by NetworkRedux
Analyzing and Blocking the 1bu proxy
A client recently brought to my attention a domain 1bu.com, where several of their domains were being displayed and updated in nearly real time by entering a subdomain such as somedomain.com.1bu.com. It also came to my attention that networkredux.com had a similar issue, networkredux.com.1bu.com.
Not an expert in search engine optimization, and the downfall of such an indexed existence, this article will solely address how to block this asian based proxy firm from using your content.
Analyzing and tracing
Analysis and tracing yielded the following:
* http://networkredux.com.1bu.com was displaying content in what appeared to be real time.
* Output from raw access logs for the web server hosting networkredux.com resulted in the following entries:
* 219.129.21.160 - - [15/Feb/2005:18:26:59 -0800] "GET / HTTP/1.0" 200 11348 "-" "Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0"
* This yielded the IP address of the proxy server, 219.129.21.160.
* Assuming this proxy based setup operates behind various network addresses, a host and dig lookup of the 1bu.com host resulted in the following:
host 1bu.com
1bu.com has address 219.129.20.200
1bu.com has address 219.133.55.45
dig @ns1.dns-diy.com 1bu.com A
;; ANSWER SECTION:
1bu.com. 3600 IN A 219.129.20.200
1bu.com. 3600 IN A 219.133.55.45
;; AUTHORITY SECTION:
1bu.com. 2171 IN NS ns1.dns-diy.com.
1bu.com. 2171 IN NS ns3.zg1.net.
Common Theme
The common theme denoted from this brief analysis is the 219.0.0.0/8 subnet.
Solution - IPTables
Though this analysis is brief, and we have not had an extended period of time to observe the network of 1bu.com - they may in fact make it commonplace to switch Class A’s on occasion (though this is highly unlikely), the following IPTables solution will completely block their proxying:
iptables -A INPUT -s 219.0.0.0/8 -j DROP
Using any other firewalling solution, simply block the entire 219.0.0.0/8 subnet and you are in business.
Summary
219.0.0.0/8 is a Class A network in the asian pacific network.
Details of a portion of the Class A we are blocking:
inetnum: 219.0.0.0 - 219.63.255.255
netname: BBTECH
descr: SOFTBANK BB CORP
descr: Nation wide network in Japan
country: JP
Which addresses and subnets you choose to block is at your own discretion. Some may choose to only block the IP addresses we have uncovered, others may choose to play it safe and block the entire network.
Stay tuned to our technology blog for updates in our analysis of 1bu.com.
Thomas Brenneke : President
Network Redux, LLC
Email: technology@networkredux.com
Web: http://www.networkredux.com
Blog: http://technology.networkredux.com
Related:http://www.thehostingnews.com
Copyright © by Dedicated Servers, Reseller Web Hosting News All Right Reserved.
Find a Host
News
Content
Digg
Newsvine
del.icio.us
Furl
Netscape
StumbleUpon
SlashDot
RSS Feed
Add to Google
Add to Yahoo