Blocking IP ranges at the router

I’m sure that Russia is a wonderful place, and I’m sure that the vast majority of people there are lovely, and have no interest in harming anyone.

Sadly, from the perspective of a server operator, it sometimes feels that nothing good ever comes from Russia.

Being the diligent server operator that I (hopefully) am, I monitor things pretty closely. That includes network traffic coming from the Internet. Over the years, I’ve noticed that a huge proportion of the probes, DDoS attacks, spam, phishing, and hack attempts against my network come from IP addresses in Russia.

It’s gotten to the point where I am now actively blocking huge swathes of Internet addresses (IPs) that originate in Russia and neighbouring countries like the Ukraine.

Blocking those nasty IPs

I run a Linux web server, as well as several Internet-enabled services, at my home office. All of the communications between my server and the Internet pass through a router, making it the ideal place to block unwanted traffic for my entire network, which includes media computers, development systems, and the Windows computer on which I’m writing this.

I’m using a commercial router, but I’ve replaced the original firmware with Advanced Tomato. Doing this provides many benefits, including making it easier to manage the router’s firewall, IPTABLES. Here’s a typical IPTABLES command to block an IP address from the router’s Linux command line:
iptables -I FORWARD -s 185.219.52.90 -j DROP

The DROP directive tells the router to unceremoniously drop any traffic from the specified IP, without logging this action. Traffic can also be logged when it’s dropped, but excessive logging can cause performance problems and fill up logs with junk, so I just drop this traffic.

I issue commands like the one above at my router’s command line to block the traffic immediately, and then I update the router’s startup firewall script with the same command, so that it persists after the next router restart.

So there’s this one guy

There’s been one particularly persistent attacker in the last year or so. This person wants desperately to gain access to one of my Internet-accessible services, but he’s not particularly intelligent, because he keeps trying the same things over and over, in rapid succession. So much so, that at times the traffic he generates comes within shouting distance of a DDoS attack.

I started paying particular attention to traffic associated with a series of ports that are used by the service, and blocking the IP addresses at the other end of that traffic. Whereupon we embarked upon a long game of whac-a-mole, in which I blocked an IP or IP range, and the attacker moved to another host or VPN provider and resumed his attacks from there. It seems clear that this was all being done by one attacker, based on his quick reactions to my blocking.

This went on for several months, but now he appears to have given up. Or at least he’s moved on to other methods.

In the process of blocking all these IPs and networks, the attacker has also helpfully provided me with a list of VPN providers that should be blocked by, well, everyone. Everyone who doesn’t specifically need to allow them.

IP addresses and ranges I’m blocking

Almost all of these IPs and IP ranges are in Russia and the Ukraine. A few are elsewhere in Asia. Most of the ranges are VPN providers.
103.48.51.116
104.129.18.0/23
104.237.192.0/19
104.237.203.0/24
141.98.10.0/24
173.244.208.60
176.67.85.0/24
185.156.72.0/24
185.156.74.0/24
185.193.88.0/24
185.217.69.157
185.219.52.112
185.219.52.90
185.219.52.91
193.106.191.25
193.106.191.35
193.106.191.41
193.32.164.85
193.93.62.0/24
195.54.160.27
198.8.81.220
216.131.114.0/24
216.131.116.0/23
216.131.68.0/24
216.131.88.0/23
217.138.255.202
31.43.185.29
31.43.185.9
37.120.218.0/24
45.134.26.0/24
45.143.203.121
45.145.64.0/23
45.145.65.11
45.146.164.0/23
45.146.166.0/23
45.155.204.0/24
45.155.205.0/24
45.227.253.0/24
45.9.20.0/24
5.188.206.230
71.19.251.0/24
76.180.16.74
77.243.191.120
77.83.36.0/24
78.128.112.18
82.145.32.0/19
84.17.41.141
84.17.41.151
87.251.75.0/24
89.187.182.87
89.187.183.76
91.191.209.110
92.204.240.75
92.255.85.0/24
94.232.40.0/21
98.175.213.148

