iBOUNCER

Anyone interested in trying out an early version of our cross-site IP blacklisting system, please hit me up on ICQ. Currently it supports PHP-driven sites that have an existing security framework.

Anyone who helps us out in the testing by using it on one of their sites will get a free year of service once we launch the final product.

The concept of the current version:

Basically, if you detect a surfer leeching/hacking/logging into a blocked account/etc using your existing security functions, you can easily add their IP to the blacklist by calling a php include. The IP will remain blacklist for a to-be-determined amount of time. You will be one of many sites that are adding fuckos to the blacklist.

Then, on your pages where you start a session or take a login you can check the blacklist to see if that surfers IP exists in the list, and do something fun with them if it does.

It requires you to put two small PHP files onto your server (one to check the blacklist, one to add to it) and one 'include' for each file in the appropriate place in your existing PHP scripts.

Lots more to come in this system as posted in some other threads... this is just an early version with some core functionality that we are looking to get some statistics and feedback on.

__________________
Secure PHP Programming - Secure E-Commerce Design
Site & Server Security Reviews - Code Reviews

The new and improved iBOUNCER. Give us a try.

ICQ: 201971159 or http://www.iBOUNCER.com

Master at Work

Don't touch this guy or his services.

Use StrongBox instead.

iBOUNCER

Dont feed the troll. This guy has never had any dealings with me or my company, but for some reason insists on following-up every post I make with some childish comment.

We work in ADDITION to things like StrongBox or PennyWize, anyway.

__________________
Secure PHP Programming - Secure E-Commerce Design
Site & Server Security Reviews - Code Reviews

The new and improved iBOUNCER. Give us a try.

ICQ: 201971159 or http://www.iBOUNCER.com

Dalai lama

I wouldn't judge about this guy's service.

But this is the first good thing you're saying. use Strongbox, it rocks.

__________________

A program you can trust.
Gallerybooster Run multiply TGPs of 1 script

jwerd

My god, do you thing and everything man...but if you plan to actually sell something like that... what the hell would anyone want it for? There are many solutions out there that offer that exact same thing. Hell, my first month into php I wrote something very similiar to that. I'm not hating or anything, but damn, as I said previously... don't reinvent the wheel

__________________
Yii Framework Guru - Seasoned PHP vet - Partner @ XXXCoupon.com

drama

By far one of the worst ideas ever.

toddler

Easier ways to do this than php includes. Better, automagic ways even.

__________________
http://www.flickr.com/photos/zoddler/

drama

Lets give anyone who uses your software the ability to ban my members and cause me chargebacks... sounds like we got a winner here

rickholio

IP based denial is always going to have downsides. In this age of NATs and proxies, tracking a user via IP is only a 'pretty good' method, but not optimal.

I do IP-based denial on local machines, but I wouldn't share those... not because I want to keep the information to myself, but I'd rather not 'poison' other peoples' legitimate customers because some schmuck that was already easily detected and denied access happened to be using the same proxy/whatever.

__________________
~

iBOUNCER

If one site finds that a user is hacking/leeching/whatever - do you want that user trying to find their way into your site? That's the concept of a cross-site blacklist.

__________________
Secure PHP Programming - Secure E-Commerce Design
Site & Server Security Reviews - Code Reviews

The new and improved iBOUNCER. Give us a try.

ICQ: 201971159 or http://www.iBOUNCER.com

iBOUNCER

Couldn't agree more about StrongBox.

__________________
Secure PHP Programming - Secure E-Commerce Design
Site & Server Security Reviews - Code Reviews

The new and improved iBOUNCER. Give us a try.

ICQ: 201971159 or http://www.iBOUNCER.com

Master at Work

A script kiddie turned "security professional" offering adult companies penetration testing and server security assessment.

He was owned on FAQ forum a few months ago, now he's back with his shitty services.
http://www.gofuckyourself.com/showthread.php?t=390381

jwerd

For aurgument sake, have you considered proxies? Might as well block those all together, because if there is anyone that wants in bad enough, they could easily get a fresh list, load it up, and there is 10,000+ attempts at cracking into said site.

__________________
Yii Framework Guru - Seasoned PHP vet - Partner @ XXXCoupon.com

iBOUNCER

Hit me up on ICQ, you obviously have some security phobia.

__________________
Secure PHP Programming - Secure E-Commerce Design
Site & Server Security Reviews - Code Reviews

The new and improved iBOUNCER. Give us a try.

ICQ: 201971159 or http://www.iBOUNCER.com

iBOUNCER

Good point, and yes- I have. The whole thing about security is that you have to make it easy enough for people to still USE your service/system/whatever but difficult enough for the people you dont want using the system. It's a balance. Any system, no matter how strong, will be broken given enough time and desire. The idea is to find the right balance between usability and security.

This concept may not be for everyone... few people have come up with any new security solutions in 10 years that I've been working in the adult world, yet webmasters still complain about the same problems, over and over.

__________________
Secure PHP Programming - Secure E-Commerce Design
Site & Server Security Reviews - Code Reviews

The new and improved iBOUNCER. Give us a try.

ICQ: 201971159 or http://www.iBOUNCER.com