IPSafer

[Ben]

Has anyone heard of or used http://ipsafer.com? It sounds interesting and is used by a lot of open source cms's. It basically restricts access to your site if a request is coming from a know attack ip.

[ramjet]

Their website reminds me of 1996... it just needs a few blinking banners and a marque scroller!
Bit dubious Ben, they state in not so many words "if you try to sell our service we'll add you to the ban list".

[ipsaferadm]

Hello to everyone, and good morning!

I am one of the IPSafer's webmaster, and first of all we would like to thank you for the attention shown to the site!

"if you try to sell our service we'll add you to the ban list".

We want to assure you: our mission is to provide a free service to all sites that can't afford it, not to ban web sites. Since we have a limited amount of computational resources, we are trying to share the resources between many websites. This is the main reason for the two restrictions to the basic contract.

Of course, we could think of a "reuse" of collected IP data (caching?) but without selling it, since we are against the resold of a free service.

Anyway, we are proud to announce that we just added support for TYPOlight 2.8.0!

All patches are downloadable from this url:
http://ipsafer.com/example#integrations

Thank you for your attention
and have a nice day!
IPsafer.com's staff

[FloB]

There are other services like Bot-Trap or Project Honeypot.

But bear in mind that an IP blocking using PHP will cost you some resources as the interpreter will run anyway.

[FloB]

Anyway, we are proud to announce that we just added support for TYPOlight 2.8.0!

You should try to provide a native TYPOlight extension which uses the TL framework instead of hacking core files – because those changes will be reverted on updates.

It's very easy to create an extension for your implementation which will work even after updating the system.

[ipsaferadm]

Hi FloB, thank you for your kind answer, and for annotations!

There are other services like Bot-Trap or Project Honeypot.

Although we think that more solutions is better than a single one, there are many differences between IPSafer and other existing services/software.

Bot-Trap works only for deep attacks direct to a single site. In other words, you need that the attacker will look around and deep inside your site before Bot-Trap begins to work. This is not the case of most of the automatic hacker/cracker's tools that are currently around the world, and IPSafer give you some protection against this kind of attacks.

Moreover, Project Honeypot is a bit demanding (someone could say "rigid") in order to use their http:BL service. First of all, you need to have an account and an access key in order to use http:BL, while IPSafer does not have any pre-requisite to use it. You can use it free without any kind of registration. Then, you must be an active participant in the same Project Honey Pot, installing a honey pot, donating an MX record, or referring people to the Project Honey Pot website: IPSafer has no need to install anything! You have just to patch your software (or to write the client on your own, if you like) to make the correct request to the server. Nothing more, nothing less.

But bear in mind that an IP blocking using PHP will cost you some resources as the interpreter will run anyway

Although the client is written in PHP, the server side has been optimized and PHP (or analogue script engine) is needed to run the actual CMS software around the world. So, if you add a request to check the client ip, it could be an acceptable price to spend if the result is to be protected against automatic attacks that use "weakness" or 0-day bugs.

You should try to provide a native TYPOlight extension which uses the TL framework instead of hacking core files – because those changes will be reverted on updates. It's very easy to create an extension for your implementation which will work even after updating the system.

Unfortunately, this is a free project and we have insufficient human resources to develop a TL extension, and we are trying to help many CMS' users/administrators to share this solution. However, we are ready to publish it on the IPSafer website with the correct credits, if you are so gentle to write down one. For this reason, we published a back link to this discussion in order to make other TL users to participate.

thank you again
and have a nice day! :D
IPSafer.com staff

[ramjet]

Hi ipsaferadm,
ops:

Sorry about being a bit flippant! (i quite like your websites look ... but a more "pro" image may help you in the long run)
I (we) appreciate your feedback here, and good on you for your explanations and effort in providing what you do.

I think however that you should lose those statements as they give the impression (to me anyway) of a potential vendetta service that its best to stay away from. Nobody would wish to use a service re attackers that includes IPs that AREN'T attackers I believe.

That said, good effort and a great idea. I should have trusted Bens original instincts, hes always sharing quite incredible stuff with us.

[FloB]

Bot-Trap works only for deep attacks direct to a single site. In other words, you need that the attacker will look around and deep inside your site before Bot-Trap begins to work. This is not the case of most of the automatic hacker/cracker's tools that are currently around the world, and IPSafer give you some protection against this kind of attacks.

As I worked with Bot-Trap, I can say that this is not true. Bot-Trap does have a different approach, yes, but it protects (technically) a site as good as IPSafer or even better (it also checks referrer and UserAgent). The difference is that BT has a local blacklist while IPSafe uses a remote bl.

I won't discuss any pros or cons of those techniques here.

Concerning hacking vs. native extension: I'm pretty sure an extension would have cost you about 5 minutes more work than the current implementation .

[ipsaferadm]

Hi ramjet and hi FloB, and good morning!

First of all thank you for your answers, their are very competent and interesting. Anyway, we think it is difficult to not discuss about technical issues, since we are all skilled people: so you don't mind if we will try to discuss about a couple of points!

it protects (technically) a site as good as IPSafer or even better (it also checks referrer and UserAgent).

Some time ago, a cracker discovered a weakness in Wordpress 2.8.2. Wordpress installation can be detected by exploring the homepage, and this could not be detected by Bot-Trap since User Agent was forged. The attack itself needed to call just two scripts inside the Wordpress standard tree, and again: those kind of accesses could not be detected by Bot-Trap since they are valid (Referer/User Agent falsified), and the cracker did not need to explore the entire site.

The difference is that BT has a local blacklist while IPSafe uses a remote bl.

This is a big discrepancy, but I think that it is not the most important. The most important difference is that each site share the same knowledge about attacks, regardless their relative importance, and they are protected from the first access. The "first access protection" cannot be obtained by Bot-Trap's approach.

Concerning hacking vs. native extension: I'm pretty sure an extension would have cost you about 5 minutes more work than the current implementation.

We think that the question is not about "hacking vs. native extension", since we agree with you: a TL extension is better than an hack. On the other hand, to elaborate an extension we need to install TYPOlight, to learn to use and extend it, to insert the hack inside the TL extension and to deploy it in a such way that you can easily install it without errors.

Those operations are simple for an experienced programmer, but we are lacking of skilled people!

This is the reason we suggest you to participate in developing.

I think however that you should lose those statements as they give the impression (to me anyway) of a potential vendetta service that its best to stay away from. Nobody would wish to use a service re attackers that includes IPs that AREN'T attackers I believe.

This was a very valid note and thank you for your feedback and explanations! :D We talked a lot after your reply: you are right, and we decide to change the limitations page, in order to exclude the "ban" in case of reselling.

That said, good effort and a great idea.

Thank you very much!! :D

have a nice day!
IPSafer.com staff

[FloB]

I don't want to discuss this here because this is a TYPOlight support forum.

@Admins: Please split this topic from the original one. You might even consider closing the thread. This discussion should be done in an IPSafer's forum (which I won't register in, FYI ).


Edit: And BTW, your example with WP and BT is techincally not correct either (it might be a blocking reference problem, i. e. the particular attacker IP wasn't blacklisted), and this has nothing to do with WP, either (it's just the attacked platform).

[ipsaferadm]

Hello to everyone, and good afternoon!

We are pleased to inform you that an updated integration for TYPOlight has been published on IPSafer site. This hack is valid for TYPOlight 2.8.1 and it has been developed in two versions: one to protect the site on every access and one to protect site at login step only. Note that hacks are mutually exclusive.

You can download the patches from here:
http://ipsafer.com/example#integrations
(TYPOlight 2.8.0 patches are still available to download)

have a nice day! :D
IPSafer's staff