IP address blacklist

Here is my IP address blacklist.
47.88.219.24/24 54.39.22.213/24 77.93.205.2/24 185.220.100.246/24 123.151.76.158/24 45.14.148.97/24 144.217.85.55/24 104.244.76.245/24 185.220.101.45/24 64.113.32.29/24 62.102.148.68/24 18.27.197.252/24 178.17.174.224/24 77.109.191.140/24 23.129.64.194/24 85.248.227.164/24 89.234.174.47/24 185.100.87.206/24 179.43.134.154/24 144.217.255.89/24 167.88.7.134/24 81.17.27.131/24 185.100.85.101/24 185.207.139.2/24 109.70.100.33/24 83.97.20.185/24 185.107.47.171/24 209.141.34.95/24 178.165.72.177/24 171.25.193.25/24 46.165.245.154/24 104.244.72.115/24 104.244.78.231/24 178.175.148.42/24 178.17.171.115/24 141.98.254.225/24 185.130.44.108/24 77.247.181.163/24 128.31.0.13/24 107.189.10.143/24 104.244.73.126/24 193.124.186.222/24 94.140.114.159/24 199.195.251.226/24 95.211.230.211/24 91.221.57.179/24 87.118.110.27/24 199.195.250.77/24 185.38.175.71/24 166.70.207.2/24 62.219.3.48/24 198.98.53.61/24 176.123.5.250/24 185.107.70.202/24 51.158.147.12/24 193.169.255.102/24 51.15.177.65/24 204.8.156.142/24 31.185.104.21/24 141.255.162.38/24 123.226.96.170/24 198.98.56.155/24 209.141.45.212/24 185.129.62.62/24 173.212.217.87/24
For your reference.
Powernumpty

Comments

  • New IP address blacklist
    205.185.127.219/24
  • what is the basis of your blacklisting all those?
  • The basis is as follows.
    Always the same frequency, mode, long access.
    Access many times even if kicked.
    It tries to connect many times even if it is kicked automatically. (After blacklisting)
  • Postscript.
    Change the IP address to access.
  • The contents of the log.

    Sun Jan 19 03:53:35 05:04:57.028 01.. CONN: 127.0.0.1 X-Real-IP 166.70.207.2
    Sun Jan 19 03:53:35 05:04:57.028 01.. CONN: 127.0.0.1 X-Forwarded-For 166.70.207.2
    Sun Jan 19 03:53:35 05:04:57.028 01.. IP BLACKLISTED: 166.70.207.2
    Sun Jan 19 03:53:51 05:05:12.511 01.. CONN: 127.0.0.1 X-Real-IP 166.70.207.2
    Sun Jan 19 03:53:51 05:05:12.511 01.. CONN: 127.0.0.1 X-Forwarded-For 166.70.207.2
    Sun Jan 19 03:53:51 05:05:12.511 01.. IP BLACKLISTED: 166.70.207.2
    Sun Jan 19 03:54:05 05:05:27.040 01.. CONN: 127.0.0.1 X-Real-IP 166.70.207.2
    Sun Jan 19 03:54:05 05:05:27.041 01.. CONN: 127.0.0.1 X-Forwarded-For 166.70.207.2
    Sun Jan 19 03:54:05 05:05:27.041 01.. IP BLACKLISTED: 166.70.207.2
    Sun Jan 19 03:54:20 05:05:41.417 01.. CONN: 127.0.0.1 X-Real-IP 166.70.207.2
    Sun Jan 19 03:54:20 05:05:41.418 01.. CONN: 127.0.0.1 X-Forwarded-For 166.70.207.2
    Sun Jan 19 03:54:20 05:05:41.418 01.. IP BLACKLISTED: 166.70.207.2
    Sun Jan 19 03:54:34 05:05:56.269 01.. CONN: 127.0.0.1 X-Real-IP 166.70.207.2
    Sun Jan 19 03:54:34 05:05:56.269 01.. CONN: 127.0.0.1 X-Forwarded-For 166.70.207.2
    Sun Jan 19 03:54:34 05:05:56.269 01.. IP BLACKLISTED: 166.70.207.2
    Sun Jan 19 03:54:46 05:06:08.048 01.. CONN: 127.0.0.1 X-Real-IP 166.70.207.2
    Sun Jan 19 03:54:46 05:06:08.048 01.. CONN: 127.0.0.1 X-Forwarded-For 166.70.207.2
    Sun Jan 19 03:54:46 05:06:08.048 01.. IP BLACKLISTED: 166.70.207.2
    Sun Jan 19 03:54:54 05:06:16.212 01.. AJAX: 127.0.0.1 X-Real-IP 167.99.214.222
    Sun Jan 19 03:54:54 05:06:16.213 01.. AJAX: 127.0.0.1 X-Forwarded-For 167.99.214.222
    Sun Jan 19 03:55:00 05:06:22.135 01.. CONN: 127.0.0.1 X-Real-IP 166.70.207.2
    Sun Jan 19 03:55:00 05:06:22.135 01.. CONN: 127.0.0.1 X-Forwarded-For 166.70.207.2
    Sun Jan 19 03:55:00 05:06:22.135 01.. IP BLACKLISTED: 166.70.207.2
    Sun Jan 19 03:55:14 05:06:36.290 01.. CONN: 127.0.0.1 X-Real-IP 166.70.207.2
    Sun Jan 19 03:55:14 05:06:36.290 01.. CONN: 127.0.0.1 X-Forwarded-For 166.70.207.2
    Sun Jan 19 03:55:14 05:06:36.290 01.. IP BLACKLISTED: 166.70.207.2
  • what freq did sit on?
  • Frequency is 27005kHz
  • you might consider blacklisting that freq.
  • HI All, is it really possible to "blacklist" a frequency ? Have given a fast search into the KIWI_faq but didnt find it.
    73
    Phil
  • edited January 2020
    as an admin, use the same method you use to label for a frequency, there is a blacklist option in the pulldown
  • The option is called "masked". Sorry about the documentation lagging..
  • which PULLDOWN pse
    Phil
  • jksjks
    edited January 2020
    Not on any pulldown from the control panel. You have to use the label editing feature since you are defining the mask for a particular frequency and mode (passband). http://kiwisdr.com/quickstart/index.html#id-user-marker

