Block China IP's in IIS with one click
Updated 7/7/2008 - See Updates area below
I've written a small app that allows IIS sites to block Chinese and Korean web sites with just a couple clicks. It's called IISIP and is found here.
Unfortunately up to 80% of spam and server attacks come servers outside the US. Even though ASP.Net blocks a most attempts, it still clutters up your event logs with tons of junk that makes it harder to see real site errors.
I know of no other free way to do this so easily which is why I wrote the app. If you try to do this yourself you run into the following problems:
- A lot of sample code is out there to program IIS, but hardly any of it is built into a ready to run tool. Using these bits of sample code is a pain and requires integration time and often fixing someone else's glitches. IISIP is ready to run, 32-bit and 64-bit Windows.
- Even if you have a tool to bulk block IPs, it takes time to build your own block list. What's needed is integration of known block list INTO the app so everything you need is in one place. Thankfully sites like okean.com are maintaining such lists, and I've integrated them into the app.
- A final requirement to make this process easy is the ability to support dynamic and local "IP feeds". For example rather than hardcoding the lists into the app, the latest versions are automatically downloaded. You can also add other feeds by dropping an .xml file into the IPFeeds folder. So if you have your own lists built ISSIP can use them.
I'd appreciate any feedback - The app works well for me but it is new so if you want to be super safe you can backup your metabase first.
Updates: 7/7/2008 Version 0.88
- Enhanced IPFeed parsing to handle ranges of IPs, many were being missed
- Added Link to IP Geographic Locator
- Added more detail to status while work is being done
- Better error checking for IPFeeds
- Minor UI tweaks
The link for "ISSIP Source Code for VS2008" is wrong
Posted by: Christian Paparelli | June 01, 2008 at 12:43 AM
>>The link for "ISSIP Source Code for VS2008" is wrong
Thanks it's now fixed.
Lee
Posted by: staff | June 01, 2008 at 06:49 AM
Hi, testing your software out but it doesnt appear to work. I've made some lists myself and added a single IP but I can still access the website from that IP address. Do you have any more info on how to get this work. Do I need to start the software and restart the IIS services for this to work... what?
Thanks
Bill
Posted by: Bill Collins | June 04, 2008 at 04:48 AM
Hi Bill,
It's definitely working here and you do not need to restart IIS. Could you please let me know:
1) After you block IPs, then exit the app (IISIP), the restart the app, do the blocked IPs still show up? (to make sure they are being saved)
2) In IIS Manager (inetmgr.exe), select the same site that shows blocked IPs in IISIP, and the select "Properties" on that site. Click the tab "Directory Security". Then find "IP address and domain restrictions" and click Edit. Do you see the IPs that you blocked with the blocker app?
regards,
lee
Posted by: staff | June 04, 2008 at 07:29 AM
Thanks for posting a reply. Yes they do appear, I need to check your second point though. Which I will do when I next get access to the server.
Also I have posted a link to your software in a forum I use, might be worth logging onto it yourself. Also easier to communicate!
http://forums.overclockers.co.uk/showthread.php?p=11821829#post11821829
Posted by: Bill Collins | June 04, 2008 at 08:58 AM
Hi Again,
Ok I have installed the new version already. Now heres the problem. when I add the blocked IP address's to IISIP for the IIS Root, they appear in the directory security options in IIS manager for the Folder 'Websites' BUT if I add the IP address's for anything else, they do not appear in that option in IIS manager for that site.
?
Thanks in advance Bill
Posted by: Bill Collins | June 04, 2008 at 09:39 AM
Bill, version 0.84 has now been posted, and I think this might help the issue you were seeing.
If you get a chance to try it let me know.
Thanks,
Lee
Version 0.84:
http://www.hdgreetings.com/ecards/block-ip-iis
Posted by: staff | June 10, 2008 at 08:57 PM
Hi
I just downloaded your app and must say i´m satisfied!
GREAT WORK
/Lennart
Sweden
Posted by: Lennart | June 26, 2008 at 07:44 AM
Thanks Lennart great to hear!
regards,
lee
Posted by: staff | June 26, 2008 at 09:02 AM
Lee,
This is a great utility.
However, I needed to block IP lists at the virtual directory level, so I revised GetWebSites() in IISMetaBase.cs to iterate through every DirectoryEntry in the ROOT folder of a website's folder.
Please provide a method for me to send you the updated source code, as others may also find this useful.
Thanks,
Ben
Posted by: Ben | July 02, 2008 at 11:28 AM
I was very excited when I found this tool, but I'm not sure if its working correct for me. I am able to run it, add the CHina group and the changes are shown in IIS afterwards.
But it only adds single ip's to the IIS directory security, should it not be adding the ranges or "group of computers"? The 'IPData-Okean China.txt' file has the ranges in it, but the IISIP tool one addes the single start ips.
Example line from txt file = 58.14.0.0 - 58.25.255.255 China
added to IIS is only single ip 58.14.0.0
that isn't going to block much at all, let alone all of china... AM I missing something?
