IP Address Blocking, Securing From Spy and Spam (1370 total words in this text) (640 reads) Printer friendly version of IP Address Blocking, Securing From Spy and Spam. Internet Sharing Part V of V 3.2.5.1 Daftar alamat IP popup Berikut ini daftar ip popup dan advertising banner, spy, spammer dll yang selain menyebalkan juga kadang berbahaya. cat.: ganti kata "BLOK" dengan: "block return-rst in log first quick proto tcp from any to", juga nomor group disesuaikan dengan konfigurasi yang berlaku. #HTTP block template #Hall Of Fames - top of xxxs!- BLOK 64.38.238.0/18 group 42000 #popups.ini BLOK 64.38.223.51/24 group 42000 #!!!trafficcashgold.com BLOK 64.38.226.6/24 group 42000 #maxcash.cavecreek.net BLOK 64.38.247.60/24 group 42000 #count1-old.paycounter.com[] BLOK 205.180.85.40/24 group 42000 #popups.ini TOP!!! media.fastclick.net BLOK 202.180.8.129/24 group 42000 #ns1.servercyber.com BLOK 207.68.178.251/24 group 42000 #ads.msn.com BLOK 207.68.185.58/24 group 42000 #autosearch.msn.com BLOK 207.68.171.254/24 group 42000 #adobe-spy BLOK 207.68.172.253/24 group 42000 #adobe-spy BLOK 207.68.173.254/22 group 42000 #adobe-spy BLOK 209.225.0.6/24 group 42000 #servedby.advertising.com BLOK 209.225.4.72/24 group 42000 #advertising.com #telkom!dont-block: BLOK 203.130.252.36/24 group 42000 #mencurigakan sih #dangerous! BLOK 66.28.38.3/24 group 42000 # BLOK 209.50.252.100/24 group 42000 #4bigcash.com BLOK 209.5.187.10/24 group 42000 #freepopups.com #BLOK 209.5.187.16/24 group 42000 #adpowerzone.com #BLOK 213.249.1.67/24 group 42000 #d67.kif2.nas.panafonet.gr #End dangerous #from popups.ini BLOK 12.42.235.3/24 group 42000 #popups.ini BLOK 63.210.28.24/24 group 42000 #popups.ini BLOK 64.152.107.1/24 group 42000 #popups.ini BLOK 64.208.105.2/24 group 42000 #popups.ini BLOK 64.40.36.14/24 group 42000 #popups.ini BLOK 66.33.26.185/24 group 42000 #popups.ini/porno BLOK 66.37.6.0/24 group 42000 #popups.ini BLOK 66.40.3.0/24 group 42000 #popups.ini BLOK 66.79.10.0/24 group 42000 #popups.ini BLOK 161.58.66.118/24 group 42000 #popups.ini BLOK 194.109.4.4/24 group 42000 #popups.ini BLOK 195.4.150.12/24 group 42000 #popups.ini BLOK 198.172.183.203/24 group 42000 #popups.ini BLOK 203.29.10.0/24 group 42000 #popups.ini BLOK 204.134.15.7/24 group 42000 #popups.ini BLOK 204.177.92.20/24 group 42000 #popups.ini #BLOK 204.245.22.2.0/24 group 42000 #popups.ini BLOK 204.245.22.2/24 group 42000 #popups.ini BLOK 206.132.234.0/24 group 42000 #popups.ini BLOK 206.246.141.150/24 group 42000 #popups.ini BLOK 206.246.226.1/24 group 42000 #popups.ini BLOK 207.174.206.6/24 group 42000 #popups.ini BLOK 207.198.93.0/24 group 42000 #popups.ini BLOK 207.246.141.15/24 group 42000 #popups.ini BLOK 208.195.150.20/24 group 42000 #popups.ini BLOK 208.224.235.22/24 group 42000 #popups.ini BLOK 208.232.0.22/24 group 42000 #popups.ini BLOK 208.31.163.7/24 group 42000 #popups.ini BLOK 209.132.192.1/24 group 42000 #popups.ini BLOK 209.132.206.1/24 group 42000 #popups.ini BLOK 209.25.173.4/24 group 42000 #popups.ini/freeporn BLOK 216.35.185.22/24 group 42000 #popups.ini BLOK 216.46.11.4/24 group 42000 #popups.ini BLOK 216.65.30.228/24 group 42000 #popups.ini BLOK 216.74.151.150/24 group 42000 #popups.ini BLOK 216.95.228.15/24 group 42000 #popups.ini #end-from popups.ini #new compilation #BLOK 66.206.15.201/24 group 42000 #indo-porn, gapapa-lah BLOK 63.167.204.56/24 group 42000 #7adpower.com