IP Address Blocking, Securing From Spy and Spam
(1370 total words in this text) (640 reads)
Printer friendly version of IP Address Blocking, Securing From Spy and Spam.
Internet Sharing
Part V of V
3.2.5.1 Daftar alamat IP popup
Berikut ini daftar ip popup dan advertising banner, spy, spammer dll yang selain menyebalkan juga kadang berbahaya.
cat.: ganti kata "BLOK" dengan: "block return-rst in log first quick proto tcp from any to", juga nomor group disesuaikan dengan konfigurasi yang berlaku.
#HTTP block template
#Hall Of Fames - top of xxxs!-
BLOK 64.38.238.0/18 group 42000 #popups.ini
BLOK 64.38.223.51/24 group 42000 #!!!trafficcashgold.com
BLOK 64.38.226.6/24 group 42000 #maxcash.cavecreek.net
BLOK 64.38.247.60/24 group 42000 #count1-old.paycounter.com[]
BLOK 205.180.85.40/24 group 42000 #popups.ini TOP!!! media.fastclick.net
BLOK 202.180.8.129/24 group 42000 #ns1.servercyber.com
BLOK 207.68.178.251/24 group 42000 #ads.msn.com
BLOK 207.68.185.58/24 group 42000 #autosearch.msn.com
BLOK 207.68.171.254/24 group 42000 #adobe-spy
BLOK 207.68.172.253/24 group 42000 #adobe-spy
BLOK 207.68.173.254/22 group 42000 #adobe-spy
BLOK 209.225.0.6/24 group 42000 #servedby.advertising.com
BLOK 209.225.4.72/24 group 42000 #advertising.com
#telkom!dont-block: BLOK 203.130.252.36/24 group 42000 #mencurigakan sih
#dangerous!
BLOK 66.28.38.3/24 group 42000 #
BLOK 209.50.252.100/24 group 42000 #4bigcash.com
BLOK 209.5.187.10/24 group 42000 #freepopups.com
#BLOK 209.5.187.16/24 group 42000 #adpowerzone.com
#BLOK 213.249.1.67/24 group 42000 #d67.kif2.nas.panafonet.gr
#End dangerous
#from popups.ini
BLOK 12.42.235.3/24 group 42000 #popups.ini
BLOK 63.210.28.24/24 group 42000 #popups.ini
BLOK 64.152.107.1/24 group 42000 #popups.ini
BLOK 64.208.105.2/24 group 42000 #popups.ini
BLOK 64.40.36.14/24 group 42000 #popups.ini
BLOK 66.33.26.185/24 group 42000 #popups.ini/porno
BLOK 66.37.6.0/24 group 42000 #popups.ini
BLOK 66.40.3.0/24 group 42000 #popups.ini
BLOK 66.79.10.0/24 group 42000 #popups.ini
BLOK 161.58.66.118/24 group 42000 #popups.ini
BLOK 194.109.4.4/24 group 42000 #popups.ini
BLOK 195.4.150.12/24 group 42000 #popups.ini
BLOK 198.172.183.203/24 group 42000 #popups.ini
BLOK 203.29.10.0/24 group 42000 #popups.ini
BLOK 204.134.15.7/24 group 42000 #popups.ini
BLOK 204.177.92.20/24 group 42000 #popups.ini
#BLOK 204.245.22.2.0/24 group 42000 #popups.ini
BLOK 204.245.22.2/24 group 42000 #popups.ini
BLOK 206.132.234.0/24 group 42000 #popups.ini
BLOK 206.246.141.150/24 group 42000 #popups.ini
BLOK 206.246.226.1/24 group 42000 #popups.ini
BLOK 207.174.206.6/24 group 42000 #popups.ini
BLOK 207.198.93.0/24 group 42000 #popups.ini
BLOK 207.246.141.15/24 group 42000 #popups.ini
BLOK 208.195.150.20/24 group 42000 #popups.ini
BLOK 208.224.235.22/24 group 42000 #popups.ini
BLOK 208.232.0.22/24 group 42000 #popups.ini
BLOK 208.31.163.7/24 group 42000 #popups.ini
BLOK 209.132.192.1/24 group 42000 #popups.ini
BLOK 209.132.206.1/24 group 42000 #popups.ini
BLOK 209.25.173.4/24 group 42000 #popups.ini/freeporn
BLOK 216.35.185.22/24 group 42000 #popups.ini
BLOK 216.46.11.4/24 group 42000 #popups.ini
BLOK 216.65.30.228/24 group 42000 #popups.ini
BLOK 216.74.151.150/24 group 42000 #popups.ini
BLOK 216.95.228.15/24 group 42000 #popups.ini
#end-from popups.ini
#new compilation
#BLOK 66.206.15.201/24 group 42000 #indo-porn, gapapa-lah
BLOK 63.167.204.56/24 group 42000 #7adpower.com
BLOK 63.146.168.253/24 group 42000 #porn-unknown!
