How to block access for CYVEILLANCE

How to block access for CYVEILLANCE

by brian avery -
Number of replies: 5
I was just looking through my site logs and noticed seveal entries without a name attached to an action - in particular browsing through forum posts (which are currently fake ones written by myself and a friend as various things are added to my site). I looked up the IP address 38.105.83.6 on the web and found that it belongs to CYVEILLANCE.

According to various posts I found in blogs and wikipedia, Cyveillance is a surveillance group which is reputed to do work for the US government collecting data, for the RIAA and the MPAA in relation to P2P networks and assorted other things.

They use robots which ignore robot.txt and are accused of using lots of bandwidth by various site owners. I intend to dig around until I find the full IP blocks for these people, then block them somehow - but my question here is how do I do that?

Is there a specific way in moodle or is it all done at host level?

Anybody else noticed these people in their logs? On a site which seems to focus on these kinds of intrusions, http://johannburkard.de/blog/www/spam/corporate-web-abuse-the-worst-offenders-from-cyveillance-to-picscout.html I found the following:

Netblocks

  • 38.100.19.8/29
  • 38.100.21.0/24
  • 38.100.41.64/26
  • 38.105.71.0/25
  • 38.105.83.0/27
  • 38.112.21.140/30
  • 38.118.42.32/29
  • 65.213.208.128/27
  • 65.222.176.96/27
  • 65.222.185.72/29
  • 151.173.0.0/16

More netblocks might be listed on the Cyveillance Exposed website. I believe Cyveillance frequently obtains new netblocks and drops old ones. I have tried to find all but I cannot guarantee the above list is complete.

Any comments would be appreciated. Perhaps most relevant is that the robot has been browsing all the forum posts on my site, so therefore collecting email addresses too. I don't have any personal problems with this as such, but I don't like burglars.

Brian
Average of ratings: -
In reply to brian avery

Re: How to block access for CYVEILLANCE

by Mary Cooch -
Picture of Documentation writers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Testers Picture of Translators
Do you mean these have been logging in and browsing or do you mean they have been browsing forum posts which are on your front page and open to the world? If it is the former then you need to tighten up on your email based self registration but if it is the latter as I suspect, then there shouldn't be email addresses there that they can collect - because the users who are posting the forum posts (fake or real) should not have their user profiles visible without being logged in. (it's in site admin>security>site policies >force users to login for profiles and should be enabled by default.)
Which scenario is it?
Average of ratings: Useful (1)
In reply to Mary Cooch

Re: How to block access for CYVEILLANCE

by brian avery -
No, the logs showed access only. I've spent the past 30 minutes reading up on them and they're a naughty bunch of folks.

Nothing posted, just browsing or collecting data. I don't know much but it seems they operate some sort of user agent / robot which trawls and collects data. Interesting to read about. However, the security is done at host level with an IP block (something I've not done before) but once I started reading I found info on various scraper bots that are capable of or try to collect data and content. Anyway, I reckon I answered my own questions. I take your word as to what a bot can see, I'm new to all this.

My security settings are pretty much as standard, I think. I don't know enough to change them, so I haven't. Yet. Mostly because there's not a lot for anyone to steal. If worst comes to worst, I can delete my entire site and set it up again if I make mistakes. All my material is at home, first and foremost, the website is dispensible whilst not in service.

Anyway, thanks for answering.
Brian
Average of ratings: -
In reply to brian avery

Re: How to block access for CYVEILLANCE

by Chris Collman -
Picture of Documentation writers

I would like to know the answer to Mary's question.  Where are these forums located: In a course or on the front page of your site?  

If in a course do you allow guest access? 

As Mary said, if you allow anyone to hit your front page, then anyone (or bots) can hit it.   If you do not lock your door, the neighbor kids will say they thought your kids were home and were just looking around until they showed upsmile

Chris

Average of ratings: -
In reply to Chris Collman

Re: How to block access for CYVEILLANCE

by brian avery -
Both, and the logs don't say what ws looked at, just says forum view. No, one says forum view, two give names, which are listed on the front page. Anyway, I just deleted the forums to be done with it.

However, from reading what I have, it's not like someone turned up at the site for a normal browse. I don't know how robots work, only that just because you say go away, doesn't mean they will. Need to read more about this. It's also fascinating to read who these robots work for -there are some that trawl sites looking for scams, counterfeit stuff, malware, copyright infringement and so on. I don't mind those, but there are plenty of others that are in effect spam bots.

Anyway, I blocked ip access to the ones I don't like. For now.
Brian
Average of ratings: -