Be the first to post a text review of IdiotBlocker. Rate and review a project by clicking thumbs up or thumbs down in the right column.

• idiotblocker-1.1-beta-b-baa idiotblocker-1.1-beta-b-baa file released: idiotblocker-1.1.-baa.tar.gz

  posted 1198 days ago

• File released: /idiotblocker-1.1-beta-b-baa/idiotblocker-1.1-beta-b-baa/idiotblocker-1.1.-baa.tar.gz

  posted 1198 days ago

• idiotblocker idiotblocker-1.1-beta-b file released: idiotblocker-1.1-beta-b.gz

  2006-07-14 The only testing that has been performed against this module has occured on a home network whioch has had a history of ssh brute force attacks. This testing has shown brought forth several bugs which this release reflects in fix's. There also have been some additional functionality added to this script, but nothing major. This testing utilized the firewall option of this script and not the hots.allow option. Bug Fix's: 1). nslookup logic has been modified so that a timeout condition does not occur. The nslookup is used to acquire the actual ip of the offending party that is performing the bruteforce attack. 2). Modified single day parse regex variable. This variable had the date part of regex in incorrect place, no entries of auth.log were being parsed due to this. 3). Modified the external blacklist download logic. Downloads were occuring, but no updates were occuring whenwere found in master blacklist. 4). Have finaly resolved the issue of the idiotblacklist pf firewall not being updated or refreashed properly when new ip's are added when script is running from crontab. Thank you www.freebsdforums.org, quality people that are always very helpfull. That, and they definatly have better eyes then I do when it comes to spotting a typo 5). Had to modify how the month day regex is built because search date contained a zero when only single digit day. Regex needed the leading zero stripped off to match what is found in the log. Additional Functionality. 2). Added the to accept ip's from an external(web site) blacklist and update the ib.master.blacklist. This was done due to testing had shown that a very large percentage of the attacks against the home machine were occuring from specific nations. A maintained blacklist was found online in this testing and utilized. This update with the external blacklist will occur only once a day. 3). Added the ability to apply the ib.master.blacklist against both the hosts allow blackist and pf blacklist without having to parse the log. This was added to allow for applying manual changes to the master blacklist and then apply them accross all the other blacklists without having to parse the log. 4). Modified the auth.log parse logic to only parse one day at a time, unless either the -fd switch is set or this is the very first time the script is run. 5). Added logic to backup the log file when a threash hold size has been reached, and then reset it to zer 2006-02-14 - Release of idiotblocker-1.1-beta The following changes are included in this release: 1). The code has been modularized. 2). Path names are no longer hard coded in logic, but are defined in variables that are modifiable at beginning of code. 3). Logging has been added. 4). Executation switch's have been added. -b Brute Force detection is to occur. -up Update firewall rules. -d Verbose messgaes for debugging purposes. -m Perform updates to hosts.allow and pf.conf blacklists from ib.master.blacklist without parsing the auth.log 5). Initial setup logic has been added. * Backups are performed against the following files. hosts.allow pf.conf * An entry is added to the very beginning of the hosts.allow file to pull in the ib.hosts.allow.blacklist * Entries are added to the pf.conf file to pull in the ib.pf.blacklist 6). Logic to search for brute force attempts has been added. 7). Master black list file logic added, this will update files required by both hosts.allow and pf.conf for blocking ips. This also allows for latter modifications for timed purges of the blacklist. 2006-01-26 - Release of idiotblocker-alpha-1.0 The initial release of idiotblocker was the origional code that I was running on my home machine. This was a functional version of idiotblocker, but it was what I had origionally developed. There were no configuration options, and also no logging was being done. Brute force detection was not included nor were the ability to add entries to the pf firewall.

  posted 1211 days ago

• File released: /idiotblocker/idiotblocker-1.1-beta-b/idiotblocker-1.1-beta-b.gz

  posted 1211 days ago

• Tracker comment added

  droolin commented on the brute force attempts not identified or added to the blacklis artifact

  posted by droolin 1333 days ago

• Tracker comment added

  droolin commented on the external blacklist not updating properly artifact

  posted by droolin 1333 days ago

• Tracker comment added

  droolin commented on the brute force attempts not identified or added to the blacklis artifact

  posted by droolin 1337 days ago

• Tracker artifact added

  droolin created the external blacklist not updating properly artifact

  posted by droolin 1337 days ago

• Tracker comment added

  droolin commented on the brute force attempts not identified or added to the blacklis artifact

  posted by droolin 1339 days ago

• Tracker comment added

  droolin commented on the brute force attempts not identified or added to the blacklis artifact

  posted by droolin 1339 days ago