blocklist.de in debian stretch

scumbag spammer Robert Soloway

Bananas likes to collect data for blocking be dmarc rejects and even lists of bad ranges so i decided to collect data and pass it on that spammers and probers made without me – seems only fair to pass it on to a wider audience.

The attempt was a bit botched and confusing with api keys and email.  I also wanted reports and so i had an hour of woe and really odd error messages, i even had to adjust postfix to let it send email out rather than just be a local affair on our internal instance.

citizen may the children’s entertainer

The site needed config details and once you have ‘servers’ things it kind of make more sense.  The client software is horrible and they suggest reconfiguring it there way rather than adapting what i know works.  That probably did not help but it is good to know how it works rather than have it working and consider it magical or religious with ‘faith’.

In the end i gave up with .local config files and made backups and put the revised files where the debian os put them – it probably makes nightmares for me down the road** but it sent mail.

tube recycle those 1’s and 0’s

Api keys are confusing there are two – each ‘server’ has a unique key* and a user has a key (five digits) of which one exists that is api key the config files appear to like rather than the per server thing in this regard i am just a submitter of data.

The action for blocklist_de i did not use but I kept my existing email report, whether that sends via an http(s) api rather than email was something i never quite got figured out although the log file had some interesting stuff in for a change.

Email reporting appears to work for me as well as well as the blocklist and once i provided postfix with a gateway setting [not needed until now] mail was routed rather than remain undelivered.   Oddly most of the ssh attempts we usually get appear to have dried up after all its good to tell the probers as to how there data will be shared.

It appears setup – time will tell if it makes a difference.

*remember the zoo has four domains **time for dpkg.dist files

 

To boldly spot new shodan.io addresses with the help of Picard

My dislike of shodan.io (my blog) is well documented

goldfish.census.shodan.io
does not resolve to address 
185.163.109.66

So here is another to crimson firewall and forget

That address comes from Romania who if your feeling in the mood email it to the isp abuse@m247.ro because i would not not want to host anything on that address.

I seem to be having a multiple st:tng episode day today.

 

Another shodan.io find once again co hosted with David Attenborough

The delights of being a shodan.io spotter (my blog) never disappoint.  Beats birdwatching

pirateCome and meet

pirate.census.shodan.io
does not resolve to address 71.6.146.185

Of whom that isp is remembered

But is actually

;; ANSWER SECTION:
pirate.census.shodan.io. 300    IN      A       216.117.2.180

picardWhich may also be called burger (my blog) I make no comment about them as i know them already other than hi once more shall suffice.

What was up with burger ?

Anyhow something well worth crimson firewalling. You should by all know my views on the scum at shodan.io.

Enjoy your day

 

The adblocker

Advertisng can be rogue on the internet serving malware and viruses and killing your internet quota (my blog). After i installed this newer blocker i noticed the better statistics with 10% of requests being blocked, of those 10% which would have sucked down gigabytes of data and set thousands of cookies.

Oddly some blockers get more attention than others from sites who will not pay up for malware infections they served up via an incompetent third party.  So they know the problem but be unwilling to tackle the issue

I have a browser without an blocker and that is rarely used for reasons i am sure you can guess.

upsetting the shodan.io fanboys

crazyfanBananas has shodan blocked (my blog) after all the traffic they send is crap.  These fans of shodan (not that kung foo thing) have a weird logic that means as well there port scanning crap, spammers also would be given free range to try and send viruses (my blog) and whatever to systems because that’s fair and justifies shodan.io as well.

I have a scheduled task that needs no intervention from me but i notice that shodans fans got upset when a writer for one of pointy hair it management types magazines also called shodan a waste of space.

I maintain my view that shodan is traffic best not processed with, along with spammers who seem to have access to it.

Email virus scanning needing some help

The zoo’s virus thing [not that microsoft windows crap you run] was not working well or did not have the definitions and as we do not get that many and they get reported and blocked until the next server reboot whenever that is so life is limited here for botnet members.

Anyhow with the rise of attachments whom did not originate where they said they did i decided to go look at improving at virus detection rather than doing spf that some retard at yahoo (my blog) and elsewhere has yet to figure out.

Yes we have spf but being correct in inbound spf means a lot yahoo email wont get through and you have to tolerate idiots sending email or the zoo staff complains about it

moranIts a fact of life that many retards inhabit email servers, an example where i nearly choked on my coffee one morning was on the dmarc email list when some corporate citizen had yet to even do spf and also wanted dmarc (my blog).  I assume that as it was not a paid service from somebody else it failed the i should have done that about ten years ago motivation

So i go looking for fresher virus databases and find them.so one saturday i decide to install them, apart from some missing settings on update and ownership of the files i am pretty close after installing rsync the sunday log looks good.

The reason i worked on the saturday is so i could troubleshoot and be ready for monday for testing  by you special internet users you know them as well.  Monday came round and Vietnam verified it was working.

amavis[x]: (26467-09) Blocked INFECTED (Malware.24819.MacroHeurGen.Hp.UNOFFICIAL) {DiscardedInbound,Quarantined}, [14.170.60.120]:50964 [14.170.60.120] <sales@transglobalexpress.co.uk> -> <info@zoo>, quarantine: O/virus-Oupswa7kUlmo, Queue-ID: ECA6EBD6899, Message-ID: <7D1C0677256B441FAF71558ABA98D26D@409733db1>, mail_id: Oupswa7kUlmo, Hits: -, size: 98052, 328 ms

great bananas, but the catholic preist raped my childrenSo i broke out the celebratory bananas after all that Monday was declared a success. Retards at yahoo get there mail delivered and i dont have to deal with nasty stuff with the zoo.

I still hate microsoft for designing this crap that even i have to deflect.

Crook

Crook

Eventually the server which is not a microsoft product will delete the virus attachment when set so it will never be opened by a lifeform. It would be nice to not have a scanner on the server but it appears that is how things are however i do get to call all microsoft employees retards for writing special code (my blog) that makes windows software unusable.