BLOK 207.246.136.134/24 group 42000 #cbird14.sextracker.com
BLOK 66.28.153.36/24 group 42000 #porn-spy!
BLOK 157.238.205.195/24 group 42000 #porn-spy!
BLOK 216.136.232.177/24 group 42000 #ads1.vip.sc5.yahoo.com
BLOK 216.219.254.38/24 group 42000 #rune.valueweb.net
BLOK 64.14.241.58/24 group 42000 #exitblaze.com
BLOK 128.11.42.61/24 group 42000 #burstnet.com
#dont-block-yahoo: BLOK 66.218.71.80/24 group 42000 #w1.scd.yahoo.com
#end-new compilation
#old compilation
BLOK 12.90.179.10/16 group 42000
BLOK 24.26.191.220/16 group 42000
BLOK 63.125.211.99/24 group 42000 #what xxx is it?
BLOK 63.215.149.25/24 group 42000 #porno
BLOK 64.04.30.24/24 group 42000 #HOTMAIL
BLOK 64.12.163.130/16 group 42000 #aol.com
BLOK 64.152.192.116/24 group 42000 #TOPCITY
BLOK 64.65.57.154/16 group 42000 #
BLOK 64.94.89.142/16 group 42000 #gator
BLOK 65.217.174.107 group 42000 #mencurigakan
BLOK 66.150.173.226/24 group 42000 #porno
BLOK 66.157.197.109/16 group 42000
BLOK 66.197.135.111 group 42000#UNKNOWN!
BLOK 66.51.104.55/24 group 42000 #
BLOK 66.70.10.16/24 group 42000 #riva apaan nih?
BLOK 68.50.195.104/16 group 42000
BLOK 152.163.226.25/16 group 42000 #
BLOK 170.140.95.99/16 group 42000 #
BLOK 192.150.10.120/16 group 42000 #adobe spyier!!!
BLOK 192.150.14.120/24 group 42000 #adobe spyier
BLOK 194.72.108.35/24 group 42000 #riva
BLOK 195.146.99.147/16 group 42000 #dns.adulthostmaster.net
BLOK 199.95.207.26/24 group 42000 #ns1.doubleclick.net
BLOK 199.95.208.26/24 group 42000 #ns2.doubleclick.net
BLOK 199.95.206.210/16 group 42000 #fat xxx!!! doubleclick.net
BLOK 202.47.69.71/24 group 42000 #tataukapaannih
BLOK 203.90.79.69/24 group 42000
BLOK 204.253.104.110/24 group 42000 #koko gd3.doubleclick.net
#BLOK 204.253.104.95/24 group 42000 #YAP (yet another popups)
BLOK 204.253.104.30/16 group 42000 #fat xxx! ad.us.doubleclick.net
BLOK 205.180.85.40 group 42000
BLOK 205.180.85.40/16 group 42000 # FAT-xxx!!! FASTCLICK.NET
#dont-block-XSetup: BLOK 205.188.134.248 group 42000 #X-Setup and other members.aol.com
BLOK 205.188.165.121/24 group 42000 #ads.web.aol.com
BLOK 205.188.7.241/16 group 42000 #
BLOK 206.155.45.0/16 group 42000 #backroads.net
BLOK 206.65.183.140/16 group 42000 #ad.doubleclick.net
BLOK 207.188.7.125/24 group 42000 #REAL.COM
BLOK 207.46.197.108/24 group 42000 #microsoft or yahoo xxx!
BLOK 208.146.45.36/24 group 42000 #VirtualAVE.NET
BLOK 208.184.172.196/16 group 42000 #
BLOK 209.67.38.81/16 group 42000 #NS.DOUBLECLICK.NET
BLOK 212.162.7.4/24 group 42000 #
BLOK 212.38.217.129/16 group 42000 #123allweb.com - porn
BLOK 213.47.8.121/16 group 42000
BLOK 216.115.102.75/24 group 42000 #yahoo ads
BLOK 216.115.106.215/32 group 42000 #microsoft or yahoo ads
BLOK 216.136.173.10/24 group 42000 #pop.vip.sc5.yahoo.com
BLOK 216.176.200.21/24 group 42000 #escorcher.com
BLOK 216.218.220.42/24 group 42000 #servergold.com - porn
#beware! Namezeroes are always peeking our nbns port!