Here are a few other ranges I’m blocking for various reasons:

  • Hungarian ISP MAGYAR-TELEKOM-MAIN-AS IP range (unceasing garbage): 94.27.128.0/17
  • MediaLand BPH IP range (generally just horrible): 45.141.84.0/24
  • EE-GIGAHOSTINGSERVICES (constant email relay attempts): 176.111.173.0/24

Patch Tuesday for December 2021

Time for another thrilling game of I Hope These Critical Security Updates Don’t Break Anything On My Computer with your permanent host, Microsoft.

This month’s edition includes approximately thirty-seven updates, with fixes for eighty-eight vulnerabilities, in Office, Defender, Edge, SharePoint, Visual Studio, Visual Studio Code, and Windows.

The challenge of counting the number of updates and vulnerabilities each month isn’t getting any easier, as some Microsoft applications (especially Edge) now update themselves outside of the monthly cycle. The source of both information and confusion about Microsoft updates is the Security Update Guide.

Microsoft isn’t showing any signs of giving up their ultimate power over your PC, and will continue to install updates pretty much at their whim, for the foreseeable future. Those of us still running Windows versions that are unsupported (7, XP), and soon-to-be-unsupported (8.x) are starting to seem like the last holdouts in a battle that’s already lost. The battle for control over our own computers.

Or maybe that’s just hyperbole.

Regardless of the status of automatic updates on your version of Windows, at this time of the month it’s a good idea to head over to the Windows Control Panel (or Settings), find Windows Update, and check for new updates.

Patch Tuesday for November 2021

To paraphrase butcher Oscar Wilde: the only thing worse than having to install security updates every month is having no security updates at all. If you’re not getting a steady supply of security updates, your software is probably no longer being developed or supported. If you’re just choosing not to install the available updates, you’re asking for trouble. Either is bad, but at least you can do something about the latter.

It’s my duty to inform you that — at least by my count — Microsoft has made available this day approximately twenty-nine updates for Windows, Office, Edge, Visual Studio, Exchange Server, SharePoint, Visual Studio Code, and Windows Server. A total of fifty-five vulnerabilities are fixed by the updates.

The source of this information is Microsoft’s Security Update Guide (SUG). It’s a sluggish and weirdly complicated system to navigate, but does seem to contain the necessary information.

As usual, this month’s collection includes updates for Windows 7, but those updates remain tantalizingly out of reach for most Windows 7 users, because obtaining them involves entering into a special agreement with Microsoft that’s way too expensive for regular folks.

Windows 10 systems get the updates automatically, and Windows 8.1 users — if automatic updates are disabled — should navigate to the Windows Control Panel and Windows Update to install them.

Java 8 update 311

Oracle just released its quarterly Critical Patch Update Advisory for October 2021.

As usual, there’s a section in the advisory for Java. The details show that previous versions of Java, including Java 8 Update 301, have fifteen known security vulnerabilities.

Java: What is it and why do I need it?

There’s a new version of Java that addresses the vulnerabilities in version 8u301: Java 8 Update 311.

If Java is installed on your computer, it’s a good idea to keep it up to date. If you’re not sure whether Java is installed, go to the Windows Control Panel and look for a Java entry. If it’s not there, great! You don’t use (or apparently need) Java.

Otherwise, click the Java Control Panel entry and go to the Update tab. Click the Update Now button to start the update process.

Patch Tuesday for October 2021

Like clockwork, Microsoft has once again provided us with a month’s worth of new security updates.

According to Microsoft’s Security Update Guide, this month there are patches for one hundred and seven vulnerabilties, in Office (2013, 2016, and 2019), Edge, Exchange Server, SharePoint, Visual Studio, System Center, Windows (7, 8.1, 10, and 11) and Windows Server.

