Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Feb 17 08:07

    Maikuolan on v2

    Signatures update. (compare)

  • Feb 17 08:07

    Maikuolan on v1

    Signatures update. (compare)

  • Feb 17 08:06

    Maikuolan on master

    Signatures update. (compare)

  • Feb 17 08:05

    Maikuolan on master

    Signatures update. (compare)

  • Feb 16 14:57
    Maikuolan commented #7
  • Feb 16 14:36

    Maikuolan on benchmarks

    Add a benchmarking script. Thiā€¦ (compare)

  • Feb 14 12:28
    737simpilot commented #170
  • Feb 14 12:22
    737simpilot commented #170
  • Feb 14 12:21
    737simpilot commented #170
  • Feb 14 12:19
    737simpilot commented #170
  • Feb 14 12:18
    737simpilot commented #170
  • Feb 14 11:53
    Maikuolan commented #170
  • Feb 14 11:47
    737simpilot commented #170
  • Feb 14 11:47
    737simpilot commented #170
  • Feb 14 11:45
    737simpilot commented #170
  • Feb 14 11:32
    Maikuolan commented #162
  • Feb 14 11:30
    Maikuolan closed #169
  • Feb 14 11:30
    Maikuolan labeled #169
  • Feb 14 11:30
    Maikuolan labeled #169
  • Feb 14 11:29
    Maikuolan commented #169
Caleb Mazalevskis
@Maikuolan
I'll get that sorted soon though.
(Or try to, at least).
mikeruss1
@mikeruss1
BGPView and v1 - dont do a lot of work. I wanted to see if I could reintroduce the country blocks we recently lost. Not a big issue.
Aaron
@737simpilot
Got a possible IP address for you to block. 196.247.229.238
Caleb Mazalevskis
@Maikuolan
LGTM. :+1:
I'll include it with the next update.
Aaron
@737simpilot
Got another IP for you to investigate. 185.39.10.69
Caleb Mazalevskis
@Maikuolan
Cheers. Got any records for that one? I don't have much coming up at my end.
Aaron
@737simpilot
I just saw them at AbuseIPDB and it's a server IP.
Aaron
@737simpilot
Okay, another factor about 185.39.10.69 is they attempted to connect to my site 21 times thus far.

Also, I just saw a huge 6 MB error_log file in CIDRAM's vault with nothing but this repeating.

[2020-02-12T19:42:52-07:00] Error at functions.php:L1645 (error code 8): "Undefined index: Bypass Flag". Eep.. Something went wrong during "SearchEngineVerification".

Caleb Mazalevskis
@Maikuolan

Also, I just saw a huge 6 MB error_log file in CIDRAM's vault with nothing but this repeating.

[2020-02-12T19:42:52-07:00] Error at functions.php:L1645 (error code 8): "Undefined index: Bypass Flag". Eep.. Something went wrong during "SearchEngineVerification".

Yeah.. You're not the only one experiencing that. Small bug in the code; My bad. Fixed late last night. '^.^

( Reference: CIDRAM/CIDRAM#169 )

Also, cheers; Looking at some of the records at AbuseIPDB now. (Didn't see them yesterday because some of them, though belonging to that network, are described under other network names; searching against some of the different announces at that ASN, I'm finding more now). I'll include it with the next update. :+1:
Aaron
@737simpilot
Thanks, that explains why I no longer see the error_log, however, Facebook is still being blocked. When I get another log from them I'll post it, but it looks like it all stems from functions. As that is the module indicated in the log.
BTW, do you have Call Of Duty Modern Warfare? LOL Just bought it and I have been gaming with some friends and we have a teamspeak chat. We also play ARK. Still very much a noob in both games though, but getting better.
Caleb Mazalevskis
@Maikuolan

I don't play any of the Call of Duty games. I've tried them before, many years ago, but they weren't really to my taste. I've got quite a few other mutliplayer games though. You're welcome to hit me up at Steam if you'd like. :-)

https://steamcommunity.com/id/maikuolan

Aaron
@737simpilot
Cool. I sent a friend request. My username is Gh0stplayer4
Your lemur avatar always tickles me. He looks slightly pissed off like 'why are you taking a photo of me?' LOL
Caleb Mazalevskis
@Maikuolan
Lol
Yeah
A long-term used avatar of mine now, but still serves its purpose, so haven't changed it.
Will log in now.
mikeruss1
@mikeruss1
UA of a crawler I have not seen before, needs blocking
Barkrowler/0.9 (+https://babbar.tech/crawler)
Aaron
@737simpilot
@Maikuolan Got another IP for you to investigate. This one comes out of Ukraine and is residential, but it shows up at AbuseIPDB with a 100% confidence score and shows up at Project Honeypot. Strange thing is that when I tested this IP in CIDRAM it didn't come back as being at AbuseIPDB, just two other modules I think. One was my Ukraine block and the other was my BGPView module country block. That was it. I'm suspecting since two modules already have a block for it, even testing the IP doesn't yield AbuseIPDB's block.
Also, this IP hit I saw in CloudFlare was trying to connect to my testing domain which is 403ed on the index via htaccess. Only my IP is allowed to view that domain. So I know any IP that hits this domain should be the worse of the worse since this domain can't even be indexed.
Aaron
@737simpilot

And totally forgot to give you the IP. Well, I have two more for you to research. Both of these IPs came a knockin' on my test domain which shouldn't have and they are residential, but show up at AbuseIPDB and Project Honeypot.

