Dr. Peter's Financial Systems Blog
Dr. Peter's Financial Systems Blog
Dr. Peter's Financial Systems Blog
Dr. Peter's Financial Systems Blog
Blog Articles
  • 70. A parallel processing theorem for machine and robotics control
  • 69. Angela Merkel should be nominated for the Nobel Peace Prize
  • 68. Why does the church not want the Ten Commandments?
  • 67. designing web sites with reponsive html and global variables
  • 66. We cannot block hackers anymore
  • 65. Books & e-books for sale
  • 64. Comparison of indices DJI, S&P 500, NYSE, NASDAQ and interest rates
  • 63. Predicting the NASDAQ trend from 2016 to 2020 and the S&P 500 from 2017 to 2022
  • 62. Forecasting the NYSE and the DOW Jones Industrial for 2018 to 2022
  • 61. my letters to the prime minister during the 1997 Asian Financial Crisis
  • 60. The way forward
  • 59. Wake up Israel it is time
  • 58. The Calling of the Lord
  • 57. Congratulations President Trump on the bombing of the Syrian military base
  • 56. President Trump and the 7 muslim nations
  • 55. Cure for diabetes and neropathy nerve pain
  • 54. Thank you President Barack Obama
  • 53. Healing from ankle and knee joint pain with stem cell products.php
  • 52. Congratulations to President Trump
  • 51. Obamacare
  • 50. High cost of insurance premiums
  • 49. Past predictions and the price of gold
  • 48. Save the children
  • 47. Sino Russian world war and the end of America
  • 46. The Lord Gods blessing and generational curses and gays lesbians
  • 45. Slowing economic growth
  • 44. False teachings in the church in Malaysia
  • 43. Banking problems in Malaysia with AmBank
  • 42. Banking problems in Malaysia
  • 41. Historical-performance-of-my-commodity-price-prediction-charts
  • 40. Major changes to the earths continents to occur if Israel is divided
  • 39. Block hackers bad bots scrappers stop ddos attacks wordpress blog sites
  • 38. China starts world war 3 with rampant piracy and bullying smaller nations
  • 37. Powerful nontoxic insecticide used in my kitchen for exterminating ants
  • 36. Soybean prices forecast chart 2013 2014 2015 2016
  • 35. Palm Oil price trend prediction 2012 2013 2014
  • 34. NYSE Composite Index prediction of 2015 Bull Run
  • 33. Brent-crude-price-forecast-2012-2013-2014
  • 32. Congratulations-President-Barack-Obama
  • 31. Indian stock exchange nifty index prediction chart
  • 30. Soybean prices commodity chart prediction for day traders and others
  • 29. Huduh is not for malaysia and the errors in huduh
  • 28. My rapeseed commodity chart prediction useful for day traders and others
  • 27. Problems problems and more problems
  • 26. contact us form
  • 25. stock chart signals and price action patterns - by Steve Sollheiser
  • 24. Malaysian property prices and the property market
  • 23. Malaysian population growth and Malaysian property prices
  • 22. False teachings of the muslim terrorist
  • 21. The alternative technical analysis for commodity and stock market analysis
  • 20. Malaysian property price, bubble and crash in 2012
  • 19. The basics of stock market, forex, commodity and financial economy models
  • 18. Gold price and business opportunities
  • 17. US Economic recovery and growth part 4
  • 16. US Economic recovery and growth part 3
  • 15. Gold price forecast trend chart 2011 2012 2013 2014 2015 2016
  • 14. US Economic Recovery and Growth Part 2
  • 13. US Economic Recovery 2009 2010 2011
  • 12. How to predict gold price trend 2011 2015
  • 11. Malaysian property prices and the property bubble
  • 10. Distribution of Wealth Model and Supply and Demand
  • 9. Gold price forecast 2011 2015
  • 8. Explanation of inflation and model of inflation hyperinflation
  • 7. Approximate silver price trend prediction chart june sept 2011
  • 6. Predicting market trends predicting stock market trends gold trends silver trends
  • 5. Causes of economic crisis recession and high inflation or hyperinflation
  • 4. What is inflation and how to manage inflation
  • 3. Making sound investment decisions
  • 2. forecasting commodity and stock market trends
  • 1. Dr. Peters Loan Calculator
  •  
    Books & e-books for saledesigning web sites with reponsive html and global variables>>

    Malicious hacker ip address blacklist is not checkable nor valid

    badbot exterminator uses ip address to track hackers

    Is the Outgoing Connections Manager a useful firewall?

