How to Firewall Blacklist Mass of IPs

This section contains user-submitted tutorials.
Post Reply
wagi
New user
New user
Posts: 5
Joined: 2018-04-29 01:37

How to Firewall Blacklist Mass of IPs

Post by wagi » 2018-05-03 17:23

Hello. First of all, sorrry for my english ^^

I had some massive problems with unserios IPs want to connect (10k unique IPs per hour o.O)

So i tried to do it in the VBS script from hmailserver. Well this was not good :/ and it let all in once the list grows.

I moved to a Batch script then to block IPs from a blocklist like blocklist.de manually. Butt hell, waiting 1,5h for 10k IPs sucks :(

So I decided to programm some helpful programm.

You can add 20k IPs within seconds (2-5), thats the best thing about it :)
You can also turn on the automatic mode which updates the firewall from a online IP List every X minutes/hours.
You can also exclude some IP's so you don't ban some of your IPs which are on a List maybe(just for safety ^^)
Whats also nice, you can select the Protocols (TCP, UDP, ALL) and Directions (Inbound/Outbound) which makes it very fast. If you select for example TCP and INBOUND and clicking the DEL-Button then, you will only delete the rules based on your selections. The same with the automatic mode.

The automatic mode will delete all rules before it creates the new ones, so there are some seconds without any protection, but pretty rare somebody could instantly brute force so fast ^^
This programm does only changes/deletes/adds it's own Rules and it don't touches any of your existing rules.
You can add duplicates if you use the ADD-Button, so it's good to delete all rules before adding them or making your own unique test outside. It would slow down the process too much, so i am sorry for this. But the automatic mode just does delete them itself, so if you use a good blacklist URL, it will be fine.

To make it that fast, it makes new rules for every 5k IPs in your List.

so
20k List (IN) = 4 Rules
20k List (IN/OUT) = 8 Rules

Here you can see how the programm looks like (Don't worry about this IPs inside there, thats heavy Abusive IPs):
Image

Download: https://ip-blacklister.wagi-coding.com/ ... v1-2-7.zip
VirusTotal exe: https://www.virustotal.com/en/file/5953 ... /analysis/ 0 Detects
VirusTotal zip: https://www.virustotal.com/en/file/ae8e ... 525360168/ 0 Detects


If you need the source-code, you can just use ILSpy or similar. Or just contact me via PM
Enjoy it <3

If you have some Ideas, just write them here.

Maybe I'll add a function to automatically ban brute forcing IP's on your server and automatically report them to blacklist.de and abuseipdb and similar. I just need more input. But please no ideas which would slow down the rule creation.

Greez from Vienna

User avatar
Dravion
Senior user
Senior user
Posts: 1486
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: How to Firewall Blacklist Mass of IPs

Post by Dravion » 2018-05-03 21:15

Upload your Source code to Github and reference back to your Github Profile.

Luna Moon
New user
New user
Posts: 8
Joined: 2018-05-01 17:26
Location: Europe
Contact:

Re: How to Firewall Blacklist Mass of IPs

Post by Luna Moon » 2018-05-27 18:44

wagi wrote:
2018-05-03 17:23
10k unique IPs per hour
That's crazy!
Well, thank you for sharing your hard work, so we can use it as well!! :) I'm sure it will help some people here.
Greetings to Vienna ^^

bajlek
New user
New user
Posts: 23
Joined: 2017-05-02 20:54

Re: How to Firewall Blacklist Mass of IPs

Post by bajlek » 2018-06-07 08:52

Windows 7 x64

Informace o vyvolání ladění JIT najdete na konci této zprávy,
nikoli v tomto dialogovém okně.

Code: Select all

************** Text výjimky **************
System.Runtime.InteropServices.COMException (0x800706C6): Indexy pole nejsou v mezích. (Výjimka na základě hodnoty HRESULT: 0x800706C6)
   v NetFwTypeLib.INetFwRules.Add(INetFwRule rule)
   v WaGis_IP_Blacklister.MainForm.MakeRule(String str, Int32 protNumber, NET_FW_RULE_DIRECTION_ ruleDirection, String ruleName)
   v WaGis_IP_Blacklister.MainForm.btnADD_Click(Object sender, EventArgs e)
   v System.Windows.Forms.Control.OnClick(EventArgs e)
   v System.Windows.Forms.Button.OnClick(EventArgs e)
   v System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)
   v System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
   v System.Windows.Forms.Control.WndProc(Message& m)
   v System.Windows.Forms.ButtonBase.WndProc(Message& m)
   v System.Windows.Forms.Button.WndProc(Message& m)
   v System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
   v System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
   v System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)


