[BlueOnyx:17692] Re: IP Deny Management in BX

Ernie ernie at info.eis.net.au
Wed May 27 01:44:40 -05 2015 

Hi Michael,
I haven't used it either, just got asked for the function today.
A bit of reseach and I think it edits the .htacces file in the vsite
directory and adds or subtracts Deny from and Allow from rules. 

The main objective is to stop referal spam from distoring your analytics.

I was also told that referal span can hurt your google ranking if say you
have a wordpress site or forum where spammers can post URLs in replies/comments
which google crawls and notes that you have links to unsavory URLs on your
site. It doesn't know you didn't put them there, so your ranking falls.


The features you are adding can have good use. Some people need email
servers that only allow mail from whitelisted names or IP addresses, in
effect a reject all except the whitelist, what you are proposing is way less
aggressive than that!


- Ernie.



> Hi Ernie,
> 
> > Is there any equivalent to the cPanel IP Deny Manager for 
> > blocking unwanted refereal spam to websites?
> 
> I haven't used cPanel in many years, so I had to look up that feature
> here: https://www.siteground.com/tutorials/cpanel/ip_deny_manager.htm
> 
> Generally the APF-Firewall will do that trick as well, but (as is) that
> requires shell access to configure and such blocks then affect the
> entire server and everything on it. I have started work on a GUI for it,
> though. But still: I am not sure if I want to allow siteAdmins to
> blacklist IP's or IP address ranges via the firewall. That's just too
> risky and I doubt cPanel does it that way. They probably just throw in a
> .htaccess that does the blocking on a per Vsite basis.
> 
> Which is the more sensible approach if you let siteAdmins mess with it.
> I can certainly hack something like that together for BlueOnyx. I'll put
> it on my list as it'll make a really nice add-on.
> 
> As I'm also getting more and more into protecting services on BlueOnyx
> with GeoIP I might as well throw in GeoIP support in the per-Vsite HTTP
> access restrictions. Sou you can then not only block by IP or network
> addresses, but also by countries.
> 
> Somewhat earlier tonight I updated base-alpine for 5209R with an UIFC
> class GeoIP which provides a GUI element for black- and whitelisting
> countries. 5207R and 5208R will get it as well.
> 
> The AV-SPAM v6.1.0 (currently in development) uses it alongside with a
> "Milter-GeoIP" for Sendmail that I wrote.
> 
> See: http://d2.smd.net/GeoIP/Milter-GeoIP.png
> 
> This new "Milter-GeoIP" has three functions:
> 
> 1.) Protect SMTP-Auth
> =======================
> 
> If a user logs in via SMTP-Auth with username and password, the IP can
> be checked with GeoIP. If the originating country is blacklisted, then
> this login will be marked as suspicious. The transaction can either be
> "just reported" (email to server admin), can be blocked (and warned
> about in an email) and (optionally) the account in question can be
> suspended automatically. A suspend transaction will also trigger a
> warning email to the server admin and the comment field of the suspended
> user account will be updated with date and reason for the suspension.
> 
> 2.) Daily limits for email-sending:
> ====================================
> 
> The age old problem: An account gets hacked and the server starts to
> send SPAM. Any you usually only notice once you get blacklisted.
> 
> No more of that. Milter-GeoIP can keep accurate track of how many emails
> each user and each Vsite sends per day. This includes emails sent by
> scripts as well.
> 
> If a system user, a vsite (or its users) or an individual user account
> sends more emails than allowed per day, then further sending of emails
> on that day by this user (and/or all users of the Vsite) will be
> prevented with a descriptive error message that states why.
> 
> This can be configured on per user and vsite level.
> 
> 3.) Blocking of *all* SMTP connections via GeoIP:
> ==================================================
> 
> This is both controversial and optional: If enabled all SMTP connections
> from blacklisted countries are rejected at the MTA level. This is either
> done via failing all commands to someone who connects from a blacklisted
> country. Or it can be done by dynamically generating a firewall rule via
> APF (if it is installed).
> 
> Like said: That is pretty drastic. But you wouldn't believe how much the
> SPAM flow drops if you block continental Asia, Russia and the former
> Soviet republics. :p
> 
> -- 
> With best regards
> 
> Michael Stauber
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx

-- 
"I Ping therefore I am."

More information about the Blueonyx mailing list