Irish IP Address Ranges

Jane Blonde

Anyone know where I'd get the full ranges of IP addresses so I can block off all non Irish IP addresses?

oscarBravo

There are a number of geo-databases for IP blocks out there, with varying degrees of accuracy.

Why do you want to block non-Irish addresses?

watty

Occasionally some Irish ISPs use some non-Irish IPs
In the past UTV, Three, Permanet and UPC have been known to do quite strange stuff (which had logical explanation)

Unless you are the BBC or RTE etc, think twice about Geoblocking?

Jane Blonde

It's a temporary solution to avoid compromise while the new site is being built, the current site is using some old software which is prone to being hacked.

watty

That won't work. Hackers use Irish IPs too

Build the site off line on a PC etc and then upload it.

Jane Blonde

Yes, that's true however it does limit the chances considerable. The current site is live and using Joomla 1.0.x which is not really the problem, more that it's using a lot of essential components which cannot be supported until the new version running 1.5.x is ready.

watty

Jane Blonde wrote: »

Yes, that's true however it does limit the chances considerable. The current site is live and using Joomla 1.0.x which is not really the problem, more that it's using a lot of essential components which cannot be supported until the new version running 1.5.x is ready.

Erm... no. Attacks are automated by Zombie bots. Our log shows the extent is amazing.

Loads of people are using Joomla. It along with Drupal and Wordpress are the top three.

Switch off bits that are insecure and look for alternatives. Geo-blocking is an illusion for security. It's only for "rights management".

We use hosted shared Linux. But I can test Joomla, Wordpress, Drupal and other "LAMP" stack stuff on my ancient insulated from Internet Windows 2000 box which has Apache and IIS, MySQL and MS-SQL. Nothing like having your cake and eating it.

Simply don't enable vulnerable components on an Internet connected Server. Even if only Galway can connect.

Jane Blonde

yes Watty, your bang on correct there, of the three Joomla is the one more likely to be hacked due the some of the more dubious plugins, mods and components but turning things off is not a solution at this stage, the only real solution would be to pull the site down until the upgrade can be completed but it's a very busy and complex site. The mods I suspect are the trouble are currently vital with no alternative solutions.

Looking through the raw logs is a frightening thing to do if you have never done it before, there are several attempts per day to the most common known php issues and yes some are from Irish IP addresses.

What I'm trying to do is very much a short term solution to reduce risk.

So, does anyone actually know where to get a current list of Irish IPs, especially for Imagine?

watty

Doesn't work.

Sometimes we get 10 to 20 attempts a minute. Other times 1 or 2 attempts an hour.

You only have Three choices.
1) Pull it all
2) Turn of bad bits
3) Add ZB Block http://www.spambotsecurity.com/zbblock.php

Anything else is an illusion.

Also look at http://stopforumspam.com/contributions

I have not used zb block. It requires all your php files to be modified in first line. But it's highly regarded.

I do use "stop forum spam", both to check signups and report to.

Jane Blonde

Hmmm...I haven't heard of ZB Block before, I think it's worth a shot. I'll install if and let you know how I get on.

Thanks Watty, I've never been a fan of messing with IP blocking, it's messy.

watty

Geo IP Range Blocking?

It's only for Geo-limiting of Rights and it only stops the casual punter. Serious folk just sign up to a VPN or Proxy in the desired target area. Also the "lists" are never accurate.

I do block particular IPs. But that is another story. That's to reduce traffic from known malicious sources.

cgarvey

Moved from IrelandOffline > Development

ressem

watty wrote: »

Also the "lists" are never accurate.

I thought that the robtex ones tended to be ok. Could be wrong.

http://www.robtex.com/as/as25441.html

Won't repeat the Geo-blocking view.

Jane Blonde

ok, ZB Block installed and working, I'll post any issues here but none so far though it's not easy to test as I don;t know how to pretend to be a bot:(

yes Watty, http://www.robtex.com/as/as25441.html is where I get lists from and your right, lists are never all that reliable.

JB

conor.hogan.2

I cant believe this is what you are doing to improve security, mind boggling.

Build offline then upload or build it properly then it wont matter if its online or offline.

jmcc

ressem wrote: »

I thought that the robtex ones tended to be ok. Could be wrong.

Some are and some are not. Basically it has to do with how the lists are compiled. The large lists (256 addresses and up) published by RIPE/ARIN/APNIC etc miss the subnets which may have been associated with a country other than the main range. To get this level of granularity, you have to use the larger IP whois databases. On the large lists, only 256 ranges show up as IE. On the RIPE whois, 27271 ranges show up as IE. Some UTV IPs will show up as being GB rather than IE. At the moment, I'm just geomapping all nameservers in com/net/org/biz/info/mobi/asia and a few thousand in the ccTLDs. Even with the IP data, the adjacent market effect (Irish doms hosted on UK servers etc) can make things a bit confusing. But just blocking on IP does not solve the intitial problem (just to repeat it for the n th time).

Regards...jmcc

mneylon

There are several services offering Geoip lookups, which are fine for adserving and content rights stuff

Totally useless for security - as already pointed out ..

Jane Blonde

Conor, Blacknight etc. unfortunately you don't understand the full situation, the IP block was an emergency fix, and the client situation...well it's not ideal.

Watty, I've had ZB Block installed for a month now and it works really well, the only issue I've had is that it also blocks a lot of ISPs that are actually ok but it's easy enough to make an exception for each.

Thanks for all your help guys, took a while but I'm happy that the ZB Block is working far better than the IP allow/deny could ever.

Please, no more posts telling me that the best solution is build everything again...of course it is

Jane Blonde

quick addy....

one thing that ZB Block does is block connections coming in from AWS as it's not an ISP but it nearly always has an Irish IP...I guess that sums up this post nicely