60.191.38.77

5.255.174.141

Caleb Mazalevskis
@Maikuolan
60.191.38.77 belongs to China Backbone, which CIDRAM does block, but also includes in the ignore.dat file by default (due to that blocking China Backbone outright effectively blocks at least half of China, which is potentially a very large number of people). Might just need to "unignore" it.
Checking the other IP now.
Caleb Mazalevskis
@Maikuolan
Yeah.. Looks pretty bad. I'll be including it in the next signatures update. :-)
Caleb Mazalevskis
@Maikuolan
Signatures update. :-)
And, I'll check out that new UA shortly, too.
Caleb Mazalevskis
@Maikuolan
Busy day at work yesterday and today. No progress at any issues or anything, and nothing to report at my end. Hope to be able to continue working on things soon.
Aaron
@737simpilot
10-4
Yeah, if you would like a copy of my CIDRAM install I can send it to your email. I use Protonmail now for most things and I do have your PGP key in Protonmail. My new key will automatically attach to the email for you to use.
mikeruss1
@mikeruss1
my images are served by a call to a php program. I dont use CIDRAM here because of the overhead. Is there any way to just use the IP tracking blocked database to block unwanted GETS without going through the complete routines ?
mikeruss1
@mikeruss1
thought of an obvious way of doing this, copy the Data element somewhere else each day, then use it in my program to do my own blocks
Caleb Mazalevskis
@Maikuolan
That could work.
I don't have an automated way to do this yet, but I could probably code something up to allow us to be able to do it automatically.
If I added a simple event call to the code block in the output generator responsible for processing tracking information for inbound requests, it would then, in theory, be possible to write an event handler to capture tracking data and redirect it somewhere else (e.g., an external text file or CSV which your own program could then use in whatever way it needs) by way of a simple, custom module. What do you reckon?
Caleb Mazalevskis
@Maikuolan
You could, for example, do something like this as a custom module (note that this won't work as expected as CIDRAM currently is; example is for in the case of the above-suggested idea of adding that event call):
<?php
/** Example custom module to deploy an event handler to redirect tracking data. */

/** Prevents execution from outside of CIDRAM. */
if (!defined('CIDRAM')) {
    die('[CIDRAM] This should not be accessed directly.');
}

/** Safety. */
if (!isset($CIDRAM['ModuleResCache'])) {
    $CIDRAM['ModuleResCache'] = [];
}

/** Avoid superfluous definitions in case of accidentally loading the module twice. */
$CIDRAM['ModuleResCache'][$Module] = function () {};

/** Our custom event handler, to redirect tracking data elsewhere. */
$CIDRAM['Events']->addHandler('redirectTrackingData', function () use (&$CIDRAM) {

    /** Guard. */
    if (!isset($CIDRAM['Tracking'], $CIDRAM['BlockInfo'], $CIDRAM['BlockInfo']['IPAddr']) {
        return false;
    }

    /** Write the tracking data. */
    return (bool)file_put_contents('/path/to/external/tracking/data/file.txt', json_encode($CIDRAM['Tracking']));
});
Anyway, just putting it out as an idea. :-)
mikeruss1
@mikeruss1
thanks for the offer, its OK I coded it fairly quickly. Just out of interest the one problem I had was the Cache Data name of "Key". I vaguely remember being here before, I think it might be a reserved word. Anyway mysql didnt like it, the Where clause wouldnt work. Changed it to "id" and worked immediately. Maybe my mysql options are screwed.
I like your idea though, provides a way to use parts of your functionality, offers a lot more flexibility. Idea for the future perhaps?
Caleb Mazalevskis
@Maikuolan

Idea for the future perhaps?

Definitely. :-)

thanks for the offer, its OK I coded it fairly quickly.

Cool cool. :-)

Just out of interest the one problem I had was the Cache Data name of "Key". I vaguely remember being here before, I think it might be a reserved word. Anyway mysql didnt like it, the Where clause wouldnt work. Changed it to "id" and worked immediately. Maybe my mysql options are screwed.

Could be that. I'll look in to that when I get a moment.

mikeruss1
@mikeruss1
you learn stuff all the time .... this works
SELECT * FROM cache where Key = 'Tracking'
key is a reserved word and needs to be encased in backticks - gitter wont let me add a backtick