Introducing IPset-Assassin

Completed installation
completed installation

I recently wrote a nice little program to setup and maintain your firewall on Ubuntu GNU/Linux 14.04. This will install a cron job to run daily and pull lists from multiple sites to block malicious IP addresses. Adding around ~40,000 or more individual IP addresses as well as the top 20 malicious IP blocks per day, all voluntarily and freely contributed. All of the malicious individual addresses are managed with ipset, while the IP blocks are managed with IPTables. This leads to a very efficient way of managing the tables easily and automatically. This optionally allows you to enable or disable Tor Exit node connections. I have also created an optional weekly cron job that will block whatever countries you may wish. I hand typed all 233 countries codes into a dialog menu. I added a new iptables-persistent from another Github repository which also works with ipsets to keep it persistent upon reboot for both iptables.

Screenshot_2016-07-03_04-44-54
When installing it may get stuck here for a minute or two that’s fine. It’s setting a lot rules up

The lists that are regularly installed:

Project Honey Pot Directory of Dictionary Attacker IPs
TOR Exit Nodes this will block all access to Tor*
BruteForceBlocker
Spamhaus
C.I. Army
OpenBL.org
Autoshun
Blocklist.de
Malware Domain List
ZeusTracker
Malc0de IP blacklist
MaxMind GeoIP Anonymous Proxies
StopForumSpam
GreenSnow

 

*Tor exit node blocking is optional
*Tor exit node blocking is optional

It’s simple enough to install. Simply run the script as root and select if you want to block Tor exit nodes or if you want to block any countries. If there are any issues or suggestions please let me know on GitHub. I want to eventually make this also capable of running on CentOS for my PhonePBX.

https://github.com/ChiefGyk/ipset-assassin

Tested on Ubuntu 14.04 servers, and Xubuntu 14.04 running server applications. Test it on your own machine as well if you like

233 Countries to block if you choose to.
233 Countries to block if you choose to.

How to make “WHOIS” work with new TLD’s e.g. *.xyz, *.online

So I have been building a lot of servers and generally I like to segment them to different domains but whois by default only will work with *.com, *.info, *.net you know the usual TLD’s you think of. But now there are so many new ones I like to scoop up I still want to test my server settings with whois. Well have no fear on my Xubuntu 14.04LTS I use everyday simply create the file “whois.conf” in the /etc/ folder. So use your favorite text editor and paste this file in to get any new TLD resolved.
Open Nano (or whatever text editor you prefer)
sudo nano /etc/whois.conf

Once inside your text editor paste this list (list is very long so I added a read more section you will need to open to see the entire list)

#
# WHOIS servers for new TLDs (http://www.iana.org/domains/root/db)
# Current as of 2015-09-12
#

Continue reading “How to make “WHOIS” work with new TLD’s e.g. *.xyz, *.online”