As usual, Microsoft is taunting Windows 7 users with updates for that O/S, because most of us regular folks can’t afford them.

Windows 8.1 users — of which I’m one of the very few remaining — can either enable automatic updates, or navigate the Start menu to Windows Update to install available updates manually.

Windows 10 users can still delay updates, though just how long a delay is allowed depends on the flavour of Windows 10 you’re running. Windows 10 Home doesn’t give you much to work with in that respect.

Since Windows 11 isn’t even officially released yet, it’s difficult to predict exactly how updates will be handled for that O/S. However, it’s a safe bet that updates will be shoved down our throats as they are with Windows 10.

Windows 11 workarounds

Windows 11 hasn’t even been released yet, and people are already looking for ways to work around some of the changes Microsoft has decided we really need.

First up, it’s the venerable Start menu, which for some reason Microsoft has decided to move from its traditional place at the bottom left of the display, to the bottom center. Perhaps because that’s the way macOS does it?

I have no problem with Microsoft making changes like these, as long as there’s a way to revert those changes. In this case, there’s no obvious way to do that, but helpful folks have found a workaround.

Next, it’s the incredibly annoying prompts, taskbar icons, alerts, and other associated distractions generated by Microsoft Teams. That software isn’t included with Windows 11, but Microsoft has packed the new O/S with what amounts to advertising for Teams. Again, helpful folks have figured out how to get rid of this crap.

Meanwhile, Mozilla has discovered how to get past the hurdles Microsoft erected to prevent Firefox from making itself the default web browser automatically. You’ve no doubt seen what is normally required to change the default browser on Windows 10 (which now affects Windows 11 as well): you’re forced to make the change manually.

Forcing the user to intervene in changing the default browser (and other applications) was added to Windows as a security measure, because otherwise malicious software could more easily take over affected applications. But Microsoft’s applications don’t seem to be affected by this restriction, making the whole thing seem more like Microsoft giving itself an unfair advantage.

Patch Tuesday for September 2021

Summer is winding down, young folks are risking their health going back to school, and anti-vaccination cretins are revealing to the world how incredibly stupid they are by protesting at hospitals.

The good news is that you can easily distract yourself from the bad news for a few minutes by doing something straightforward and comfortable. I’m referring, of course, to installing Microsoft updates on your Windows computers.

If you’re looking for detailed information about the updates being made available by Microsoft today, the best place to start is the official source: the Security Update Guide (SUG). I’m not saying you’ll find it easy to navigate (you likely won’t). But it is the official source.

For those of you not inclined to risk a migraine by looking at the SUG, I’ve done my usual analysis of this month’s offerings, based on data downloaded from the SUG and viewed in a spreadsheet application (any one will do).

This month’s patches address a total of ninety-three security vulnerabilities, in Office, Edge, SharePoint, Visual Studio, Visual Studio Code, Windows Server, Windows 10, Windows 7, and Windows 8.1.

The Windows 7 patches are not available to regular folks, and can only be obtained (legally) by paying Microsoft a large amount of money. Windows 7 users are encouraged to upgrade to, well, I guess Windows 10, which is currently somewhat less terrible than it was when it was released.

Windows 8.1 users — the few of us who remain — have the luxury of deciding whether and when to install updates via Windows Update.

Windows 10 users can only delay updates, and then only if you’re running the Pro (not Home) version.

COVID-related phish received via text

I just received a text message from someone pretending to be a representative of the Liberal Party of Canada.

The message, sent via SMS to my mobile phone from a phone number in Toronto, offers a monetary reward for being vaccinated for COVID-19, and invites the recipient to click a link to liberalparty-assist[dot]com. Here it is:

The phishing message I received on my phone this morning

If you receive this message, or anything similar, please do not click the provided link. I can’t be sure what will happen, but it won’t be good.

While I avoided clicking the phishing link, I did look into the site it points to. The domain is actually owned by a provider in Paris, France: M247-LTD-Paris. Definitely not anything to do with a political party in Canada. The phone number has been reported numerous times as a scam source.