    Many years ago, if I remember correctly it was around 2013 or 2014, I was trying to use the Outgoing Connections Manager in Hepsia control panel to only allow emails to certain IP addresses to be sent out. cPanel has similar features.

    By doing this, mail to other IP addresses were to be blocked. This was to prevent hackers from installing bad scripts that publishes thousands of emails per day from my websites. If these email hackers succeeded in spamming the world through my website then my email address would be black listed and I would not be able to send emails to friends and clients.

    In order to do this I needed to know all the IP addresses used by SMTP servers for such activity and needed provide a list of all these SMTP servers IP addresses in the Outgoing Connections Manager.

    After a lot of searching and analyses I realized I would never know all the IP addresses used by Google or Yahoo or other SMTP servers. And I could not specify certain IP addresses as when the SMTP server IP address changed my own outgoing mail would be blocked. This meant I had failed in my quest to block emails going out to irrelevant SMTP servers. It also meant that the function of the Outgoing Connection Manager was useless. In the end I deactivated my Outgoing Connections Manager.

    I did report this issue to my hosting services tech support staff and they too had no solution to this problem. In the final analysis I informed them to change the system so that instead of making a list if IP address that were to be allowed by the Outgoing Connection Manger I should be allowed to just specify the name of the SMTP server. For example 'Google' or 'Yahoo' or 'Hotmail' or the name of any valid SMTP server - as if there was a DNS or a reverse DNS for SMTP servers. A list of IP addresses could be held by the server or in a database or my hosting server could contact, say Google, to confirm whether it is their IP address before the email is sent out. To date I have not seen this or anything similar being implemented. Google, Microsoft, Yahoo, Apache and the like, please come out with a solution.



    Defending my website against hackers

    I have been defending my websites form hackers since 2013. In 2011, my first WordPress website, http://bachutha.com, which was on a shared hosting plan, was hacked. The server tech support team could not put the site back together again nor did they know how to clean up the hacker codes embedded into my site. In the end they deleted all the contents of the server and then restored a backup that I uploaded to them. I was lucky that I had saved backups on my PC instead of depending on the server backups.

    By 2013 the hacking attacks on my website became a daily affair. My site would hang, show corrupt pages or just not appear to any visitor. I asked many people for help as most WordPress security plugins were not effective against hacking activity. Worst still I did not know who was hacking my site. It was a very frustrating time as I could not identify hackers and did not know how to block the hackers. I found out later that those that had websites and knew PHP did not know what to do to protect their websites from hackers. After that I moved my website to another web hosting provider.

    The hackers were having a field day attacking us. Many of us were on tight budgets so we could not hire experts to help us out. In the end by 2013 I decided to learn PHP and try to develop code to block hackers.

    Today in 2018, 5 years later I have been able to defend my websites from hackers with my Bad Bot Exterminator program. As a result I found out that most hackers came from USA, Canada, France, Germany, Netherlands, Moldova, Ukraine, Russia, Turkey and the most dangerous were the Chinese. Even the Muslim terrorist had a cyber warfare arm focused on damaging websites that they did not like and I had been on their receiving end.

    Do not ever think it is just individuals who hack your sites? I have found hackers originating from large well known American corporations too. I think they tried to hack my site to see how well I was able to defend it from hackers. Their DOS attacks have failed miserably.

    I found out that the Eastern European and Russian hackers find out about your site through Yandex search engine. The Chinese hackers and the Chinese military find out about your site through Baidu and other crawlers which are registered as American and Canadian owned. This means that if you do not want hackers form Eastern Europe, Russian and China to know about your website block Yandex and Baidu from visiting your website.

    I found out that hacker crawlers ignore what is written in robots.txt. In fact they use the information in robots.txt to know which directories are important to you, in order to search for precious files that can be damaged and corrupted.

    In the end I resorted to blocking certain search engines by placing instructions in my .htaccess file. For the novice web publisher this can be done by the example shown on stackoverflow.

    ip address lookup

    Over the years I found that the single most important piece of information that can be used to block hackers is their IP address. With their IP address you can find out who owns the ip address and determine which country and town they come from, which corporation is issuing these hacking crawlers, which web hosting provider is providing them server & hosting facilities and how often they are visiting your site.

