14 replies to this topic

[Jimbo1]

Hello dear folks, long time no see. I am not sure if this was the correct place to ask this or not or where was the place to post, but as of late I have been getting hit with attacks from the inter net from place around the world because of what I do on the chat site. Thank Goodness for MAMB for blocking them from getting into my pc. T he question asking here is this, or mabey if it their is one out their, but the question is this, is their any software you could use to add the ip address to a blacklist to prevent them from trying to attack the pc, to stop it all together so MAMB will not have to block it. Not sure if I am asking it right or is their such a program out their to block them before they get to you. Jimbo AKA Preacher Man

[Doug]

Hi Jimmy,

That's what Host Files does.
http://winhelp2002.mvps.org/hosts.htm

Or, for specific listing of known malware generating sites...
http://forums.whatth...h...0838&st=135

Cautionary Note:
When a Hosts File is populated, it "blocks" any all browsers from accessing the listed addresses!
Of course that's a good thing, and exactly what was intended.

HOWEVER, and it is a big however, in capital letters...

There are plenty of ordinary commercial cites on the Internet which rely upon income generated from advertising revenue. Some (CBS.com for instance) "require" that the user allow viewing of ad content. No access to ads.... no content viewing either.

For an NCIS junkie such as myself, that means that I must temporarily remove Hosts File when I wish to view an episode.

No problem. And the advertisements are no more hazardous than at most sites, just annoying and any placed cookies can be removed next time you clear temps.
Replace Hosts File after viewing and protection resumes.

[Jimbo1]

HOWEVER, and it is a big however, in capital letters...

There are plenty of ordinary commercial cites on the Internet which rely upon income generated from advertising revenue. Some (CBS.com for instance) "require" that the user allow viewing of ad content. No access to ads.... no content viewing either.

For an NCIS junkie such as myself, that means that I must temporarily remove Hosts File when I wish to view an episode.

No problem. And the advertisements are no more hazardous than at most sites, just annoying and any placed cookies can be removed next time you clear temps.
Replace Hosts File after viewing and protection resumes.

Hiya Doug, how are you doing, yes that However and if are the big hummmm factor, know what ya mean when watching Star Trek and Survivor on line, that would have to be something to consider.

Like I said thank goodness MAMB does stop the site from attacking, was just kinda looking for a way to block them from ever seeing it period before MAMB catches it. Tomk had to fix me up once when i guess a few got through, again, as a Moderator in a world wide chat room, and hiding behind host files as is on that site a few get through and try to attack me and the tracker I use shows where they are at and many come from such places as , Iraq, Austria, Romania, Kyrqyzstan, Netherlands, Polan, Ukrain just to name a few. Sometime you do rub a few people the wrong way when you have to ban them from the site lol.

So I was pondering on the idea like I do with my outlook express, were I block e-mails before it passes their servers, so I would never see then.

Something to think about and possible do some more reseach, thought I would stop by to the guru tech's here to see if any of yall had any ideas.

Jimbo1

Edited by Jimbo1, 19 April 2012 - 03:02 PM.

[Doug]

Your own machine, your email client, and the site software, are three separate topics. Hosts File would do the trick for your machine. MailWasher or similar might assist with your email client, though I tend to use the native junkmail list. Your website software has some sort of ACP (Admin Control Panel) where IP addresses and email addresses can be banned.

[Doug]

Have you considered the resources at StopForumSpam.com? Does your website utilize a CAPTCHA? Individuals targeting your site on a directed attack basis may have to be dealt with on an individual case-by-case banning basis. Though if they are repeat offenders at other sites, they may be listed with StopForumSpam. What does your website Host software offer? I host a site at BlueHost which uses Postini which has a decent learning curve for added items, plus has a behavioral identifying component.

[Tomk]

This is way over my head... I haven't a clue how to tell that someone is trying to "attack" me. But I'm curious also... Doesn't the host file keep Jimbo's computer from connecting to sites that it blocks? How does it block someone from contacting him? Could Jimbo use the access control in his router to block these IP addresses from trying to connect to him? If they can't pass through the router... it would seem like they wouldn't be able to "attack" him.

[Doug]

Hey Tom, We'll have to rely upon Jimbo1 to tell us precisely what he does mean by "attack". He may mean: annoying, even malicious, spam-like message posting. Deleting an Banning are standard utility functions to abolish these when detected. "IF" his chat session utilizes email as the client, then he might be vulnerable to malicious attachments. But if his chat session utilizes a webhosted utility ( similar to I.P. Boards software), then he is dependent upon his IP to monitor and handle malicious intrusion. As Staff, he may or may not have ability to add email addy's and originating IP's to the Ban Filter, and he should use that function when appropriate. We don't know how generous his chat site is with regard to allowing attachments and inserted links, but that may be a review and decision process they need to consider. ______________________________ As to "attempts to gain control of his machine", a firewall (even Microsoft standard firewall) should be sufficient, especially because he is most likely also behind a NAT firewall that prevents any outsider from actually "seeing" any machine in his LAN. ___________________ As to stumbling into a hazardous website address when generally navigating the Internet, such utilities as SpywareBlaster, and MSVP Hosts File or Malware Domaain Blocklist will protect against the known bad vectors.

