HostExploit.com 


WHETHER IT IS; SPAM, MALWARE, PHISHING, AD-WARE, SPYWARE OR OTHER EXPLOITS, THEY ARE ALL HOSTED SOMEWHERE. 'HOSTEXPLOIT' PROVIDES ONGOING LISTS, BLOCKING RULES, AND EXPOSURE. 

IF YOU ARE ONE OF THE HOSTS EXPOSED AND FEEL OUR ATTENTION IS UNFAIR? THEN WE WOULD WELCOME HEARING FROM YOU AND TO REMOVE YOU FROM OUR LISTS.  – THIS IS A COMMUNITY EFFORT – CONTACT HOSTEXPLOIT(at)GMAIL.COM

 

HostExploit – ‘A call to arms’

Why another Internet security blog and more ‘black hole’ lists?

It has become increasingly apparent the malware, spam, phishing and other BadWare distributors are now engaged in automated domain generation, 100’s to 1,000’s per week, which is proving a serious difficulty for major domain / IP ‘blocklist’ and ‘blacklist’ providers to simply keep up . Added to this we now have; iFrame attacks via web portals, several major international web hosts with 1,000’s of their innocent and money paying clients having hacked and infectious (to web surfers) web sites, DDos (distributed denial of service), polymorphic malware that many anti-virus / spyware / malware solutions are unable to detect, and millions of PC users being directed to rogue and fake web sites.  Finally we have the rise of the Botnets, anonymously managed fast and double-flux (ever changing IP addresses) control of 1,000’s of infected zombie PCs.

We now believe the general situation on the Internet calls for an alternative and added open source approach to deal with this head on, i.e. the web hosts and Internet carriers. Every one of the IP’s, web sites or domains are hosted or carried by someone, we feel it is time to break the taboo and name, list and expose the ones that host the malware that infects us all.  This approach is not to replace existing methods, but we hope it will add to the security community’s and PC user’s array of possible tools to reduce the threat. 

 

HostExploit – Who?  

This blog and associated list(s) is edited by Jart Armin and Jim McQuaid, however the research is provided by a wider volunteer group, some of whom would rather remain anonymous, due to their other professional Internet activities.  All those involved are web professionals within; web hosting, server management, DNS (Domain Name System), Internet security, and IDS (Intrusion Detection Systems).  

 

HostExploit – Who is this for?

You, i.e. any PC user, webmaster, ISP (Internet Service Provider) or web host, who wants to reduce the threat of infection or exploitation. Where necessary or possible all topics and articles will contain added information to illuminate and educate.      

 

HostExploit – What to expect?  

·         Bad Host Lists – these will be in several formats for users to apply for themselves or distribute freely.  These lists will initially focus on the (b) and (c) categories (see below) can be used to black hole, block or just for general awareness.

HostExploit -Specific bad host exposures 

On a regular basis there will be articles exposing a specific host and providing detailed and where possible quantification with a historical background.

 

HostExploit - Bad Host categorization 

Host or AS (autonomous server) issue comes down to a certain level of semantics and initially crude differentiation – so we will commence with an ‘a b c’ method:


(a) Hosts / Servers / AS of 'infected sites' = - i.e. infected or hacked sites / domains which have bad exploit code, infected iFrame, SQL injections,  XSS exploits, etc.  to exploit visitors.

(b) Hosts / Servers / AS of 'user infector sites' =  i.e. where the malware and rogues are located and more often than not, users are directed to from infections on sites within (a)

(c) Hosts / Servers / AS of 'user receptor sites'  = The ultimately very bad  =   including the so called "the bullet proof servers" masked by the botnets to; receive, trade, pay affiliates, warez, etc. etc. - from (b); stolen IDs, credit cards, bank phishing info, for (a)  to pay partners and affiliates to infect the web sites. Also for DDos Botnet C&C (command and control) actions.

HostExploit - To Inform and educate? 

Articles will attempt to help explain the processes and terminology involved.    

 

HostExploit – Want to help or have your say?

This is an open source ‘non-profit’ volunteer group and we welcome help, input or feedback. However for security reasons there is no allowance for onsite comments so email HostExploit (at) gmail.com. It is likely input would be within the following:

  • To keep informed or pass on the information? – sign up for a ‘Feedburner’ feed and then you will be informed about new articles. Feel free to pass on articles and the list(s), publish in your blog or magazine or newspaper, under a ‘Creative Commons License’, obviously it is courteous to show hostexploit.com as a reference.
  • Have information we may have missed or a new exposure? – email us.
  • Web Host / Server / AS, and feel any information or inclusion within the list(s) is in error? – Please email us and say where we are wrong, our objective is to reduce such a list and we will be delighted to explain the error or demonstrate you have cleaned up your act.

 

The Blog and Lists

Hostexploit Blog Articles 

RBN IPs List a01 (txt file) 

Top25_list_001_0408.csv

Top25_001_0408.jpg

IPRangesTop25BadHosts.txt 

 

Security Links

RBNexploit 

Emerging Threats