Monkey Raptor

Friday, February 6, 2015

Security: Checking Your IP

Did you ever get the CloudFlare captcha whenever you visit some sites from search engine results? (or just directly from bookmark)
That's because the front-wall detected your IP (internet protocol) number as "bad".

How did they know that?
The SPAM has always been a major concern on the internet. That's why DNS-based Blackhole List (DNSBL) exists. The "blackhole list" can be referred as blacklist or blocklist.
It is also called Real-time Blackhole List (RBL).
There are many different databases you can find on the internet. They are regularly updated. Most of them are free with some usage policy.

How does it work? (the detection)
In general, any web server can detect the incoming internet user's IP address. That's by default.
Then, the server compares the current user IP with the DNSBL (provided by 3rd party service) database. If it matches the current database, then the "refusing" sequence will be activated. Usually, in a form of solving captcha.
But many others use captcha or solving-something as their default front-page before the visitor can see the actual content. That's useful for managing outgoing server bandwidth quota.
As for CloudFlare (or other CDN/DNS) system, the web owners don't have to put additional configuration in their servers. The service will cache the pages in their cloud, then serves any of cached pages to visitor, equipped with the IP blacklist matching.
It's an automated system.

How does the DNSBL database get updated?
DNSBL is a software mechanism. So a particular database gets the updates from around the globe from different areas from a lot of machines. For instance, in Apache server software, there's the SpamAssassin.

If you're interested about this subject, you can read the basic on dear Wikipedia
Then maybe, like, joining forum(s) and such.

How to find out if my IP address is "good" or "bad"?
There are plenty of services on the internet you can find. They're free.
You can search on Bing or Google or others with the query ip blacklist check or something similar.
To start with:
  • Lookup any IP/Domain on BarracudaCentral
  • Lookup your own IP at
Why the F my IP address is included in the blacklist?
I'm not a binary hobbyist, just surfing the internet!
Well, that can have either of these answers:
  • The first, your computer/mobile device has "trojan".
    That's an application which usually comes with lots of malicious activities. You can find it on any super funky site. Usually, sites which offer free download of things we're looking for. Which actually, they didn't provide the file at all. Instead, they'll give us gnarly app, for free.
    But I must say, they must have great amount of experience in SEO (search engine optimization).
    And of course, the unorthodox skills for creating "zombie" apps.
    I mean the amount of time spent to tinker such advanced...

    Cleaning computer virus can be done by manual method, if you "understand" the operating system, or, the easy way, using an antivirus. There are many varieties too on the internet you can find.
    If it's badly infected, like, all drive is "conquered", and you have no time to figure it out, or simply don't wanna, you need to consult that to an expert so that you can still save your data.

    "Trojan" (or any other term) is usually developed for Windows based computer. Because, well, Windows.
    It can have different purpose for each created specimen. It can be built to sniff around and send your private data (which is stored in your machine) to some other place(s), or "just" destroying or locking your data access/or even the data itself, or using your current machine as the main-program outlet SPAM relay, or others.

    That's why Macintosh and/or Linux genre are virus-free, sort of.
  • The second, you may find your machine is super clean, but still, whenever connected to the internet, most sites would refuse your visit.
    It's like this, your IP was automatically (dynamically) assigned to you from your ISP (Internet Service Provider), especially for mobile device internet connection. My guess, previously, the same IP number was doing weird things. Either directly by a person or indirectly "hijack"-ed from other something.
    That can be solved by:
    1. Switching the IP number to a "clean" one, but it will take forever. Your ISP has their own system for managing the IP number range assignment.
      That usually happens on "cheap" service. The "cheap" meaning here is different from one region to the other. Because it's "cheap", "everybody" has access. Sometimes, as innocent user, we get the unwanted impact.

      You can also switch to another provider (ISP) or the same ISP with different internet connection package. Which provides static IP option. Therefore, lowering the chance of getting the "infected" connection. Because the current IP address (static) is assigned only to you.
    2. The other way is using premium VPN (Virtual Private Network).
  • The last is the combination of both above. Your machine and your network are "funky". Not that groovay, just "funky".

That's about it
So in conclusion, stay awesome.
Security: Checking Your IP

No comments

Post a Comment

Tell me what you think...