Apility.io’s philosophy has always been to be an aggregator of the best open-source intelligence data (OSINT). Over time we have discovered that open data sets cover a large percentage of users’ needs, but not all of them. For VPN blacklisting the available datasets are not enough, are not up to date, or simply do not exist.
Since the inception of Apility.io the most recurrent question is ‘How can I fight against False Positives?’ and I must admit there is not an easy way. But let’s start for the beginning. What the hell is a False Positive and why is it so important?
We incorporate a new domain blacklist: COINBLOCKER-DOMAINS. CoinBlocker is a collection of lists that can help prevent illegal cryptomining in the browser or other applications. Most cryptocurrencies are generated through the process known as “mining.” Much like traditional mining operations, these procedures require the use of energy and resources to complete a process which yields a financial reward. In the case of cryptocurrency mining, the energy required is electricity and computing power. Lurking behind the legitimate cryptocurrency mining community is another group of individuals and organizations that try to mine for crypto using illicit methods.
This month we have a new list that should not be considered harmful, but can help cybersecurity analysts and SecOps to find out if an IP can be malicious. The IPCATV4-DC is a list of IPv4 address that corresponds to datacenters, co-location centers, shared and virtual web hosting providers. In other words, IP addresses that end web consumers should not be using.
This month we are back with IP addresses of forum, blogs and comment site spammers. The CLEANTALK-ORG compiles a database of spam IPs and Emails Database. It allows blocking spammers or other malicious activity. It offers spam protection for forums, boards, blogs and sites.
Several weeks ago we announced our new Python client library. We love to see how our users not only use our API for their internal products and services, but also for their commercial products. This month we introduce the first command line interface (CLI) tool to access our API services. Using the Python Library we currently use for our in-house developments (we are a Python house) we have developed and hosted the source code on Github.
We incorporate a new domain blacklist: AA419-ORG. They offer a complete database of fake bank entries and companies. Advance Fee Fraud has been around, in various forms, for centuries. The basic technique is to convince a victim that they are going to receive a large reward in return for little or no effort on their part. Once the victim is ‘hooked’, the fraudster(s) will gradually reveal various fees that must be paid before the victim can access the fortune that they believe is waiting for them.
We continue with more blacklists with IP addresses of anonymous proxies. The SPYS-ONE free open proxy IP lists is a well-known source of free open proxies in the world. It classifies the proxies by protocol, country, level of anonymity, speed and uptime.
Amazon Web Services (AWS) is without a doubt the most successful public cloud services platform in the world, and within its almost unlimited set of services, there are two that fit very well with the kind of integrations that can be done with Apility.io. I’m talking about the CDN Cloudfront and Lambda@Edge as a serverless computing technology that can run on the ‘edge’ nodes of Cloudfront.
One of the fundamental metrics of a SaaS business like Apility.io is how long a user will be our customer. Without going into many obscure details about marketing in a SaaS business, it is quite intuitive that the longer a customer is with us, the more profitable it will be for the company. A common way to’reward’ loyal customers is to offer annual subscription plans at a significant discount. In return for an upfront payment proportional to the 12-month subscription, the customer receives a substantial discount for his loyalty. For a company, annual subscriptions have the advantage of having’money in the bank’ that they can immediately use for investment. And the most popular investment is in customer acquisition.
Some of our users have already successfully integrated our REST API into their applications thanks to the simplicity of our design and their skills as developers. We love to see how our users not only use our API for their internal products and services, but also for their commercial products. That’s why we’re going to push more and more the development of API clients for different languages, with the idea that more users can start using it by integrating with their services in the most simple way. This month we introduce the first client of our API for the Python language. This is Python Library we currently use for our in-house developments, as we are a Python house.
This month we have added a new blacklist with IP addresses of anonymous proxies. The IDCLOACK-COM free open proxy IP lists claim to be the largest database of free open proxies in the world. Each IP address and port number will route your internet connection to a proxy server in a remote location.
This month we add several blacklists to our repository of domains: The unified hosts’ files of Steven Black. Steven Black hosts files are known Host files you can use to overwrite your /etc/hosts file in your computer to avoid your naming services to resolve malware, adware, fake news, porn, gambling and social hostnames. It’s up to the user to decide what kind of blacklist want to use.
Our customer base grows on a daily basis. This means we have to deploy more service zones closer to the geographical regions where our customers are located. All this Service Zones or Satellites help us to deliver always the lowest latency possible to our users, no matter if they are in a Free or Paid plan, or if they are using the API anonymously. That’s why we have just launched a New service zone in Austalia for our users from Oceania.
This month we have two new IP blacklist slightly different from the lists we have published before: TOP100-LATEST-IP and TOP100-1D-IP. These new lists are the result of our BigData crunching processes over the hundreds thousands of IP addresses analyzed every day. You can visually see it on our IP addresses Blacklist Ranking page updated every hour.
Blocking 500 million users is a serious thing. Still, I have found sites that have decided to implement the most secure way to comply with the new GDPR: Block all EU users! Yes, it’s hard to believe that somebody takes such a drastic decision, but it’s happening. Trying to walk in the shoes of these GDPR Taliban, I realized that I wrote just a few days ago how to block all the traffic coming from one or more continents with Cloudflare Workers and Apility API! So, I realized that I have just created the most simple and powerful tool to be 100% GDPR compliant! No Europeans? No problem anymore!
In a previous article, we explained how to pass as a header attribute the blacklists to which an IP belongs thanks to the capabilities of the Cloudflare Workers. In this article, the traffic never was redirected in the event of a malicious IP address, delegating that responsibility to the developers checking the content of the HTTP header. This is valid for those who have full control over the server-side code, but for those who only use Wordpress or Drupal tools they could not use the script.
Here comes a good bunch of more malicious IP addresses lists into our databases. Here goes the details of the new IP Blacklist of April 2018: BOTSCOUT, TEAMCYRU-BOGONS, TOR-BLUTMAGIE, BLOCKLISTNET-UA, BITNODES-IO, BLOCKCHAIN-INFO, BBCAN117, IANA-BOGONS, ALIENTVAULT.