    Unfortunately, as of March 14th 2018, all that changed. Many large corporations have decided not to provide the IP addresses of the crawlers. It has now become even more difficult to block hackers as they are taking advantage of the changes in information provided by the visitor.

    The IP address of visitors to your site is now meaningless

    For those who are technical some examples of the information provided is shown below.

    A Sample of IP addresses

    A sample of IP addresses shown below was what we could use previously.

    DateIP Address
    12017/12/20 Wed 07:39:27209.90.232.167
    22017/12/20 Wed 10:12:05198.204.244.163
    32017/12/20 Wed 13:54:13120.76.121.20
    42017/12/20 Wed 20:42:32209.90.232.167
    52017/12/21 Thu 16:42:31140.143.93.167
    62017/12/22 Fri 02:31:5543.252.228.133
    72017/12/22 Fri 08:56:46114.215.164.201
    82017/12/22 Fri 16:04:14115.29.32.55
    92017/12/22 Fri 17:31:2459.188.250.179
    102017/12/23 Sat 00:32:01116.213.193.229
    112017/12/23 Sat 08:11:02213.239.215.66
    122018/04/29 Sun 09:40:1266.249.79.91
    132018/04/29 Sun 12:56:0866.249.79.91
    142018/02/16 Fri 02:09:4668.180.228.184
    152018/02/16 Fri 10:21:1068.180.228.51


    With the latest changes, IP addresses of visitors are not revealed and only 'IP NAMES' are provided as shown below:-



    IP Addresses have been changed to IP Names

    ItemDateIP Address (IP Name)
    12018/03/16 Fri 09:12:55legitimate.tor-exit.185.87.185.45.email.torbk-at-xs4all.nl
    22018/03/30 Fri 13:46:57tor-exit.bbserv.nl
    32018/04/02 Mon 02:50:43tor-exit.hartvoorinternetvrijheid.nl
    42018/04/02 Mon 14:23:39legitimate.tor-exit.185.87.185.45.email.torbk-at-xs4all.nl
    52018/04/05 Thu 05:33:51v-34539-unlim.vpn.mgn.ru
    62018/04/25 Wed 06:29:01customer.worldstream.nl
    72018/03/14 Wed 12:21:56jtorexit8013.onthewifi.com
    82018/03/14 Wed 13:03:3784-201-133-60.spider.yandex.com
    92018/03/14 Wed 14:19:33135.137.212.118.adsl-pool.jx.chinaunicom.com
    102018/03/16 Fri 01:25:07unknown
    112018/03/14 Wed 12:11:37199-47-87-140.ip87.iparadigms.net
    122018/03/14 Wed 12:12:09baiduspider-220-181-108-157.crawl.baidu.com
    132018/03/14 Wed 12:20:13msnbot-207-46-13-174.search.msn.com
    142018/03/31 Sat 17:42:46broadband-188-32-136-57.moscow.rt.ru
    152018/04/01 Sun 00:30:19sogouspider-106-38-241-167.crawl.sogou.com
    162018/04/01 Sun 01:17:26mm-249-149-85-93.dynamic.pppoe.mgts.by
    172018/04/01 Sun 04:50:42fulltextrobot-77-75-77-62.seznam.cz
    182018/04/30 Mon 00:53:1862-210-251-225.rev.poneytelecom.eu
    192018/04/30 Mon 04:24:31103-218-26-218.dhaka.dozeinternet.net
    202018/04/30 Mon 04:38:35no-mans-land.m247.com
    212018/04/30 Mon 10:00:09tc-cutuk-net-17-111.team.ba
    222018/04/30 Mon 11:27:27dynamicip-94-181-198-108.pppoe.kirov.ertelecom.ru
    232018/04/30 Mon 12:29:00177-114-121-65.user.vivozap.com.br
    242018/03/14 Wed 19:11:28crawl-66-249-69-102.googlebot.com
    252018/05/01 Tue 02:16:21msnbot-157-55-39-79.search.msn.com
    262018/05/01 Tue 06:05:06msnbot-207-46-13-12.search.msn.com
    272018/05/01 Tue 06:59:43msnbot-40-77-167-105.search.msn.com


    You will observe that many bots and hackers are using the new system to hide their IP addresses. Some have used terms like 'unknown' or placed other numbers to mislead their real identity. The list above is just a small sample. Over the last 5 years I have discovered many abuses by hackers and badbots.