Since the majority of Canadians have been vaccinated, this phishing message seems likely to attract many clicks from unsuspecting people. Sadly, that will include people who desperately need the money, as well as older folks and others who may not be as technically astute as the rest of us.

Some day it may be possible to track down the people responsible for these scams. I enjoy dreaming up interesting forms of punishment for these people.

CloudBerry Backup

Backups are important. I tell people that they should think about how much work would be involved if they lost all their data, and had to create or gather it all again. Considering that work is usually enough to get people talking seriously about backups.

This consideration informs decisions about the backup process to be used: what should be backed up, how often backups should run, where backups will be stored, and how many backup versions will be kept.

My own backup requirements are like those of anyone who has done any amount of work that they would hate to lose: documents, email, financial records, pictures, artwork, and even browser bookmarks. The only difference is that I also provide full or partial backup services to my clients.

A few years ago, I realized that I needed an off-site backup system to complement my local backups. In the nightmare scenario involving total loss of all computers and storage devices resulting from a house or office fire, all local backups would also be lost.

And so I started looking at backup software that would allow me to maintain backups of critical data somewhere besides my home/office.

Storage required

Off-site backup storage takes many forms, including taking physical backup media off-site daily. These days it most often involves a paid service such as Amazon S3.

Remote services are often referred to as ‘cloud’ services, but they mean the same thing: the service runs on someone else’s computer. Of course, storing your irreplacable, private data on someone else’s computer sounds scarier than storing it ‘in the cloud’ so that’s the term we hear most often.

There are some special considerations when you start looking at using cloud storage for backups: additional costs, network bandwidth, vendor trustworthiness, privacy, and encryption.

The encryption issue alone requires careful consideration. Is your data encrypted in transit? Is it stored in encrypted form on the cloud service? Who has the keys to decrypt your data?

For my own backups, I settled on the DreamObjects storage service provided by Dreamhost. I’ve been using Dreamhost for client web sites and related services for years, and I’ve always found their support to be first rate. I have had a few problems with the DreamObjects service, including some reliability issues, but these were resolved quickly and satisfactorily by Dreamhost support.

My requirements

In my recent search for an off-site backup solution, I settled on the following requirements:

  • Runs on my main PC (Windows 8.1).
  • Stable and reliable.
  • Reasonably fast.
  • Incremental backups (back up only changed files).
  • Transmit only changed data (to save bandwidth).
  • A built-in scheduler, or compatibility with Windows Task Scheduler.
  • Compatible with DreamObjects, itself an S3-compatible service.
  • Data is encrypted in transit and when stored.
  • Storage provider does not possess encryption keys.
  • Ability to limit bandwidth used during backup operations.
  • Ability to limit the amount of storage used.
  • Backup storage pruning based on number of copies and/or storage used.
  • Straightforward restore process and tools.
  • Useful logging.
  • Does not use excessive computing resources (memory, processor, local storage, handles, and disk I/O).
  • The ability to include and exclude files and folders based on various criteria.

Enter CloudBerry

I looked at numerous possible solutions, and even purchased a few that looked promising but ultimately failed to meet my requirements, including qBackup, Arq5, Arq7, and GoodSync. I also looked again at Cobian Backup, which I still use for local backups, and Allway Sync, which I use for fast syncing of critical data to thumb drives, but they also failed to meet my needs for off-site backup.

CloudBerry was just the next solution on my list. I had never even heard of it before reading about it in this Reddit thread.

CloudBerry Backup can be downloaded and installed on a trial basis for two weeks. That was plenty long enough for me to learn what I needed.

CloudBerry Backup Features

See that list of requirements a few paragraphs back? Well, CloudBerry Backup checks all those boxes, and then some. CBB works with many storage services, including Amazon S3, Amazon S3 Glacier, Microsoft Azure, Google Cloud, Backblaze B2, Wasabi, OpenStack, various S3-compatible storage and others.