Posted by: Trevor | July 04, 2008 at 01:52 PM
Hi Ben, that sounds like a great update.
If you send it to me I'll integrate it into the app and post the updated source code. My email is lwhitney hdgreetings com
Thanks,
Lee
Posted by: staff | July 05, 2008 at 08:22 AM
@Trevor:
You are right - I was not blocking the entire range of IPs listed in the Feed. Thanks for the report!
This has now been fixed and an updated version is ready.
Now with the built in lists over 51,000 IPs are blocked, and most of these include a wildcard for the last octet meaning one entry represents 255 IPs. That means effectively over 10 million IPs are blocked.
The list will remain high quality and ONLY contain systems in China, Korea, or those that have made a clear attack on a server.
Regards,
Lee
Posted by: staff | July 07, 2008 at 11:11 AM
@Lee
Thanks for the response, I downloaded the updated version and it now lists 38,523 blocked ip in IISIP, but looking at the 'directory security' in IIS it still only lists 'single computer' where I think it should be 'group of computers'.
It is updating the list in IIS fine, I don't even have to restart anything, the change is instantaneous.
I am applying the 'Okean China' group to 'IIS Root'.
Posted by: Trevor | July 07, 2008 at 04:08 PM
Hi Lee, congratulations on developing an excellent IIS utility. I've been looking for something like this to help reduce the hacking attempts that our servers experience.
A couple of features I'd love to see in future versions if you have time:
- Alphabetical sorting of the IIS Sites by name. We have quite a few sites installed on one server and it's time consuming finding each one in the list.
- A service that automatically updated the blocked IP list every day or so (nice to have).
Thanks, Owen
Posted by: Owen | July 07, 2008 at 08:40 PM
Lee,
Great tool, had previously been blocking using asp but not at the iis level. One tiny change would make it perfect.
If the program could check the size of the selected iplist every few minutes and if the iplist has changed it refreshs the metabase with the new data.
I would mean that we could create a simple webpage that updates remote feeds and the iis system is updated as an when needed.
Great tool, a few little tweaks such as a web front end to update the iplists and the periodic updating would make the system very useful, im sure there would be a few donations..
THanks
Posted by: Lee | July 09, 2008 at 09:18 AM
a suggestion and a question...
how about adding bogon IP addresses to your list of downloaded IP ranges to block.
a bit of a twist on the concept - but could this great little app be used to prevent connections to Exchange servers too? something like this that could prevent connections to the Exchange smtp server would be a great addition to SMB freeware utilities for fighting spam.
Posted by: Brian | July 10, 2008 at 08:32 AM
Hi,
Thanks for throwing together such a useful app.
For some reason though IP's aren't being populated in the deny list in IIS. We have two sites, one of which populates the IP block list in Directory Security but our main website for the life of me can't figure out why it's not populating. Could it be some kind of permissions issue?? I can manually go into IIS Directory Security and add to the deny list and that works but IISIP doesn't??
Thanks in advance
Kris L
Canada
Posted by: Kris L | July 13, 2008 at 01:09 PM
Hello,
I send 2 emails yesterday as I can't get the program to work. I will be very gratefull if someone could tell me why. When I click in exe. I get the message unknown error (0x80005000) then the program open but I'm able to use only the scan the rest does not work.
So it will be great if someone could solve my problem.
Thank you
Catherine
Posted by: catherine | July 17, 2008 at 04:15 AM
The program is something we've been looking for, but I think it can be improved.
In IIS6, there is an option to block a range just by selecting an IP and subnet like 38.98.x.x and 255.255.0.0 instead of adding 65,000 IP's to the metabase
It would be great if IISIP could handle adding just the range without all the IP's
The next problem we experience is:
1)IP range such as 38.98.0.0 to 38.98.254.254 is already denied in IIS
2)Use IISIP to add IP's to metabase
3)38.98.X.X range now turns into just ONE IP 38.98.0.0
So, IISIP is not handling IIS way of blocking IP range that is already denied
Posted by: bigbangtech | July 28, 2008 at 08:44 AM
Great App. Was easy to install and immediately propagated to the subwebs.
Posted by: Mark Stevens | July 28, 2008 at 10:16 PM
This is very slick. Would be nice if this was "whitelist" rather than a "blacklist" that way you could just open up the US IP space.
It would be nice if this address ranges using the subnet mask. Overall very cool, one of the best solutions I have seen so far.
Posted by: Todd | July 30, 2008 at 02:00 PM
Is it possible to schedule automatic update of the lists? I've created my own listed that is update frequently but I don't wanna lose my time updating it every 12h
Posted by: Tommy | August 06, 2008 at 06:14 AM
It doesn't appear to work on windows 2003 sbs r2. OS is blocking exe because it thinks it could be harmful. Is there a setting I should use or does the exe run on sbs 2k3?
Posted by: prumery | September 29, 2008 at 01:46 PM
I have modified and tested your program to allow the user to block ip address for the windows XP FTP server service; which you cannot do via the computer manager control panel applet.
Do you want the update???
Logie
Posted by: Logie Urquhart | September 30, 2008 at 09:21 AM