Configserver Firewall Spamhaus IP Blacklist

Discussion in 'Masalah Teknik dan Keamanan' started by voezie, 1 Dec 2014.

Thread Status:
Not open for further replies.
  1. voezie

    voezie Hosting Guru

    Messages:
    1,771
    Likes Received:
    212
    Trophy Points:
    63
    Halo,

    Mungkin berguna bagi pemilik server yang menggunakan CSF (Configserver Firewall) untuk memblok ip blacklist dari spamhaus dan kawan-kawannya:

    1. Edit file /etc/csf/csf.blocklists

    2. Ubah/tambahkan list nya sebagai berikut:

    Code:
    # Spamhaus Don't Route Or Peer List (DROP)
    # Details: http://www.spamhaus.org/drop/
    SPAMDROP|86400|0|http://www.spamhaus.org/drop/drop.lasso
    
    # Spamhaus Extended DROP List (EDROP)
    # Details: http://www.spamhaus.org/drop/
    SPAMEDROP|86400|0|http://www.spamhaus.org/drop/edrop.lasso
    
    # DShield.org Recommended Block List
    # Details: http://dshield.org
    DSHIELD|86400|0|http://www.dshield.org/block.txt
    
    # TOR Exit Nodes
    # Details: https://trac.torproject.org/projects/tor/wiki/doc/TorDNSExitList
    TOR|86400|0|http://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1
    
    # Alternative TOR Exit Nodes List
    # Details: http://torstatus.blutmagie.de/
    ALTTOR|86400|0|http://torstatus.blutmagie.de/ip_list_exit.php/Tor_ip_list_EXIT.csv
    
    # BOGON list
    # Details: http://www.team-cymru.org/Services/Bogons/
    BOGON|86400|0|http://www.cymru.com/Documents/bogon-bn-agg.txt
    
    # Project Honey Pot Directory of Dictionary Attacker IPs
    # Details: http://www.projecthoneypot.org
    HONEYPOT|86400|0|http://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1
    
    # C.I. Army Malicious IP List
    # Details: http://www.ciarmy.com
    CIARMY|86400|0|http://www.ciarmy.com/list/ci-badguys.txt
    
    # BruteForceBlocker IP List
    # Details: http://danger.rulez.sk/index.php/bruteforceblocker/
    BFB|86400|0|http://danger.rulez.sk/projects/bruteforceblocker/blist.php
    
    # Emerging Threats - Russian Business Networks List
    # Details: http://doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
    RBN|86400|0|http://rules.emergingthreats.net/blockrules/rbn-ips.txt
    
    # OpenBL.org 30 day List
    # Details: http://www.openbl.org
    OPENBL|86400|0|http://www.us.openbl.org/lists/base_30days.txt
    
    # Autoshun Shun List
    # Details: http://www.autoshun.org/
    AUTOSHUN|86400|0|http://www.autoshun.org/files/shunlist.csv
    
    # MaxMind GeoIP Anonymous Proxies
    # Details: http://www.maxmind.com/en/anonymous_proxies
    MAXMIND|86400|0|http://www.maxmind.com/en/anonymous_proxies
    
    # Blocklist.de
    # To use this list you will probably need to change URLGET in csf.conf to use
    # LWP as this list uses an SSL connection
    # Details: https://www.blocklist.de
    # This first list only retrieves the IP addresses added in the last hour
    #BDE|3600|0|https://api.blocklist.de/getlast.php?time=3600
    # This second list retrieves all the IP addresses added in the last 48 hours
    # and is usually a very large list (over 10000 entries), so be sure that you
    # have the resources available to use it
    BDEALL|86400|0|http://lists.blocklist.de/lists/all.txt
    
    Atau dapat di edit melalui tombol "LFD Blacklist" di halaman ConfigServer Firewall
     
  2. BennyKusman

    BennyKusman Hosting Guru DWH Guardian Web Hosting (Company)

    Messages:
    2,234
    Likes Received:
    239
    Trophy Points:
    63
    apakah mas voezie sudah implement ini dari lama ?
    karena setahu saya ip broadband banyak yang di blacklist..
     
  3. galuh82

    galuh82 Hosting Guru Web Hosting (Company)

    Messages:
    2,514
    Likes Received:
    186
    Trophy Points:
    63
    benar, apalagi ip dari operator seluler terkadang 1 blok yang masuk list.
     
  4. voezie

    voezie Hosting Guru

    Messages:
    1,771
    Likes Received:
    212
    Trophy Points:
    63
    Tinggal whitelist aja klo ada customer yg kena banned :D kebetulan pelanggan saya sedikit, jadi gak banyak komplain masalah banned :D
     
  5. PusatHosting

    PusatHosting Hosting Guru Web Hosting

    Messages:
    3,342
    Likes Received:
    326
    Trophy Points:
    83
    Saya dulu pernah coba seperti ini tapi banyak yg komplain disebabkan banyak ip ISP yang masuk daftar spamhaus jadi skr tidak pakai lagi.
     
  6. mnordins

    mnordins Apprentice 1.0

    Messages:
    527
    Likes Received:
    66
    Trophy Points:
    28
    dari default bawaan CSF ya om?... kemaren baru saya coba aplikasikan ke production server... nunggu respon user dulu... :)
     
  7. PusatHosting

    PusatHosting Hosting Guru Web Hosting

    Messages:
    3,342
    Likes Received:
    326
    Trophy Points:
    83
    iya betul dari CSF nya.
     
  8. dhyhost

    dhyhost Hosting Guru Web Hosting

    Messages:
    3,948
    Likes Received:
    615
    Trophy Points:
    113
    hm, repot juga ya kalau banyak yg kena block, di whitelist agak susah jg kalau IPnya dinamis,
     
  9. mnordins

    mnordins Apprentice 1.0

    Messages:
    527
    Likes Received:
    66
    Trophy Points:
    28
    repotnya lagi kalo yang keblacklist /29 om... se networknya heheheh.... pernah pengalaman dapet IP dari C*l*Cr*ss*ng.... kena blacklist sama spamhaus 1 network... amsyong dah.... #pindahan hehehehe
     
Loading...
Thread Status:
Not open for further replies.

Share This Page

Loading...