[VoiceOps] Web Attacker Blacklist

Jay Hennigan jay at west.net
Tue Oct 22 17:29:27 EDT 2013

On 10/22/13 6:57 AM, J. Oquendo wrote:
> Going to cross post this to the list (I know some of us
> criss-cross lists). Reasoning, a lot of IP PBXs have
> web based interfaces, and some need to be on the public
> Internet.
> Cobbled together a script to scrape my logs, parse out web
> based attackers (SQLi, XSS, CSRF, etc) and compile said list
> for blacklisting. Script is pulling from 6 different web
> servers for now. I may add more later depending on whether
> or not I see a lot of usage.
> http://www.infiltrated.net/webattackers.txt

Thanks.  I personally would like to see it as solely raw IP addresses
rather than a mix of IPs and PTRs.  The PTRs may not match forward DNS,
particularly if a bad guy has control of rDNS.

Jay Hennigan - CCIE #7880 - Network Engineering - jay at impulse.net
Impulse Internet Service  -  http://www.impulse.net/
Your local telephone and internet company - 805 884-6323 - WB6RDV

More information about the VoiceOps mailing list