Blocking a netblock because why not

There is an ip address or block whch when i grep-ed**  and wc -l* counted 11000 lines of fail.  Email might be hard but that level of failure deserves a more detailed examination.

Eventually i whois lookup the thing – find it is in Romania and see this.

remarks: *** Abuse Reports to : abuse@e2servers.com
remarks: *** This IP block is used for web hosting, ***
remarks: *** dedicated and co-located servers. In ***
remarks: *** case of spam, please only deal with ***
remarks: *** originator IP only. ***
remarks: *** DO NOT DEAL WITH THE WHOLE IP BLOCK ***
remarks: ************************************************

Not knowing whether i would be playing whack a mole with a secondary mx or more i decided to mallet the whole block (my block) after all 11000 things say where shit at this.

I enjoy funny whois messages this one from iran (my blog) is fun and i guess our new chums at e2servers.com will not be able to help there client until our servers gets a reboot whenever that is.

I did not contact them as clearly its more fun if we dont.

So if your a client of them you know why things dont work.

*nothing to do with a toilet -joke ** not a hollywood rape method

A wild shodan.io appears (refrigerator.census)

I was informed that refrigerator.census.shodan.io[71.6.146.130] connected and as i dislike them (my blog) it was added to the permanent firewall (my blog).

OrgAbuseHandle: ABUSE341-ARIN
OrgAbuseName: CariNet Abuse
OrgAbusePhone: +1-858-974-5080
OrgAbuseEmail: complaints@cari.net
OrgAbuseRef: https://whois.arin.net/rest/poc/ABUSE341-ARIN

They have also had a mention before

Its been a while and lets hope you never try to visit the zoo with that address once they discard iit.

blocklist.de in debian stretch

scumbag spammer Robert Soloway

Bananas likes to collect data for blocking be dmarc rejects and even lists of bad ranges so i decided to collect data and pass it on that spammers and probers made without me – seems only fair to pass it on to a wider audience.

The attempt was a bit botched and confusing with api keys and email.  I also wanted reports and so i had an hour of woe and really odd error messages, i even had to adjust postfix to let it send email out rather than just be a local affair on our internal instance.

citizen may the children’s entertainer

The site needed config details and once you have ‘servers’ things it kind of make more sense.  The client software is horrible and they suggest reconfiguring it there way rather than adapting what i know works.  That probably did not help but it is good to know how it works rather than have it working and consider it magical or religious with ‘faith’.

In the end i gave up with .local config files and made backups and put the revised files where the debian os put them – it probably makes nightmares for me down the road** but it sent mail.

tube recycle those 1’s and 0’s

Api keys are confusing there are two – each ‘server’ has a unique key* and a user has a key (five digits) of which one exists that is api key the config files appear to like rather than the per server thing in this regard i am just a submitter of data.

The action for blocklist_de i did not use but I kept my existing email report, whether that sends via an http(s) api rather than email was something i never quite got figured out although the log file had some interesting stuff in for a change.

Email reporting appears to work for me as well as well as the blocklist and once i provided postfix with a gateway setting [not needed until now] mail was routed rather than remain undelivered.   Oddly most of the ssh attempts we usually get appear to have dried up after all its good to tell the probers as to how there data will be shared.

It appears setup – time will tell if it makes a difference.

*remember the zoo has four domains **time for dpkg.dist files

 

To boldly spot new shodan.io addresses with the help of Picard

My dislike of shodan.io (my blog) is well documented

goldfish.census.shodan.io
does not resolve to address 
185.163.109.66

So here is another to crimson firewall and forget

That address comes from Romania who if your feeling in the mood email it to the isp abuse@m247.ro because i would not not want to host anything on that address.

I seem to be having a multiple st:tng episode day today.

 

Another shodan.io find once again co hosted with David Attenborough

The delights of being a shodan.io spotter (my blog) never disappoint.  Beats birdwatching

pirateCome and meet

pirate.census.shodan.io
does not resolve to address 71.6.146.185

Of whom that isp is remembered

But is actually

;; ANSWER SECTION:
pirate.census.shodan.io. 300    IN      A       216.117.2.180

picardWhich may also be called burger (my blog) I make no comment about them as i know them already other than hi once more shall suffice.

What was up with burger ?

Anyhow something well worth crimson firewalling. You should by all know my views on the scum at shodan.io.

Enjoy your day

 

The adblocker

Advertisng can be rogue on the internet serving malware and viruses and killing your internet quota (my blog). After i installed this newer blocker i noticed the better statistics with 10% of requests being blocked, of those 10% which would have sucked down gigabytes of data and set thousands of cookies.

Oddly some blockers get more attention than others from sites who will not pay up for malware infections they served up via an incompetent third party.  So they know the problem but be unwilling to tackle the issue

I have a browser without an blocker and that is rarely used for reasons i am sure you can guess.