************** Načtená sestavení **************
mscorlib
    Verze sestavení: 4.0.0.0
    Verze Win32: 4.7.2650.0 built by: NET471REL1LAST_B
    Základ kódu (CodeBase): file:///C:/Windows/Microsoft.NET/Framework/v4.0.30319/mscorlib.dll
----------------------------------------
WaGis IP-Blacklister
    Verze sestavení: 0.0.0.0
    Verze Win32: 1.2.8
    Základ kódu (CodeBase): file:///C:/Users/j.bilek.SAFEHOME/Desktop/WaGis%20IP-Blacklister.exe
----------------------------------------
System.Windows.Forms
    Verze sestavení: 4.0.0.0
    Verze Win32: 4.7.2634.0 built by: NET471REL1LAST_C
    Základ kódu (CodeBase): file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Windows.Forms/v4.0_4.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System
    Verze sestavení: 4.0.0.0
    Verze Win32: 4.7.2634.0 built by: NET471REL1LAST_C
    Základ kódu (CodeBase): file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
System.Drawing
    Verze sestavení: 4.0.0.0
    Verze Win32: 4.7.2634.0 built by: NET471REL1LAST_C
    Základ kódu (CodeBase): file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Drawing/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
System.Configuration
    Verze sestavení: 4.0.0.0
    Verze Win32: 4.7.2558.0 built by: NET471REL1
    Základ kódu (CodeBase): file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Configuration/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
----------------------------------------
System.Core
    Verze sestavení: 4.0.0.0
    Verze Win32: 4.7.2634.0 built by: NET471REL1LAST_C
    Základ kódu (CodeBase): file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Core/v4.0_4.0.0.0__b77a5c561934e089/System.Core.dll
----------------------------------------
System.Xml
    Verze sestavení: 4.0.0.0
    Verze Win32: 4.7.2634.0 built by: NET471REL1LAST_C
    Základ kódu (CodeBase): file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Xml/v4.0_4.0.0.0__b77a5c561934e089/System.Xml.dll
----------------------------------------
Microsoft.GeneratedCode
    Verze sestavení: 1.0.0.0
    Verze Win32: 4.7.2634.0 built by: NET471REL1LAST_C
    Základ kódu (CodeBase): file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Xml/v4.0_4.0.0.0__b77a5c561934e089/System.Xml.dll
----------------------------------------
mscorlib.resources
    Verze sestavení: 4.0.0.0
    Verze Win32: 4.7.2558.0 built by: NET471REL1
    Základ kódu (CodeBase): file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/mscorlib.resources/v4.0_4.0.0.0_cs_b77a5c561934e089/mscorlib.resources.dll
----------------------------------------
System.Windows.Forms.resources
    Verze sestavení: 4.0.0.0
    Verze Win32: 4.7.2558.0 built by: NET471REL1
    Základ kódu (CodeBase): file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Windows.Forms.resources/v4.0_4.0.0.0_cs_b77a5c561934e089/System.Windows.Forms.resources.dll
----------------------------------------

************** Ladění JIT **************
Aby bylo povoleno ladění JIT, musí konfigurační soubor
pro tuto aplikaci nebo počítač (machine.config) mít
v oddílu system.windows.forms nastavenou hodnotu njitDebugging.
Aplikace rovněž musí být kompilována s povoleným
laděním.
Příklad:

<configuration>
<system.windows.forms jitDebugging="true" />
</configuration>

Je-li ladění JIT povoleno, budou všechny neošetřené výjimky
odeslány ladicímu programu JIT, který je registrován v počítači,
a nebudou zpracovány tímto dialogovým oknem.

wagi
New user
New user
Posts: 5
Joined: 2018-04-29 01:37

Re: How to Firewall Blacklist Mass of IPs

Post by wagi » 2018-06-11 07:34

Update v1.2.9:

-| Fixed a bug where existing Blacklister-Rules don't get deleted and infinite populate the firewall rules
-| Fixed a bug where settings don't get saved
-| Fixed a bug where user was able to edit the IP-List while in Automatic-Mode
-| Fixed freeze after the REMOVE ALL progress
-| Fixed some visual glitches
-| Added a Support-Email in the Info-Tab (It's better to contact me there instead of this Forums. I can only support in English & German)