[Doug]

Yes, Jimbo1 can use his Router to block access from specifc IP's and/or blocks of IP's. But first he has to become aware (via having been spammed, etc.) that he wishes to block a specific or range of IP's. The value of MSVP Hosts File and/or Malware Domain Blocklist and MailWasher(or similar) is that thousands of individuals are constantly researching, identifying and reviewing for exclusion, any domain that is a potential bad-guy vector. It also depends upon how "thick his skin is". If offensive language is the breaking point, then Ban Filter provided by the IP or Board software is the mechanism to use. But Jimbo1 and his site will be persistently vulnerable to "troll behavior". For instance, a new member may pose as an ordinary member and then opportunistically post messages that are unacceptable. That type of vulnerability happens to any Forum. Admin ACP Ban Filters are strong weapons to use, but first the bad-guy has to reveal himself and the Admin has to be alerted to take action.

[Jimbo1]

LOL, I go to bed and wake up and wham lots more posting hahahahah, whew ok where do I start because a lot of questions was asked and raised, so your going to have to bear with me.

Attacks I mean yes that someone has my ip address and they are trying to get into my system, but as I said what it is or what its trying to do is unknown to me because at least MAMB stops it, the other day it went on for 15 minuets and I just ended up rebooting to get another ip address when logging back on to the net.

I have my modem and also a router, but the room or sometime I supect users who enter the channel find my address, but read on below of what MAMB does.

Here is a sample of the logs in MAMB:

2012/04/19 08:22:30 -0500 JIM-07B53836678 MESSAGE Starting protection
2012/04/19 08:22:38 -0500 JIM-07B53836678 MESSAGE Protection started successfully
2012/04/19 08:22:41 -0500 JIM-07B53836678 MESSAGE Starting IP protection
2012/04/19 08:24:22 -0500 JIM-07B53836678 Jim MESSAGE IP Protection started successfully
2012/04/19 08:32:14 -0500 JIM-07B53836678 Jim MESSAGE Executing scheduled update: Daily
2012/04/19 08:32:24 -0500 JIM-07B53836678 Jim MESSAGE Scheduled update executed successfully: database updated from version v2012.04.18.05 to version v2012.04.19.02
2012/04/19 08:32:24 -0500 JIM-07B53836678 Jim MESSAGE Starting database refresh
2012/04/19 08:32:24 -0500 JIM-07B53836678 Jim MESSAGE Stopping IP protection
2012/04/19 08:32:24 -0500 JIM-07B53836678 Jim MESSAGE IP Protection stopped
2012/04/19 08:32:31 -0500 JIM-07B53836678 Jim MESSAGE Database refreshed successfully
2012/04/19 08:32:31 -0500 JIM-07B53836678 Jim MESSAGE Starting IP protection
2012/04/19 08:32:41 -0500 JIM-07B53836678 Jim MESSAGE IP Protection started successfully
2012/04/19 13:34:52 -0500 JIM-07B53836678 Jim IP-BLOCK 213.163.64.33 (Type: incoming)

As Tom once told me being or using a irc chat client such as Mirc puts me into a risk of such attacks, the run down of the server:

The server is Ipocalypse.net ---- Yes Doug they have ways of banning folks from coming on their server, but it cannot stop them from getting at me once they get my ip address

The channel on the server in the room I am a moderator (Christian Chat) has room commands to ban ip's of users to stop them from coming into the room but not the server, if they try to elude our bans of the room then we get the Icops on Ipocalypse server stop them from logging into their servers.

The Icops have gave me a host name to try and what they call masking my ip address, TBH here not sure of what that term means masking, I guess it means to hide my ip address when I am in the room channel.

But As I found out their are ways when were in what we call a private window speaking to folks who are asking questions, snoop me OR sniff me out, and most time when I must take actions of such people, to kick them, mute then or perma ban then from the room, most time when a user is really mad I notice an attempt to get into my machine afterwards. The reason I say I getting use to questions asked and it almost like their trying to keep me talking just to trace me, but as always Thank Goodness for MAMB, Glad Ztrucker told me to by the paid version of it.

Have you considered the resources at StopForumSpam.com?

Does your website utilize a CAPTCHA?

Bit loss of those terms, if they would allow me to use a program to add such ip on my computer to block those address that MBAM picks up, then yes I would take a look at.

Could Jimbo use the access control in his router to block these IP addresses from trying to connect to him? If they can't pass through the router... it would seem like they wouldn't be able to "attack" him.

Now if this is an option to add such address to block them this is what I think would be good if my router has this function.

Hope this may fill in some gaps and again please be kind I'll give more info if needed, this is why I know where to come to to get the best minds at work

Jimbo

Edited by Jimbo1, 20 April 2012 - 08:09 AM.