BLOK 63.146.168.253/24 group 42000 #porn-unknown! BLOK 207.246.136.134/24 group 42000 #cbird14.sextracker.com BLOK 66.28.153.36/24 group 42000 #porn-spy! BLOK 157.238.205.195/24 group 42000 #porn-spy! BLOK 216.136.232.177/24 group 42000 #ads1.vip.sc5.yahoo.com BLOK 216.219.254.38/24 group 42000 #rune.valueweb.net BLOK 64.14.241.58/24 group 42000 #exitblaze.com BLOK 128.11.42.61/24 group 42000 #burstnet.com #dont-block-yahoo: BLOK 66.218.71.80/24 group 42000 #w1.scd.yahoo.com #end-new compilation #old compilation BLOK 12.90.179.10/16 group 42000 BLOK 24.26.191.220/16 group 42000 BLOK 63.125.211.99/24 group 42000 #what xxx is it? BLOK 63.215.149.25/24 group 42000 #porno BLOK 64.04.30.24/24 group 42000 #HOTMAIL BLOK 64.12.163.130/16 group 42000 #aol.com BLOK 64.152.192.116/24 group 42000 #TOPCITY BLOK 64.65.57.154/16 group 42000 # BLOK 64.94.89.142/16 group 42000 #gator BLOK 65.217.174.107 group 42000 #mencurigakan BLOK 66.150.173.226/24 group 42000 #porno BLOK 66.157.197.109/16 group 42000 BLOK 66.197.135.111 group 42000#UNKNOWN! BLOK 66.51.104.55/24 group 42000 # BLOK 66.70.10.16/24 group 42000 #riva apaan nih? BLOK 68.50.195.104/16 group 42000 BLOK 152.163.226.25/16 group 42000 # BLOK 170.140.95.99/16 group 42000 # BLOK 192.150.10.120/16 group 42000 #adobe spyier!!! BLOK 192.150.14.120/24 group 42000 #adobe spyier BLOK 194.72.108.35/24 group 42000 #riva BLOK 195.146.99.147/16 group 42000 #dns.adulthostmaster.net BLOK 199.95.207.26/24 group 42000 #ns1.doubleclick.net BLOK 199.95.208.26/24 group 42000 #ns2.doubleclick.net BLOK 199.95.206.210/16 group 42000 #fat xxx!!! doubleclick.net BLOK 202.47.69.71/24 group 42000 #tataukapaannih BLOK 203.90.79.69/24 group 42000 BLOK 204.253.104.110/24 group 42000 #koko gd3.doubleclick.net #BLOK 204.253.104.95/24 group 42000 #YAP (yet another popups) BLOK 204.253.104.30/16 group 42000 #fat xxx! ad.us.doubleclick.net BLOK 205.180.85.40 group 42000 BLOK 205.180.85.40/16 group 42000 # FAT-xxx!!! FASTCLICK.NET #dont-block-XSetup: BLOK 205.188.134.248 group 42000 #X-Setup and other members.aol.com BLOK 205.188.165.121/24 group 42000 #ads.web.aol.com BLOK 205.188.7.241/16 group 42000 # BLOK 206.155.45.0/16 group 42000 #backroads.net BLOK 206.65.183.140/16 group 42000 #ad.doubleclick.net BLOK 207.188.7.125/24 group 42000 #REAL.COM BLOK 207.46.197.108/24 group 42000 #microsoft or yahoo xxx! BLOK 208.146.45.36/24 group 42000 #VirtualAVE.NET BLOK 208.184.172.196/16 group 42000 # BLOK 209.67.38.81/16 group 42000 #NS.DOUBLECLICK.NET BLOK 212.162.7.4/24 group 42000 # BLOK 212.38.217.129/16 group 42000 #123allweb.com - porn BLOK 213.47.8.121/16 group 42000 BLOK 216.115.102.75/24 group 42000 #yahoo ads BLOK 216.115.106.215/32 group 42000 #microsoft or yahoo ads BLOK 216.136.173.10/24 group 42000 #pop.vip.sc5.yahoo.com BLOK 216.176.200.21/24 group 42000 #escorcher.com BLOK 216.218.220.42/24 group 42000 #servergold.com - porn #beware! Namezeroes are always peeking our nbns port! BLOK 216.34.13.245 port != 80 group 42000 #end-old-compilation 3.2.5.2 Daftar alamat IP berbahaya Berikut ini daftar alamat IP berbahaya karena menyebarkan virus nimda atau code-red pada saat tulisan ini dibuat. penggunaannya dalam ipf.rules misalnya: block return-rst in log first quick on rl1 proto tcp from 202.10.35.227 to any Group 23456 #Nimda 202.10.35.227 202.104.117.163 202.107.57.181 202.108.225.5 202.111.185.3 202.128.131.70 