BLOK 216.34.13.245 port != 80 group 42000
#end-old-compilation
3.2.5.2 Daftar alamat IP berbahaya
Berikut ini daftar alamat IP berbahaya karena menyebarkan virus nimda atau code-red pada saat tulisan ini dibuat.
penggunaannya dalam ipf.rules misalnya:
block return-rst in log first quick on rl1 proto tcp from 202.10.35.227 to any Group 23456 #Nimda
202.10.35.227
202.104.117.163
202.107.57.181
202.108.225.5
202.111.185.3
202.128.131.70
202.130.1.28
202.141.136.226
202.147.195.9
202.153.105.20
202.155.113.21
202.155.2.88
202.155.26.136
202.155.29.18
202.155.29.28
202.155.29.3
202.155.29.30
202.155.34.212
202.155.34.218
202.155.40.48
202.155.44.146
202.155.54.132
202.155.56.199
202.155.68.32
202.155.77.125
202.155.82.93
202.155.84.182
202.155.87.142
202.155.89.138
202.155.89.202
202.155.89.228
202.155.89.253
202.155.95.190
202.164.168.66
202.188.234.228
202.207.77.8
202.29.50.111
202.39.142.152
202.4.253.239
202.53.227.251
202.56.230.130
202.57.64.178
202.63.215.99
202.64.169.250
202.67.209.197
202.70.71.11
202.75.157.39
202.81.243.238
202.99.11.43
202.99.253.194
210.14.218.144
4.Lain-lain
Dalam bagian ini diasumsikan bahwa kita akan menginstal program dari source kodenya, yang diekstrak ke direktori /usr/local/src, mis.: tar -xpvzf apache.tgz -C /usr/local/src.
bagian version number, jika ada, sebaiknya dihilangkan, mis.: mv apache-1.1.23pl8 apache
4.1. Squid
./configure --enable-ipf-transparent
#parameter lain yang perlu:
--prefix=/usr/local
--bindir=${prefix}/sbin
--libexecdir=${prefix}/libexec
--sysconfdir=${prefix}/etc/squid
#parameter lain yang mungkin perlu:
--enable-storeio="ufs diskd null"
--enable-removal-policies="lru heap"
#parameter tambahan:
--localstatedir=${prefix}/squid
--host=i686
--disable-ident-lookups
--disable-wccp
--enable-kill-parent-hack
--enable-time-hack
--with-pthreads
make all; make install
Dengan parameter diatas kita akan memperoleh konfigurasi squid yang mirip seperti jika kita menginstalnya melalui package.
Kemudian file logs dan cache di direktori /usr/local/etc/squid di chown nobody:nogroup (atau sesuai dengan usernya jika telah dibuat user untuk squid, seperti user mysql dibawah).
Setelah itu kita buat intial cache directory dengan menjalankan: squid -z. Default cache size adalah 100MB.
4.2. Konfigurasi MySQL, PHP dan Apache
4.2.1. MySQL
./configure
--localstatedir=/var/db/mysql
--with-unix-socket-path=/var/run/mysql.ssock
--host=i686
--enable-assembler
--with-libwrap
--with-berkeley-db
--with-named-z-lib
--with-mysqld-ldflags=-all-static
--with-client-ldflags=-all-static
--without-debug
--without-bench
--without-docs
--without-readline
make; make install
Tambahkan user mysql dengan ID misalkan = 3036
pw add group mysql -g 3036
pw add user mysql -u mysql -g mysql -wno -s /sbin/nologint -d /var/db/mysql -c "MySQL"
Direktori localstatedir (/var/db/mysql) diatas, harus read/writeable by user mysql:
chown -R /var/db/mysql mysql:mysql
4.2.2. PHP
Sebelumnya kita harus cd ke source apache dulu: cd /usr/local/src/apache, lalu jalankan ./configure (plain).
Kemudian baru cd ke source php: cd /usr/local/src/php dan mengkonfigurasi php sesuai preferensi kita.
./configure
--build=i686
--prefix=/usr/local
--with-mysql=/usr/local
--with-apache=../apache
--with-pcre-regex=/usr/local
--with-mcrypt
--with-zlib
--with-ftp
--enable-track-vars
--enable-ctype
make; make install
4.2.2. Apache
./configure
--enable-module=most
--enable-shared=max
--server-uid=www
--server-gid=www
--activate-module=src/modules/php4/libphhp4.a
make; make install
5. Penutup
Sesuai dengan tujuan utama tulisan ini, beberapa sub-sistem mungkin hanya sedikit atau sama sekali tidak dibahas, bagian-bagian tersebut dianggap sesuai dengan instalasi default.
Terakhir, penulis dengan senang hati akan menerima kritik dan saran dari pembaca semua, semoga ada manfaatnya.
aa, aa@formasi.com
               (
geocities.com/hackermuda)