    What do you do if a hacker claims his crawler is a genuine Google crawler? Like shown below:-

    IP Address (IP Name): crawl-37-249-69-102.googlebot.com
    HTTP User Agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)

    This is a fictitious example of an IP address that is very similar to Google's bot IP address.



    Hacker bots pretending to be Google bot

    I have found alot of misinformation in the data provided by hackers. It is almost garbage data with no relevance to the real information. For example, between February and March 2018, I found 5 or 6 crawlers pretending to be Google. They were imposters. Please see the table below.

    DateIP AddressHTTP User AgentCountryCity
    2018/02/08 Thu 14:12:3539.73.142.17Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)China (CN)Jinan
         
    2018/01/25 Thu 13:53:41 187.191.101.63Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)Brazil (BR)n.d.
         
    2018/02/04 Sun 06:26:39 89.19.29.16Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)Turkey (TR)n.d
         
    2018/02/08 Thu 14:12:35 39.73.142.17Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)China (CN)Jinan
         
    2018/02/13 Tue 15:07:18 37.252.14.101Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)Netherlands (NL)n.d
         
    2018/03/16 Fri 05:19:29 72.9.226.130Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)United States (US)Spring


    Without the actual IP address or replacing the IP address with an IP name, makes it very much more difficult to track and defend against hackers. How are we going to report ip address of hackers? How are we going to trace a hacker ip address and block them in future? Worst still it does not help in identifying IP addresses that are allowed or blocked by the Outgoing Connection Manager.



    Recommendation to PHP developers

    My recommendation to PHP developers is to block any visitor that does not reveal his IPv4 or IPv6 address as it is the safest technique to block hackers.



    Recommendation to Google, Microsoft, Apache, ...

    IP address should only be IPv4 or IPv6 and nothing else. It should be hardwired into the server global variable so that it cannot be modified to an IP Name or a fake ip address. If the internet users need an IP Name they should place the IP Name in a new global variable such as $_SERVER['IP NAME'] instead of using global variable such as $_SERVER['REMOTE_ADDR'].

    It is just terrible that they have removed IP addresses of visitors. This means that hackers will have a great time attacking web sites, anonymity and immunity against any protective hacker defense system and the law.

    Update to this article Ip Names and IP addresses

    I found out later that it was my hosting provider, ... & ..., that were substituting the IP address of my visitors with their domain names. Why on earth would anyone want to do that? My only guess is that there are internal staff that were trying to hack my site and did not want to be identified as the culprits. This is because my files were encrypted so that it is impossible for them to read my files from their console panels. My advice to you is that if you notice this occuring at your site please leave your hosting service provider and move to someone else or else their staff will pirate your work.



    Is China pretending that it is Google?

    I have been monitoring visitors to my website and noticed one visitor with the IP address 64.233.173.156. I checked this IP address and the information given by https://www.proxydocker.com/en/proxy/ is

    IP64.233.173.156
    Hostnamegoogle-proxy-64-233-173-218.google.com
    CountryPacific Region (AP)
    ProviderGoogle LLC
    Cityn.d
    ISPAS15169
    Regionn.d
    Postal Code
    ContinentOceania
    Latitude/Longitude35" N ,105" W

    Which is shown on the map as located in China. The remote host is identified as : google-proxy-64-233-173-156.google.com

    The information I was looking for, which it appears google cannot provide, is "Is the crawler at ip address 64.233.173.156 a genuine google crawler or a fake crawler pretending that its ip address is a google ip address?" The User Agent does not mention "http://www.google.com/bot.html" as shown below:-

    Mozilla/5.0 (Linux; Android 7.1.1; CPH1801 Build/NMF26F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.109 Mobile Safari/537.36

    and it looks like the visitor was using a Android smartphone.

    Is it true that the ip address, the user agent, the remote host can be faked?

    I would like to know if this is a genuine Google crawler or is this a Chinese crawler pretending to be a Google crawler?

    The worrisome thing about this is that is this how China is now hacking American contractors and other American sites by pretending they are Google?


    - Dr.Peter Achutha, 2nd May 2018, updated 11 June 2018

     





    Copyright (c) 2013 - 2018 Peter Publishing - All Rights Reserved