bjoernvold.com

In a recent post here viking60 mentioned SFS and I decided to go have a look at it. I found this post in their forums which shows how to automagically download their list and block spammers using .htaccess files, but as someone points out in the thread, .htaccess is a slow and resource intensive way to do that. Not too long ago I started playing with ipset (and iptables) to block large lists of IP's and ranges - and thought that it might work well for SFS too. Here's what I came up with...

Start with the dependencies:
Then add this to your existing iptables firewall script:
Then a script that updates the ipset:

The script can just be cron'ed daily to keep it reasonably updated... hopefully someone will find that helpful. :-)

NOTE: I selected a number of IP's from the list and whois'ed them to see what I would find. Some of them were hosting providers (infected webapps and plugins no doubt) so I would suggest not blocking them from legitimate services that may be running in a hosted environment (like SMTP for example).

S.

Great stuff I did not know that I could download the "hall of shame" aka listed_ip_7.zip
Keep it coming.
checking it out now...

O yes that works just fine
Here is what I did.
I installed ipset
and tried to check things out with At this point I got an unknown command error so I remembered that I probably would have to do it as root

Which worked and pretty much had nothing to show. So we need to be root for these operations.
Then I used your tip to create my own/your list and called it sfs_block - as you did.
I made a file which I called sfsblock.sh and put your script in there and chmoded it

and ran it like this

That went through so time to check the result again:

and the result:



Just to make it less scary for others to try:
You can remove your list or set with
If you want to go back to square one.

viking60 wrote:I did not know that I could download the "hall of shame"

I found their downloads page which has a few different lists you can download. Some are updated hourly while others are daily... and a number of them have limits on how frequently you can download them. I also really like their "always going to be free" policy.

S.

Yes I like their approach and I am also responsible for reporting some of the spammers listed there, I am proud to say.
This approach is somewhat drastic though - because it shuts out the IP from the server.
There can be lots and lots of decent people being shut out with that approach. But I must admit that I did cut of many Chinese IP's from my server back when we had the Chinese spam wave.

These days India is the main spamming sinner so I am really considering to discriminate IP ranges from them too..

viking60 wrote:and I am also responsible for reporting some of the spammers listed there, I am proud to say.

viking60 wrote:This approach is somewhat drastic though - because it shuts out the IP from the server.

Perhaps I am a little jaded and angry... I like the drastic approach. :-)

viking60 wrote:admit that I did cut of many Chinese IP's from my server back when we had the Chinese spam wave.
These days India is the main spamming sinner so I am really considering to discriminate IP ranges from them too..

Blocking entire countries is actually where my ipset adventure started, now I also have sets for "bad people", "misidentified Bingbot", and "hosted servers". I am a monster.

S.

Spoken like a true berserk - so you got upgraded.
You will need to re-upload your avatar though - sorry about that

viking60 wrote:Spoken like a true berserk - so you got upgraded.

Booyeah! :-)

viking60 wrote:You will need to re-upload your avatar though - sorry about that

I kind of like the new guy, I think I'll leave him for a bit.

Thanks v60!
S.