202.130.1.28 202.141.136.226 202.147.195.9 202.153.105.20 202.155.113.21 202.155.2.88 202.155.26.136 202.155.29.18 202.155.29.28 202.155.29.3 202.155.29.30 202.155.34.212 202.155.34.218 202.155.40.48 202.155.44.146 202.155.54.132 202.155.56.199 202.155.68.32 202.155.77.125 202.155.82.93 202.155.84.182 202.155.87.142 202.155.89.138 202.155.89.202 202.155.89.228 202.155.89.253 202.155.95.190 202.164.168.66 202.188.234.228 202.207.77.8 202.29.50.111 202.39.142.152 202.4.253.239 202.53.227.251 202.56.230.130 202.57.64.178 202.63.215.99 202.64.169.250 202.67.209.197 202.70.71.11 202.75.157.39 202.81.243.238 202.99.11.43 202.99.253.194 210.14.218.144 4.Lain-lain Dalam bagian ini diasumsikan bahwa kita akan menginstal program dari source kodenya, yang diekstrak ke direktori /usr/local/src, mis.: tar -xpvzf apache.tgz -C /usr/local/src. bagian version number, jika ada, sebaiknya dihilangkan, mis.: mv apache-1.1.23pl8 apache 4.1. Squid ./configure --enable-ipf-transparent #parameter lain yang perlu: --prefix=/usr/local --bindir=${prefix}/sbin --libexecdir=${prefix}/libexec --sysconfdir=${prefix}/etc/squid #parameter lain yang mungkin perlu: --enable-storeio="ufs diskd null" --enable-removal-policies="lru heap" #parameter tambahan: --localstatedir=${prefix}/squid --host=i686 --disable-ident-lookups --disable-wccp --enable-kill-parent-hack --enable-time-hack --with-pthreads make all; make install Dengan parameter diatas kita akan memperoleh konfigurasi squid yang mirip seperti jika kita menginstalnya melalui package. Kemudian file logs dan cache di direktori /usr/local/etc/squid di chown nobody:nogroup (atau sesuai dengan usernya jika telah dibuat user untuk squid, seperti user mysql dibawah). Setelah itu kita buat intial cache directory dengan menjalankan: squid -z. Default cache size adalah 100MB. 4.2. Konfigurasi MySQL, PHP dan Apache 4.2.1. MySQL ./configure --localstatedir=/var/db/mysql --with-unix-socket-path=/var/run/mysql.ssock --host=i686 --enable-assembler --with-libwrap --with-berkeley-db --with-named-z-lib --with-mysqld-ldflags=-all-static --with-client-ldflags=-all-static --without-debug --without-bench --without-docs --without-readline make; make install Tambahkan user mysql dengan ID misalkan = 3036 pw add group mysql -g 3036 pw add user mysql -u mysql -g mysql -wno -s /sbin/nologint -d /var/db/mysql -c "MySQL" Direktori localstatedir (/var/db/mysql) diatas, harus read/writeable by user mysql: chown -R /var/db/mysql mysql:mysql 4.2.2. PHP Sebelumnya kita harus cd ke source apache dulu: cd /usr/local/src/apache, lalu jalankan ./configure (plain). Kemudian baru cd ke source php: cd /usr/local/src/php dan mengkonfigurasi php sesuai preferensi kita. ./configure --build=i686 --prefix=/usr/local --with-mysql=/usr/local --with-apache=../apache --with-pcre-regex=/usr/local --with-mcrypt --with-zlib --with-ftp --enable-track-vars --enable-ctype make; make install 4.2.2. Apache ./configure --enable-module=most --enable-shared=max --server-uid=www --server-gid=www --activate-module=src/modules/php4/libphhp4.a make; make install 5. Penutup Sesuai dengan tujuan utama tulisan ini, beberapa sub-sistem mungkin hanya sedikit atau sama sekali tidak dibahas, bagian-bagian tersebut dianggap sesuai dengan instalasi default. Terakhir, penulis dengan senang hati akan menerima kritik dan saran dari pembaca semua, semoga ada manfaatnya. aa, aa@formasi.com