Other notable CloudBerry Backup features:

  • Grandfather-Father-Son (GFS) retention policy support
  • Backups to local drives and NAS-like storage devices
  • Microsoft SQL Server backups
  • Microsoft Exchange backups
  • Synthetic Backup for File, Image-based, VMware backups
  • Bare-metal recovery (create recovery disks and USB drives)
  • Cloud Backups (cloud-to-cloud, and cloud-to-local)
  • Image-based backups (physical or virtual machine image)
  • Modified Block Tracking for Image-based backups
  • Support for various virtual machine formats (Hyper-V, VMware, VirtualBox, and RAW)
  • Restoring image-based backups as Amazon EC2, Microsoft Azure VM, and Google Compute Engine instances
  • Hybrid (two-step) backup (applies to the legacy format only)
  • Client-side Deduplication
  • Mandatory and Full Consistency Checks
  • Backup Chains and Custom Scripts Support

One huge bonus CloudBerry provides is a clean, well thought-out user interface. This wasn’t on my requirements list, because although UI is important, backup software is typically set up once and then runs in the background. So I can live with a crappy UI in backup software, as long as it’s otherwise good. That’s unlike software I use every day, such as my email client, web browser, and document-based office applications.

A well thought-out user interface also makes CloudBerry Backup a legitimate solution for the less technically-inclined among us. In using CBB, I frequently discovered what I was looking for without any searching for functions or settings. Preset defaults made sense, and the backup plan creation wizard is excellent. CBB even creates several backup plans automatically, for documents, web browser bookmarks, and pictures; these need only a destination to be configured before they can be used.

CloudBerry Backup Pricing and Licensing

CloudBerry Lab was founded in 2011, but is in the process of rebranding itself as MSP360, so the company web site refers to both names. For now, the product I’m interested in is MSP360’s CloudBerry Backup Desktop Edition, which sells for $49.99 USD. The company provides other backup software and services aimed at business, corporate, and educational customers. There’s also a free version of CloudBerry Backup, but it has some limitations that make it unsuitable for my purposes.

When you purchase CloudBerry Backup Desktop Edition, you have the option of paying an extra $10 USD for a year of annual maintenance. The MSP360 web site isn’t exactly clear about what this provides, but it does include support, and may be the only way to obtain software updates. If you want and/or need support, the $10/year price seems reasonable.

Conclusions

Great software makes me happy. CloudBerry Backup qualifies, and my search for an off-site backup solution is over for now.

If you or anyone you know could use an excellent backup solution, whether or not they need off-site storage, you won’t go wrong recommending CloudBerry Backup.

Patch Tuesday for August 2021

It’s another Patch Tuesday, which these days matters less and less, given that software makers are increasingly forcing updates onto us.

There are still plenty of people running Windows 7 and Windows 8.x: almost 20%, with Windows 10 taking the rest, at close to 80%. That’s according to Statcounter.

Sadly for Windows 7 users, official patches for that O/S are few and far between, with Microsoft only releasing Windows 7 updates to the general public when the vulnerability being addressed is particularly nasty.

That leaves Windows 8.1, for which we continue to receive updates, and for which the process has not changed much since the O/S was introduced in 2013.

The updates

This month, Microsoft is making available updates that address a total of eighty-seven security vulnerabilities in .NET, Office, Edge, SharePoint, Visual Studio, and Windows. That count is based on my interpretation of the official Security Update Guide, and it may differ from totals provided by others, because counting these things is not as simple as it sounds.

If you’re running Windows 10, hold onto your britches as Microsoft installs the new updates remotely on your computer, and hopefully doesn’t break anything this time.

Windows 8.1 users can either enable automatic updates, or head to the Control Panel and fire up Windows Update.

Windows 7 and XP users are basically out of luck. If you are using those systems, I strongly recommend that you don’t also use them for email or web browsing.

Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.