I can't edit my Top post anymore, so here are the systems we tested it on: Win 10 | Win Server 2012 R2 | Win Server 2016

User avatar
Dravion
Senior user
Senior user
Posts: 1486
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: How to Firewall Blacklist Mass of IPs

Post by Dravion » 2018-06-11 08:52

This is an OpenSource Project, licensed under AGPL. In the User-submitted tutorials Section, we try to exchange knowlege and wisdom so
any one can bennefit from it.

ps: Your file is classified as Maleware by Virustotal Bitdefender
See:
One engine detected this URL
URL https://ip-blacklister.wagi-coding.com/ ... v1-2-7.zip
Host ip-blacklister.wagi-coding.com
Downloaded file ae8ecc63df086dd4168f41f25c9b10b424669ecfeae98d092ff175fb62e505ee
Last analysis 2018-06-11 06:54:13 UTC


I find it odd that you providing a tool with a direct EXE Download link, without any further Informations and not providing your Source Code like
most of hMailServer Forum contributers. I encourage you, to create a free Github Account, create a Repository, upload your Source code to your
Repository, compile your EXE file and upload the EXE File in the Release Section of your Github repository.

On Github we can file Issues (bugs), users can file wishes and programmers can upload patches (Pull requests) which you can review and integrate or reject if you think the patch fits or doesnt fit to the Project. Keep up the good work.

wagi
New user
New user
Posts: 5
Joined: 2018-04-29 01:37

Re: How to Firewall Blacklist Mass of IPs

Post by wagi » 2018-06-11 09:02

Hey thanks for your tip. I tried to use github through visual studio. But i don't get it to work as expected o.O

Aswell idk exactly which files from all of them in the project are needed. Or if i could leak some private information when just adding everything from project to github.

Would be great if you can give me some tutorial for dummies, i tried to search one, but i had no luck with a total how-to. I'm afraid from making any mistakes on GitHub and fucking up the whole program then ^^

Hm. Maybe the detect is just bc of the website itself? What exatly is shown as malware? Because it's only doing what you do with it, you can check yourself once i've got it on github

Aswell could I add the exe file to github so normal users could still easily update through the update function i made?

PS: Aswell i am afraid from people bullying you bc you're a beginner in programming :/

EDIT:// Another thing is, it's not OOP

User avatar
Dravion
Senior user
Senior user
Posts: 1486
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: How to Firewall Blacklist Mass of IPs

Post by Dravion » 2018-06-11 11:04

Dont use Visual Studio Github integrated client bc it sucks.

For a beginner, i recommend the official Github Desktop Client, you can download it from here: https://desktop.github.com/

The steps:
1) Goto https://github.com/join?source=header-home and create a Personal Account (free) and confirm your Email,take a look in your Email inbox)
2) After you installed Github Desktop, you will be asked for your Gitub Username/Email and Password
3) Check your Email if you logged in with Github Desktop Client because it will inform you of a new login and click the link in it for acceptance.
4) in Github Desktop Client Create a new Projekt and let it point to your Visual Studio Projectfolder (the right folder is where you *.sln file exist)
5) Github Desktop will auto commit the files in the Folder automaticall.Now click on the top "publish"

Thats all. Now you can login to your Github.com Account page and take a look at Repos to see you newly created repo.

To circulate your new repo among friends, just copy the link which should (for example) look like this: https://github.com/GitUserBlah/Foo

GituserBlah is your Github Username and Foo is the repo.

To get familiar with it, just click the dummy link and explore the file structure
https://github.com/GitUserBlah/Foo its a little C# dummy project

wagi
New user
New user
Posts: 5
Joined: 2018-04-29 01:37

Re: How to Firewall Blacklist Mass of IPs

Post by wagi » 2018-06-11 14:00

Thank you very much ^^ Thats much easier. The VS GitHub thing drived me crazy ^^

Here you can find the repo: https://github.com/WaGi-Coding/WaGis-Ma ... er-Windows

User avatar
Dravion
Senior user
Senior user
Posts: 1486
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: How to Firewall Blacklist Mass of IPs

Post by Dravion » 2018-06-11 20:23

Excellent.

Nice little program.
For clarification. This Program.updates the Windows Firewall with IPv4 Addresses, not the internal hMailServer Blacklist/Autoban-Table.

The only problem could be the many thousands of rules it creates inside the Windows Firewall table .Maybe a undo button makes sense for this.

Post Reply