    On the DX label edit panel it's the last entry ("masked") on the "type" pulldown. You will see the blackout in the waterfall immediately.
    W9SPY
  • From observation of many other kiwi, I am seeing that many don't get DX Label work so sysops aren't familiar I guess
  • GM, interesting feature the MASKing of a QRG via DXLabel.
    I suppose that this masking works on the viewed part of the spectrum hence at the end of the demodulation process.
    Another more usefull feature would be a MASK during the RF_Spectrum scan , in this way also the
    interfering transmissions could be left out of the successive "demodulation" process,
    saving for lot of pass-band filters, etc etc.
    73
    Phil
    ka7oei
  • jksjks
    edited January 2020
    "RF_Spectrum scan"? I have no idea what this means.
  • HI sorry for the bad expression.... my meaning was: MASK_ing the RF spectrum during the sampling phase , hence directly at the RF stage instead of post sampling procedures. But I am not a programmer so am not sure at what stage the MASK_ing occours.
    73
    Phil
  • Hi Phil,

    >
    >MASK_ing the RF spectrum during the sampling phase , hence directly at the RF stage instead of post sampling procedures
    >

    Unfortunately you can't do that.

    All the processing is performed after the Analogue RF signals are sampled and converted to digital bits.

    The Analogue to Digital Convertor (ADC) is a broadband device that samples everything that is presented to it.

    Although there is a 30MHz Low Pass (anti-alias) filter ahead of the ADC, there is no method using the existing hardware to exclude specific chunks of spectrum prior to the ADC.

    It all has to be done in code afterwards, but by this stage it's too late to chop out any signals that are at a high enough level to overload the ADC.

    This is why quite a lot of KiWi admins (myself included) have added external filters in order to try and make best use of the available dynamic range.

    Regards,

    Martin - G8JNJ
  • Not had too much trouble, but now added 161.117.57.140/24
    Powernumpty
  • edited April 2020
    Coincidentally, I added 161.117.57.140 the other day as well. Seemed to be some sort of a bot that sat on air traffic channels, even after I notched one of them out. I also added 117.30.95.143 which seems to be doing the same thing.

    EDIT: And now another. They seem to like to check out 5598 kHz. I'd be tempted to ask for an option to auto boot/ban any IP that tries to tune in that frequency :)
  • Started hitting me from 161.117.61.157 a couple of days ago; blacklisted it (single IP), and came back with new 161.117.xx.xxx, so I added /24. Nothing since. The IP remained the same, but the reported location kept changing. Often reported no location, just the IP. Kept listening to 11175; kicked it off once manually (before BL), restarted the Kiwi server, and it was logging back on within 30 seconds. It was about 2AM local time in Shanghai, which is where the IP was reported coming from, so I doubt any humanoids were behind it at that time of night.
    Powernumpty
  • I would simply mask the 11175 (USB) frequency: For this case, I set a 1 Hz wide mask which causes the audio to mute, but produces an invisible line, unless one zooms way in.
  • Keep in mind that 161.117.0.0/16 and 161.118.0.0/16 belong to Alibaba Cloud, a Chinese hosting provider. It seems to be a USAF fan (not necessarily Chinese) who's hosting a bot there.
  • someone persistantly listening on that freq is more than a fan IMO
  • I agree it's probably not casual listening to USAF Global Comms, I had someone with an IP address associated with St. Petersburg on my Kiwi for some time, repeatedly relogging on when booted. I like Clint's idea...
  • I chose to block the IP range over the frequency as I have regular, known-to-me utility DXers monitoring that freq amongst others - I recognize their IP's. I'd rather not blank anyone at all personally, but an all-too-obvious bot? No.
  • It would be amusing if the KiwiSDR allowed us to feed an audio stream into it, and specify a frequency, and have the audio appear there to any listeners. Think of the possibilities :D
  • There are open American communities and websites of shortwave amateurs, like eam.watch, who aim to monitor, log and publish all HFGCS messages. Apparently they even use automated tools to record messages off web receivers, process them and publish them on their website. These sure look like fans to me, so this kind of thing isn't unlikely. We're talking about a persistent bot here - that's its job - but there are amateurs even persistent enough to monitor by listening to the frequency themselves all day. Think also of all the people monitoring the Buzzer on 4625 kHz and all restreamed feeds of it, these are not spies...

    Although a while ago, on some receiver in Japan I think, I did myself see what looked like a bot, with the curious habit of copying my (or other users') geolocation string in the users tab, if I remember correctly. Maybe that's the same thing we're talking about with:
    The IP remained the same, but the reported location kept changing. Often reported no location, just the IP.

    So there are certainly some weird things happening out there, I would know, but not necessarily anything nefarious or even interesting.
  • It would be amusing if the KiwiSDR allowed us to feed an audio stream into it, and specify a frequency, and have the audio appear there to any listeners. Think of the possibilities :D

    Makes me think of (5:47):

  • I don't obsessively check, but if I catch anyone tuning in to the 3840 kHz nonsense in the evenings - they immediately get added to my block list.
Sign In or Register to comment.