Message Board

http:BL Use/Development

Older Posts ]   [ Newer Posts ]
 Building A Web-Based Neighborhood Watch
Author: M.Prince   (30 Apr 07 4:55pm)
Check out this article from the Washington Post:

http://blog.washingtonpost.com/securityfix/2007/04/building_a_webbased_neighborho_1.html

This shows one of the potential benefits of http:BL. While it is tempting to simply bad all IPs that show up on the http:BL list, remember that some of them are computers that have been turned into zombies by viruses or trojans. If those of you implementing http:BL can include information on how human users of these IPs can clean their machines, we can provide notice to a lot of unknown zombies out there.

What we have done with the Apache module, and what we recommend for all robust implementations of http:BL, is that a website administrator be given a tool whereby they can designate IPs that appear but have not crossed a certain threat score threshold be given a challenge. If the human user passes the challenge, we white list them for the session and allow them to access the site.

But -- and here's the cool part -- this is an opportunity to educate a user whose machine may have been zombied. Tell them they appear on the http:BL list. Tell them a potential cause is that their machine has a virus or trojan. Point them to the resources to clean up their computer. If a significant number of sites implement http:BL in this way, as the article suggests, we can go a long way to controlling the zombie problem.
 
 Re: Building A Web-Based Neighborhood Watch
Author: S.Enbom   (1 May 07 5:43am)
Maybe P.H.P could use some of it's expertise and add to the http:BL documentation some recommended information+links+tools that CMS module makers/http:BL users can use in their modules on their "access denied page" on what has happened, and how human users of these IPs can clean their machines. Or perhaps this could be a new page on the site where one should link to.
 
 Re: Building A Web-Based Neighborhood Watch
Author: M.Janssen   (1 May 07 12:25pm)
I have the suggestion of creating a dedicated page on this website where we can link to that provides all information about how to fix the blacklist problem (it could be made dynamic, getting information from the available P.H.P. data for the IP address). Reinventing the wheel with every CMS module is a waste of time.
 
 Re: Building A Web-Based Neighborhood Watch
Author: M.Prince   (1 May 07 12:46pm)
Good idea. We'll work on that. I'll post here when it's up.



do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us

Copyright © 2004–17, Unspam Technologies, Inc. All rights reserved.

contact | wiki | email