Announcement

Collapse
No announcement yet.

SpamHaus DROP List Formatted for vB

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • SpamHaus DROP List Formatted for vB

    I wasn't sure where to post this, but I manually added all the IPs from the SpamHaus DROP list to a format that vB can read. The only question I have is can vB interpret subdomains properly? For example, if I posted 127.0.0.1/255 would vB block out all IPs from 127.0.0.1 to 127.0.0.255? Because that is how this list is formated.

    The Spamhaus Don't Route Or Peer Lists

    The Spamhaus DROP (Don't Route Or Peer) lists are advisory "drop all traffic" lists, consisting of netblocks that are "hijacked" or leased by professional spam or cyber-crime operations (used for dissemination of malware, trojan downloaders, botnet controllers). The DROP lists are a tiny subset of the SBL, designed for use by firewalls and routing equipment to filter out the malicious traffic from these netblocks.
    Spamhaus Don't Route Or Peer List (DROP)

    The DROP list will not include any IP address space under the control of any legitimate network - even if being used by "the spammers from hell". DROP will only include netblocks allocated directly by an established Regional Internet Registry (RIR) or National Internet Registry (NIR) such as ARIN, RIPE, AFRINIC, APNIC, LACNIC or KRNIC or direct RIR allocations.
    SpamHaus DROP List FAQ

    There is also an IPv6 list, but I only did the IPv4 because it took me several hours to delete all the extraneous data and then put it into a format that that vB IP ban list should be able to read.

    If you want to try the list out for yourself, I uploaded it to pastebin and it's available here: https://pastebin.com/dYCFkRHF

    I think it would be a great feature if vB could automatically download this list and add it to the vB IP ban list. All the IPs in this list are controlled by bad actors and should always be blocked.


  • #2
    It's not a good idea to mass ban blocks of IP addresses within vBulletin. That should be done at the server level.

    Comment


    • #3
      A cloud customer cannot do that however.
      MARK.B | vBULLETIN SUPPORT

      TalkNewsUK - My vBulletin 5.6.2 Demo
      AdminAmmo - My Cloud Demo

      Comment


      • #4

        Originally posted by In Omnibus View Post
        It's not a good idea to mass ban blocks of IP addresses within vBulletin. That should be done at the server level.
        That's probably a good point I didn't consider. I'll probably end up adding it to my cpanel firewall and run a cron job to download the latest version.

        Originally posted by Mark.B View Post
        A cloud customer cannot do that however.
        Can you elaborate on what you mean?

        Comment


        • #5
          vBulletin doesn't understand CIDR formatting. It has its own formatting using wildcards at this time. This is described in the inline help for banning IP Addresses in the AdminCP.

          If you want to block a entire subnet then you would simply enter 127.0.0.* into the AdminCP. However, this is a really poor way at managing your access. vBulletin will still access the database, pull all the information for a guest user to view the page and then display an error message saying the IP Address is banned. So if someone wanted to use these "bad" IP Addresses to DDOS your site, they will still be able to successfully do so. In addition to this, having a large banned IP Address list can create additional performance stress on your page as it will be loaded into memory on every single page load.

          Instead you should rely on the tools developed at the Web Server Level (Apache, IIS), Operating System Level (Firewalls and such), or best yet the router/switch level before the traffic even hits your network and its more limited bandwidth availability.

          For Cloud, we have the tools installed at the router/switch, OS, and web server levels to manage improper traffic. As the end user, you don't have access to these tools. You are paying us to manage this for you.

          If you wish to prevent known spammers from registering on your vBulletin Cloud site, you should obtain a stopforumspam.com key and integrate this under Settings -> Spam Management.
          Last edited by Wayne Luke; Wed 8 Jul '20, 10:55am.
          Translations provided by Google.

          Wayne Luke
          The Rabid Badger - a vBulletin Cloud demonstration site.
          vBulletin 5 API - Full / Mobile
          Vote for your favorite feature requests and the bugs you want to see fixed.

          Comment


          • #6
            Thanks for the information. I went ahead and told the admin to add those IPs to his cPanel firewall and setup a cron job to download them regularly. I removed all the list of IPs from vB.

            Comment

            widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
            Working...
            X