CIDRAM Files

Version/Release 0.2.0

• [2016.03.15; Signatures; Maikuolan]: Added Microsoft Azure CIDRs to the IPv4 signatures file; Updating several sections; Changed the "example" CIDRs in the IPv4 custom signatures file to reduce ambiguity (because the previous examples used CIDRs that wouldn't normally be triggered; fixed).

• [2016.03.17; Signatures; Maikuolan]: Removed all references to HostExploit and SiteVet from CIDRAM. These two services appear to have not been updated in over a year and a half, and emails I've sent to them to ask whether their services are actively maintained and/or up-to-date seem to have been ignored, as I've not received any replies from them for any of the emails I'd sent. I don't think we should rely on outdated information. I've opted, instead, to include references to and information about the Google Malware Dashboard, which appears to be being updated on a daily basis, have a greater depth of information available and appears to be more reliable, so far. I've already added some new sections for new ASNs to block based upon the information they have available, and may possibly remove and/or modify some old sections in the future based on the information they have available.

• [2016.03.18; Minor code change; Maikuolan]: Renamed all "INC" files to "PHP" files and changed all references to them accordingly. Refer github.com/Maikuolan/CIDRAM/issues/3

• [2016.03.19; Sub-minor code change; Maikuolan]: Changed the default value of the "block_bogons" directive from true to false. Added a new directive, "disable_cli", to optionally disable the CLI mode implementation for CIDRAM. Added a fallback to help deal with situations where multiple IP address server variables may be in use.

• [2016.03.21; Bug-fix; Maikuolan]: Improved the way in which we can detect whether we're in CLI-mode (there was a problem previously whereby cronjobs could sometimes be blocked in certain circumstances, and this shouldn't happen normally, thus qualifying this problem as a bug; this improvement corrects this problem). Refer github.com/Maikuolan/CIDRAM/issues/4

• [2016.03.25; Sub-minor code change; Maikuolan]: Removed references to the "package" tag from all phpDoc page blocks in the package (we don't need these, because we already have README documentation and don't use api-docs). Refer github.com/Maikuolan/phpMussel/issues/85

• [2016.03.27; Minor code change; Maikuolan]: Added a "Why Blocked" field for the "Access Denied" page and for logging, to act as a debug mechanism to help track line/offset/section values for triggered signatures. Added code to allow CIDRAM to handle Windows-style linebreaks within the signature files, as so that it can now correctly interpret more than just Unix-style linebreaks. Refer spambotsecurity.com/forum/viewtopic.php?f=61&t=3819 Refer github.com/Maikuolan/CIDRAM/issues/3

• [2016.03.28; Minor code change; Maikuolan]: Added support for section tags! It's now possible to uniquely identify specific signature sections from the signature files by tagging sections with a section tag; These section tags will be included in the logfiles whenever any of the signatures from the tagged sections are triggered and will appear alongside debug information for the user whenever they're blocked. Refer spambotsecurity.com/forum/viewtopic.php?f=61&t=3819 Refer github.com/Maikuolan/CIDRAM/issues/3

• [2016.03.31; Signatures; Maikuolan]: Renamed "ipv4_custom.dat" to "ipv4_custom.dat.RenameMe" and renamed "ipv6_custom.dat" to "ipv6_custom.dat.RenameMe". The reason for appending ".RenameMe" onto the end of the names of the custom signature files is to prevent accidentally overwriting these files whenever someone updates CIDRAM blindly (such as via a dependency manager, installer or auto-updater; The custom signature files should be renamed back to their original former names by the user to activate them). Shell-style hashing implemented to all signature files for all comments and for all non-signature and non-syntactical entries; This won't be enforced onto users, but is recommended to improve readability for IDEs and text editors. Added some information from Spamhaus to help users gage the merit of blocking or not blocking some particular ASNs. Numerous new signature sections added to both the IPv4 and IPv6 signature files. Refer spambotsecurity.com/forum/viewtopic.php?f=61&t=3819 Refer github.com/Maikuolan/CIDRAM/issues/3

• [2016.04.01; Minor code change; Maikuolan]: Renamed "config.ini" to "config.ini.RenameMe". The reason here is the same as the reason for having recently done the same thing to the custom signature files (to prevent accidentally overwriting this file whenever someone updates CIDRAM blindly). Additionally, the configuration file is now optional; The script has fallbacks implemented for all configuration directives and no longer dies an error to the user/client when the configuration file is unavailable. Added a "Reconstructed URL" field for the "Access Denied" page and for logging, to determine which resource was being requested at the time of a user/client being blocked. Refer spambotsecurity.com/forum/viewtopic.php?f=61&t=3819 Refer github.com/Maikuolan/CIDRAM/issues/3

• [2016.04.02; Bug-fix; Maikuolan]: A bug was found by GaffNet whereby custom whitelist signatures were ignored by the script as of the latest version of the codebase due to the way that whitelist signatures were handled; This has been fixed. Refer github.com/Maikuolan/CIDRAM/issues/7

• [2016.04.03; Minor code change; Maikuolan]: Added support for Apache-style logging and for serialised logging (this could help any users wanting to integrate CIDRAM with packages such as fail2ban, which require Apache-style logs), and two related new configuration directives. Extended the "forbid_on_block" directive to allow 503 header responses. Added the ability to silently redirect blocked access attempts instead of displaying the usual "Access Denied" page. Did some more minor code refactoring. Refer spambotsecurity.com/forum/viewtopic.php?f=61&t=3819 Refer github.com/Maikuolan/CIDRAM/issues/3

• [2016.04.04; Minor code change; Maikuolan]: Added support for custom themes; A new directive has been added to the configuration file allowing users to stipulate a custom CSS file to apply to the HTML output template; This and the new custom themes support for CIDRAM will work in the exact same way that custom themes for phpMussel works. Implemented a validator/fixer for checking and fixing signature files; Currently a work-in-progress and a BETA, but seems to function correctly and as intended; Currently only available in CLI, but will be available via other means after work has been completed. Refer github.com/Maikuolan/CIDRAM/issues/9

• [2016.04.10; Minor code change; Maikuolan]: Added support for section expiry! It's now possible to mark signature sections with an expiry date, to ensure that any signatures they contain won't be triggered after a specified date. This feature is optional; Unmarked signature sections won't expire.

• [2016.04.10; Signatures; Maikuolan]: Added numerous new signature sections to the signature files, covering a number of different new ASNs. Added IPs from ZeuS C&C tracker.

• [2016.04.12; Minor code change; Maikuolan]: Split the language data files into two dinstinct files per each language; Standard language data and CLI language data.

• [2016.04.17; Minor code change; divinity76]: Stricter loading for the configuration file (CIDRAM will now return an error if the configuration file isn't readable).

Caleb M / Maikuolan, 18th April 2016.