Re: off topic - how to secure httpd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Dec 04, 2024 at 11:09:06PM +0000, gene heskett wrote:
> On 12/4/24 09:20, Marc wrote:
> > I hope nobody minds me addressing this off topic question.

Is there a better place for this discussion?

> > I was thinking about adding ipv6, and when I got a range to try with, I was actually surprised how many I got. This made me wonder how many ipv6 are being used and how many ipv4.
> > 
> > Having these ipv6 so abundantly available made me also think about how I have currently arranged my abuse mitigation. Currently I am having ipsets for different subments and use a sort of honeypot approach, anything automated that scans for vulnerabilities in wordpress or weird files and ignores the robots.txt is getting blocked.
> > 
> > Such an approach will lead over years that you block most of azure, google, amazon, digitial ocean, .cn etc.
> > 
> You left out hotmail and outlook.com.

Googlebot is a legitimate user.  Random spiders that happen to be
running on Google Cloud (or AWS, or any other cloud hosting service)
are most likely not.  I'd be very surprised if Google et al. weren't
smart enough to use separate netblocks for their own applications and
the hosting services that they sell.  I regularly firewall entire IPv4
/16s full of ill-designed AI trainers running on AWS and no legitimate
user has ever complained.

> > I don't think this will go well for ipv6 to be honest. If there are so many out there, my ipsets will grow even bigger.
> > 
> > I was wondering how others are solving this?

The real problem is, as above, the number of rules that this leads to.
I need to figure out some code to coalesce adjacent blocks and rewrite
my firewall rulesets.  (There's a bunch of websites that do this, but I
want to automate rule maintenance and I don't want to depend on
something that can crash or disappear.)

> I'm a long distance phone call from an ipv6 address, but ipv4 is just as 
> plagued. When will t-bird give us a /dev/null target to move such trash 
> to? And why do I have to restart it every day to make the filters it 
> has, actually work?
> 
> Also, we need a filter to trigger on the phone numbers in a msg. 
> Phishing bills for thousands of dollars purport to come from 
> shwab/amazon etc. but the phone numbers don't change.  That would make 
> one heck of a filter rule.

Is this veering off into email now?  There is surely a better place
for that.

[scratchy old recording]
Maildrop / procmail is your friend.

Or read up on Sieve.

-- 
Mark H. Wood
Lead Technology Analyst

University Library
Indiana University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
library.indianapolis.iu.edu

Attachment: signature.asc
Description: PGP signature


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux