That is the ticket..
My turn contribute :)
I have a secondary/backup server I will install your script on and allow
some production traffic to pass through and
I will get started on a time out script for this.
Maybe Eric can include this as a whole on the QMT WIKI site.
When I can, I will submit a follow up with results.
Thanks
Dave
On 4/9/2013 9:15 AM, Sam Clippinger wrote:
It came from pure desperation. IP filtering wasn't doing the trick
for me, so I started paying attention to the rDNS names and checking
out their websites. When I saw the same site again and again, I knew
I had a way to stop them. Then I also noticed that a lot of identical
sites were hosted on IPs in the same subnets, so I extended the script
to search out neighboring IPs. It works pretty well.
The script generates entries in a blacklist directory structure, not a
file, so the number of blacklist entries shouldn't be a problem.
Because each entry is a separate file, you could write a very simple
script to automatically delete any files older than X days. That
would make them automatically expire.
-- Sam Clippinger
On Apr 9, 2013, at 7:08 AM, David Milholen wrote:
Very Clever,
Where did this idea come from?
Also, is there tick timer per IP so as not to load up the blacklist file?
I like using the timers in router OS when performing firewall rule sets.
Basically lists the bad ip or name for a time limit then drops it but
it will get
added again if it is still bad.
Dave
On 1/27/2013 4:00 PM, Sam Clippinger wrote:
I've been asked for these scripts a few times and I've finally made
the time to package them up. They can be downloaded here:
http://www.spamdyke.org/releases/hunter_seeker/
http://www.spamdyke.org/releases/spamtrap/
Of the two, the hunter_seeker script is the most effective. My rDNS
blacklist is up to 92500 entries and stops a significant number of
incoming messages every day.
-- Sam Clippinger
On Jan 18, 2013, at 4:44 PM, Denny W. Jones wrote:
Mr Clippinger,
In this message:
http://www.mail-archive.com/[email protected]/msg01162.html
you refer to a script you wrote for scanning for IP's to blacklist.
I was wondering if you were able to make this available for
download. I'd be very interested in experimenting with it on my server.
Thanks for your time.
Denny
_______________________________________________
spamdyke-users mailing list
[email protected]
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
--
David Milholen
Project Engineer
P:501-318-1300
_______________________________________________
spamdyke-users mailing list
[email protected] <mailto:[email protected]>
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
_______________________________________________
spamdyke-users mailing list
[email protected]
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
--
David Milholen
Project Engineer
P:501-318-1300
_______________________________________________
spamdyke-users mailing list
[email protected]
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
