Updated 7/7/2008 - See Updates area below
I've written a small app that allows IIS sites to block Chinese and Korean web sites with just a couple clicks. It's called IISIP and is found here.
Unfortunately up to 80% of spam and server attacks come servers outside the US. Even though ASP.Net blocks a most attempts, it still clutters up your event logs with tons of junk that makes it harder to see real site errors.
I know of no other free way to do this so easily which is why I wrote the app. If you try to do this yourself you run into the following problems:
- A lot of sample code is out there to program IIS, but hardly any of it is built into a ready to run tool. Using these bits of sample code is a pain and requires integration time and often fixing someone else's glitches. IISIP is ready to run, 32-bit and 64-bit Windows.
- Even if you have a tool to bulk block IPs, it takes time to build your own block list. What's needed is integration of known block list INTO the app so everything you need is in one place. Thankfully sites like okean.com are maintaining such lists, and I've integrated them into the app.
- A final requirement to make this process easy is the ability to support dynamic and local "IP feeds". For example rather than hardcoding the lists into the app, the latest versions are automatically downloaded. You can also add other feeds by dropping an .xml file into the IPFeeds folder. So if you have your own lists built ISSIP can use them.
I'd appreciate any feedback - The app works well for me but it is new so if you want to be super safe you can backup your metabase first.
Updates: 7/7/2008 Version 0.88
- Enhanced IPFeed parsing to handle ranges of IPs, many were being missed
- Added Link to IP Geographic Locator
- Added more detail to status while work is being done
- Better error checking for IPFeeds
- Minor UI tweaks
Great App. Was easy to install and immediately propagated to the subwebs.
Posted by: Mark Stevens | July 28, 2008 at 10:16 PM
This is very slick. Would be nice if this was "whitelist" rather than a "blacklist" that way you could just open up the US IP space.
It would be nice if this address ranges using the subnet mask. Overall very cool, one of the best solutions I have seen so far.
Posted by: Todd | July 30, 2008 at 02:00 PM
Is it possible to schedule automatic update of the lists? I've created my own listed that is update frequently but I don't wanna lose my time updating it every 12h
Posted by: Tommy | August 06, 2008 at 06:14 AM
It doesn't appear to work on windows 2003 sbs r2. OS is blocking exe because it thinks it could be harmful. Is there a setting I should use or does the exe run on sbs 2k3?
Posted by: prumery | September 29, 2008 at 01:46 PM
I have modified and tested your program to allow the user to block ip address for the windows XP FTP server service; which you cannot do via the computer manager control panel applet.
Do you want the update???
Logie
Posted by: Logie Urquhart | September 30, 2008 at 09:21 AM
Hi
Like a couple of people have said - there's no block by subnet function? IIS supports this, would it be much work for you to add this?
However I have found this very useful for implementing explicit lists of IPs, but that's not very effective against a determined foe.
Posted by: Chris Monteiro | November 04, 2008 at 10:05 AM
Hi everyone, thanks for all the good feedback.
@Logie and other coders, would be glad to have the update. Please integrate and send me a zip file in email to lwhitney hdgreetings com
For anyone who reported a bug, please check out the new release here:
http://www.hdgreetings.com/other/Block-IP-IIS
Thanks,
Lee
Posted by: staff | November 30, 2008 at 12:29 PM
This is awesome!
Does this work for FTP as well or only my websites?
I need something like this to block china and korea from my IIS FTP server as well.
Posted by: Charles King | January 06, 2009 at 11:51 AM
@Charles:
Right now it's only for IIS / Web sites. FTP would be helpful, but it seems a lot of people use different FTP software so that would be more like firewall type functionality.
However I would like to eventually adapt the same functionality into Windows Firewall, which would then work for all server functionality.
Regards,
Lee
Posted by: staff | January 10, 2009 at 10:59 AM
Works great. Thanks!
Posted by: hans | February 23, 2009 at 06:05 AM
Dear Lee,
I'm combine your great work with other secure app.
so, now i can't connect to your IP data (www is block)
did you plan for manual update? (Open blockIP.txt file from menu)
Many Thanks,
Posted by: Thatchai | March 02, 2009 at 11:14 AM
Lee,
Just what I was looking for! I'm working on an add-in for Windows Home Server that shows IIS logs and I've been considering adding a "Block IP" button. What's your stance on me re-using some of your code? My app is freeware and I'd be happy to add you to the credits. Let me know!
Posted by: Matt | March 18, 2009 at 08:09 PM
I would like to re-use your code in an add-in that I am writing for Windows Home Server. It's a free add-in, not commercial at all. What is the license for your code? I'm happy to give credit and all. Please let me know!
Posted by: Matt | March 20, 2009 at 12:14 PM
@prumery:
It should work fine on SBS 2003 although I have personally tested on just "Windows Server 2003", not the SBS version. The warning you see is a generic warning shown for all .exe files.
@Logie:
Great, send it over and I'll add your enhancements. Code contributions always welcome.
The program and it's source code will stay free forever.
Regards,
Lee
Posted by: staff | March 26, 2009 at 08:25 AM
>Just what I was looking for! I'm working on an add-in for Windows
>Home Server that shows IIS logs and I've been considering adding a
>"Block IP" button. What's your stance on me re-using some of your
>code?
Hi Matt,
Please feel free to use any part of the code you like.
The source code and application will always be free without restriction.
Regards,
Lee
Posted by: staff | March 26, 2009 at 08:29 AM
Hi!
Great tool! Thanks! However it would be even better if I could use this on my FTP accounts as well, I am getting continuous login attacks from these little bastards every day. Logie do you have the update?
Posted by: Ayac | April 10, 2009 at 06:39 AM
Could not be easier to set up and it works great! What do I have to do to convince you to add a user-agent based filter to this as well? :)
Posted by: Dave | April 15, 2009 at 12:08 AM
@Dave,
I could see user agent filtering being helpful, but would require opening data packets and "looking inside" at agent strings, which would have to be done mostly from scratch.
I could add quite a few improvements if anyone has a pointer to some .NET code to access the Windows Firewall. I've seen it has an interface but if I remember right it looked like a pain to deal with.
This would allow the functionality to work for FTP, Web, and all other systems on the computer.
regards,
lee
Posted by: staff | April 15, 2009 at 04:46 AM
Great app, but I'm having some issues adding full network ranges. I have parsed the list for 'Russia' from blockacountry.com into a text file with the network CIDR block and subnet in this format:
62.5.128.0 255.255.128.0
IISIP imports and updates the normally, but I came to find that it took all of the subnets as addresses and added them seprately, which ouf course pretty much locked all users out of the server.
Does IISIP not require the subnets or am I formatting incorrectly?
Posted by: Edward Silha | April 21, 2009 at 11:20 AM
wish it worked with win2008 IIS-7
Posted by: Jim | June 02, 2009 at 09:46 AM