Since the inception of Apility.io the most recurrent question is ‘How can I fight against False Positives?’ and I must admit there is not an easy way. But let’s start for the beginning. What the hell is a False Positive and why is it so important?
We incorporate a new domain blacklist: COINBLOCKER-DOMAINS. CoinBlocker is a collection of lists that can help prevent illegal cryptomining in the browser or other applications. Most cryptocurrencies are generated through the process known as “mining.” Much like traditional mining operations, these procedures require the use of energy and resources to complete a process which yields a financial reward. In the case of cryptocurrency mining, the energy required is electricity and computing power. Lurking behind the legitimate cryptocurrency mining community is another group of individuals and organizations that try to mine for crypto using illicit methods.
This month we have a new list that should not be considered harmful, but can help cybersecurity analysts and SecOps to find out if an IP can be malicious. The IPCATV4-DC is a list of IPv4 address that corresponds to datacenters, co-location centers, shared and virtual web hosting providers. In other words, IP addresses that end web consumers should not be using.
This month we are back with IP addresses of forum, blogs and comment site spammers. The CLEANTALK-ORG compiles a database of spam IPs and Emails Database. It allows blocking spammers or other malicious activity. It offers spam protection for forums, boards, blogs and sites.
We incorporate a new domain blacklist: AA419-ORG. They offer a complete database of fake bank entries and companies. Advance Fee Fraud has been around, in various forms, for centuries. The basic technique is to convince a victim that they are going to receive a large reward in return for little or no effort on their part. Once the victim is ‘hooked’, the fraudster(s) will gradually reveal various fees that must be paid before the victim can access the fortune that they believe is waiting for them.
We continue with more blacklists with IP addresses of anonymous proxies. The SPYS-ONE free open proxy IP lists is a well-known source of free open proxies in the world. It classifies the proxies by protocol, country, level of anonymity, speed and uptime.
This month we have added a new blacklist with IP addresses of anonymous proxies. The IDCLOACK-COM free open proxy IP lists claim to be the largest database of free open proxies in the world. Each IP address and port number will route your internet connection to a proxy server in a remote location.
This month we add several blacklists to our repository of domains: The unified hosts’ files of Steven Black. Steven Black hosts files are known Host files you can use to overwrite your /etc/hosts file in your computer to avoid your naming services to resolve malware, adware, fake news, porn, gambling and social hostnames. It’s up to the user to decide what kind of blacklist want to use.
This month we have two new IP blacklist slightly different from the lists we have published before: TOP100-LATEST-IP and TOP100-1D-IP. These new lists are the result of our BigData crunching processes over the hundreds thousands of IP addresses analyzed every day. You can visually see it on our IP addresses Blacklist Ranking page updated every hour.
Here comes a good bunch of more malicious IP addresses lists into our databases. Here goes the details of the new IP Blacklist of April 2018: BOTSCOUT, TEAMCYRU-BOGONS, TOR-BLUTMAGIE, BLOCKLISTNET-UA, BITNODES-IO, BLOCKCHAIN-INFO, BBCAN117, IANA-BOGONS, ALIENTVAULT.
If you have a SaaS service or you manage the registration system in a forum I am sure you are familiar with this problem: A user registers for the first time in your service, and for some reason decides to create not one, but multiple accounts. When he has consumed the trial period of one account, then he consumes the credit of the other accounts he created. This is the case for Automatic IP address quarantine.
We incorporate a new domain blacklist: SQUIDBLACKLIST. Squidblacklist.org is a service for network administrators the highest quality domain blacklists available for effective, targeted inline filtering leveraging various content control applications and platforms, including Squid Proxy.
We have been incorporating more malicious IP addresses lists into our databases. Here goes the details of the new IP Blacklist of March 2018: BRUTEFORCEBLOCKER, SSLBL, UCEPROTECT and ZEUS.