One of the fundamental metrics of a SaaS business like Apility.io is how long a user will be our customer. Without going into many obscure details about marketing in a SaaS business, it is quite intuitive that the longer a customer is with us, the more profitable it will be for the company. A common way to’reward’ loyal customers is to offer annual subscription plans at a significant discount. In return for an upfront payment proportional to the 12-month subscription, the customer receives a substantial discount for his loyalty. For a company, annual subscriptions have the advantage of having’money in the bank’ that they can immediately use for investment. And the most popular investment is in customer acquisition.
Some of our users have already successfully integrated our REST API into their applications thanks to the simplicity of our design and their skills as developers. We love to see how our users not only use our API for their internal products and services, but also for their commercial products. That’s why we’re going to push more and more the development of API clients for different languages, with the idea that more users can start using it by integrating with their services in the most simple way. This month we introduce the first client of our API for the Python language. This is Python Library we currently use for our in-house developments, as we are a Python house.
When I created Apility.io I decided that I didn’t want to follow the traditional start-up growth process. There are several reasons: my personal experience in previous companies, the change in how to invest in the companies… But I think I am good at seeing the trends in the technology market but very bad at guessing the right timing. I believe that how services are going to be consumed will be increasing ‘as a Service’ but more and more abstracted from the peculiarities of the infrastructure and the underlying technological solution. In other words, the’serverless’ concept will gradually become the new norm and will become the norm in a few years’ time.
This month we have added a new blacklist with IP addresses of anonymous proxies. The IDCLOACK-COM free open proxy IP lists claim to be the largest database of free open proxies in the world. Each IP address and port number will route your internet connection to a proxy server in a remote location.
This month we add several blacklists to our repository of domains: The unified hosts’ files of Steven Black. Steven Black hosts files are known Host files you can use to overwrite your /etc/hosts file in your computer to avoid your naming services to resolve malware, adware, fake news, porn, gambling and social hostnames. It’s up to the user to decide what kind of blacklist want to use.
Our customer base grows on a daily basis. This means we have to deploy more service zones closer to the geographical regions where our customers are located. All this Service Zones or Satellites help us to deliver always the lowest latency possible to our users, no matter if they are in a Free or Paid plan, or if they are using the API anonymously. That’s why we have just launched a New service zone in Austalia for our users from Oceania.
This month we have two new IP blacklist slightly different from the lists we have published before: TOP100-LATEST-IP and TOP100-1D-IP. These new lists are the result of our BigData crunching processes over the hundreds thousands of IP addresses analyzed every day. You can visually see it on our IP addresses Blacklist Ranking page updated every hour.
Blocking 500 million users is a serious thing. Still, I have found sites that have decided to implement the most secure way to comply with the new GDPR: Block all EU users! Yes, it’s hard to believe that somebody takes such a drastic decision, but it’s happening. Trying to walk in the shoes of these GDPR Taliban, I realized that I wrote just a few days ago how to block all the traffic coming from one or more continents with Cloudflare Workers and Apility API! So, I realized that I have just created the most simple and powerful tool to be 100% GDPR compliant! No Europeans? No problem anymore!
In a previous article, we explained how to pass as a header attribute the blacklists to which an IP belongs thanks to the capabilities of the Cloudflare Workers. In this article, the traffic never was redirected in the event of a malicious IP address, delegating that responsibility to the developers checking the content of the HTTP header. This is valid for those who have full control over the server-side code, but for those who only use Wordpress or Drupal tools they could not use the script.
Here comes a good bunch of more malicious IP addresses lists into our databases. Here goes the details of the new IP Blacklist of April 2018: BOTSCOUT, TEAMCYRU-BOGONS, TOR-BLUTMAGIE, BLOCKLISTNET-UA, BITNODES-IO, BLOCKCHAIN-INFO, BBCAN117, IANA-BOGONS, ALIENTVAULT.
If you have a SaaS service or you manage the registration system in a forum I am sure you are familiar with this problem: A user registers for the first time in your service, and for some reason decides to create not one, but multiple accounts. When he has consumed the trial period of one account, then he consumes the credit of the other accounts he created. This is the case for Automatic IP address quarantine.
When a cybersecurity expert performs threat intel work, he or she needs to contrast information from different sources to obtain the most detailed picture possible of the scenario he or she is investigating. One of these fundamental tools is the WHOIS service offered by the Regional Internet Registries (RIRs)…
We incorporate a new domain blacklist: SQUIDBLACKLIST. Squidblacklist.org is a service for network administrators the highest quality domain blacklists available for effective, targeted inline filtering leveraging various content control applications and platforms, including Squid Proxy.
We have been incorporating more malicious IP addresses lists into our databases. Here goes the details of the new IP Blacklist of March 2018: BRUTEFORCEBLOCKER, SSLBL, UCEPROTECT and ZEUS.
In this madness that is the evolution of Cloud Computing services without a doubt the newest and coolest thing are Serverless computing services. In this new paradigm mode of consumption of computing resources, we no longer have servers, underlying operating system, file system, or even system administrators. Welcome to the No-Ops world! Cloudflare offers us a new serverless computing service called Cloudflare Workers that fulfills all these characteristics and many more.
Every day Apility.io’s scraping services analyze almost a hundred black and blocking lists distributed throughout the network. Between IP addresses, email and domains resource the number of active resources in our database fluctuate between 3 and 4 million items. Although this number of items is easily manageable with today’s technology, when we talk about the number of transactions carried out in the system, the numbers skyrocket.
UDGER.com is a leader in the detection browsers, mobiles, tablets, Smart TV .., also provides info about IP addresses (proxies, VPN, Tor exit nodes ..). Since 2005 the Udger team provides services to detect of user agent strings. This project was called user-agent-string.info and was until 2014 freely available. During 2014 they extended the reach of their components and created Udger.com. The company updates their database several times a day to detect more strings.
When a developer wants to know the location of an IP individually, the Apility.io Geolocation API is able to return the information in hundredths of a second. This behavior is perfect if you want to integrate the service within applications that make requests along with other logic such as web applications or apps. However, for applications that perform massive data processing, it is not feasible to make a request to the server every time a developer wants to know the geolocation of an IP address. In this case, the Bulk GeoIP Lookup service in the geolocation API comes to rescue!
All those of us who develop SaaS services know how important it is to attract the maximum number of users to our platforms so that they can test them, get to know them, become familiar with them and thus be able to start the conversion process from user to customer with some gained ground. Even letting some bad customers sign up.