[Doug]

Jimbo1, "Where" are you wishing to create the IP blocking? --- for instance ------ block annoying IP's that attempt to access my home network ------ block users from accessing the website chat room of the Christian chat site Please do not give a multiple choice answer. Because there are very different tools to use when protecting a website vs. protecting your home computer __________________________ If you are wishing to protect your home network from bad-guys who obtained your home network's IP when they visited the website chat room, and are now attempting to access you directly at home, you may be able to use your home router to block specific IPs. What "exactly" is the Brand and Model number of your home router? (include version number and firmware update)

[Jimbo1]

Jimbo1,

Q. "Where" are you wishing to create the IP blocking?

A. ------ block annoying IP's that attempt to access my home network
__________________________

If you are wishing to protect your home network from bad-guys who obtained your home network's IP when they visited the website chat room, and are now attempting to access you directly at home, you may be able to use your home router to block specific IPs.

What "exactly" is the Brand and Model number of your home router? (include version number and firmware update)

Protect your home network from bad-guys who obtained your home network's IP , yes it is exactly what I want to do.

Here is the info:
Brand: Netgear Range Max Duo Wirless -n- Router WNDR3300
Model: WNDR 3300
Firmware update: - could not find that info on the router
Version # ?? not sure

I have this info but want to ask is it ok to post and be safe,
I have what is called:
Security Pin # --
Serial # 1sl6047f08ef4

other info in the side was Mac 1 and Mac 2 numbers, Again was not sure if it was wise to post the security number and the mac numbers here, if not and you need them I can PM them to you.

Jimbo1

Edited by Jimbo1, 20 April 2012 - 11:22 AM.

[Jimbo1]

Not heard nothing so dropping a line.

[Doug]

Not heard nothing so dropping a line.

To the best of my knowledge, it is impossible to prevent spammers or any specific individual from "sending" stuff to you, unless of course you are the US government who has occasionally with assistance from Microsoft confiscated and shut down various server farms, or if you are the Egyptions, Syrians, Iranians or Chinese, and with the assistance of Google have turned off the spigot which feeds various objectionable materials from objectionable sites.

Email filters and Forum banning tools work by keeping a list of known-bad IP addresses and email addys, (which are accumulated by the staff and owners) and then diverting the incoming message into a ban or spam folder, instead of allowing the message into the Inbox or the ordinary Forum display.

Your Netgear Router Nat firewall essentially "blocks everyone" unless they know you are there and they are sending correctly configured packets (for instance email) to the correct Port at your external IP address (typically port 80, 25, or whatever your ISP pre-assigns). If you use an Email filter or "Rules" your local email client (outlook, thunderbird, etc) will gradually accummulate a list of email addys that you wish to never see, and they will be automatically sent to your SPAM or Junk folder. If you run a Firewall, you can gradually "teach" it to filter out various IP addresses.

The utilities I have suggested in previous posts are designed to block applications residing on your computer from accidentally "responding" or "initiating" contact with potentially hazardous addresses on the Internet.

The bad-guys get to knock on your door. You get to decide whether to open the door, and even to have an automated response to known-bad-guys, to refuse to open.

The annoying part of this scenario, is that bad-guys are often familiar with how to route their messages through proxy-servers, or even through zombie botnetworks, with spoofed email addys to make them look harmless. They can often change their origination address so often and so fast that it is impractical to "prevent" them and more practical to divert them to junk folder when they do appear.

It appears that your Netgear Router has the capability of Content Filtering, which "may" help in your efforts.
Content Filtering can be by Keywords, or by IP address.
Again, this functionality of your Router is mostly for blocking your own computer from responding to hazardous addresses.
And the down-side is that building a large list of filtered keywords and/or IP addresses can slow down your Internet access speed.

You can learn more about the capabilities of your own Netgear Router, by first Registering your router: ftp://downloads.netgear.com/files/WNDR3300_SM_12Nov07.pdf (the last page of that online manual)
And then you are eligible to receive Telephone Tech Support from Netgear: http://www.netgear.com/support.

Hope this helps at least a little.

Obviously I don't know the technical details well enough to describe the information, except in the primitive way I have above.
I offer my apologies in advance for any inaccuracies I may have included.

[Jimbo1]

You can learn more about the capabilities of your own Netgear Router, by first Registering your router: ftp://downloads.netgear.com/files/WNDR3300_SM_12Nov07.pdf (the last page of that online manual)
And then you are eligible to receive Telephone Tech Support from Netgear: http://www.netgear.com/support.

Hope this helps at least a little.

Obviously I don't know the technical details well enough to describe the information, except in the primitive way I have above.
I offer my apologies in advance for any inaccuracies I may have included.

I saw that after reading the last few post, I went into my settings and their is a section their to input ip address to block, guess I need to read up and see how it's done.

Jimbo1

[Jimbo1]

Called them and they gave me a link to this manual, and said to read up of how to block the service, all this is Greek to me and don't quite understand in section 3

http://documentation.../FullManual.pdf

Jimbo1

Edited by Jimbo1, 25 April 2012 - 12:51 PM.