 12:32 PM | Permalink

April 20, 2007

I have joined Technorati and finally claimed my blog

After several failed attempts to claim my blog as a new Technorati member I finally grokked the solution, applied it to my server, and claimed my blog officially! If you are a Technorati member and use Movable Type, or a similar self-installed blog, and are having trouble getting the Technorati spider to recognize and claim your blog, and your website is hosted on an Apache based server, and you are able to upload files to your server via an FTP client, read on for my solution.

I went through several failed attempts before I figured out what the problem was. Like many other bloggers who install their own blog, I installed mine to a sub-directory off the web root, not to a sub-domain. My index page is named index.html and is in that sub-directory. The path to the blog, exemplified, is:http://www.examplified-domain.com/blog
This path is not a problem for any of the search bots as they all index my posts without a hitch. All except the Technorati spider used to "claim" a blog. After reading the access logs over and over I finally figured out that the spider was having a problem because of the way my server was redirecting the request for the index page, and because of the way Technorati strips out all information appended to the end of the path you give it in your profile. E.g. if you try to tell Technorati that your blog's index is at http://www.examplified-domain.com/blog/index.html, it will strip out the last forward slash and the name of the index file, leaving this as it's search: http://www.examplified-domain.com/blog . Your server, if it is setup like mine, will append a trailing slash to that requested URI, then redirect it to the index.html file, without revealing that file name. The stupid spider thinks that is is anywhere but where you told it to go and your claim fails!

Here is what I did to help the Technorati spider get it right. Using notepad, or any other plain text or html editor, create a new plain text file with the following contents:
Options +FollowSymLinks RewriteEngine On RewriteBase / RewriteCond %{REQUEST_URI} ^/(blog|blog/)$ RewriteCond %{REQUEST_URI} !^/blog/index\.html$ RewriteRule (.*) /blog/index.html [R=301,L]
Note that the $ are dollar signs, using the shift key and the number 4 key on a standard keyboard.

Now save this file with the filename " .htaccess ". If you cannot save it with that name, save as htaccess.txt instead and rename it on the server. Next, upload the file to your server, to the directory where your blog index file resides. If you had to change the name, rename it on the server, to .htaccess . Your eyes are not deceiving you. There is no prefix, just a period, followed by htaccess. This is a special server control file used by Apache servers. If you use FTP software to upload and download files to the server, you may have to set the remote "file mask" to -al to view this normally hidden server control file, after uploading it.

With this .htaccess file in the same directory as the blog's index file go back to Technorati, login, and begin the claim process again. If you did everything the same way I did you should succeed in Claiming your Blog!

I hope this helps somebody else, as from what I have been reading, Technorati is not able to help a lot of people who use Movable Type blogs on their servers.

Good luck MT bloggers!
Wiz Feinberg
http://www.wizcrafts.net/

Posted by Wiz at 4:47 PM | Permalink