Monday, 30 March 2009

The recent Chinese cyber hack and what you can do for protection!

As many of you will be fully aware of right now, the Chinese have been hacking various sources around cyberspace for awhile now including the Dalai Lama.

This is potentially very disturbing news for everyone who uses the internet and something that could become worse as times goes on with further nations jumping on the bandwagon.

Various nations already 'watch' and keep tabs on whats going on in cyberspace but its done in a more legal manner and one doesnt mind as much because these are our own people who are merely doing so to keep watch for potentially very dangerous things.

Google keeps logs of all its visitors and what they do on it etc and has a cookie that is placed in the user's machine that doesnt expire until 2038.

Its being done by Google for good reasons such as to catch evil people who want to harm others and use Google for search purposes such as 'How to make x into y' when x is potentially the ingredient for y to become very dangerous in the open.

Google can than be a valuable resource for the law and gouvernment in tracking such scum down and nailing them down ... we should all embrace this not as big brother watching us but big brother takeing care of us, because so long your not abusing the internet or anthing/anyone on it than you need not worry about Google's huge database gathering data on you.

Okay, so why do I mention Google in this thread? because some may think about them in regard to the China cyber hacks and that what they are doing is no different and the west with their own people like that FBI spyware software they can have installed onto a computer and watch whats going on.

I'm not against the FBI doing this but applaud them as it's saved lives, so why anyone would moan about this is beyond me.

What China is doing is VERY different because China has NO RIGHTS whatsoever to hack into other countries cyberspace and is doing so one would assume for its own benefit and not for the safety and protection of the people in that nation and who knows how many innocent people could have been hit aswell and buisnesses could be next on the list in a future attack a report outlines.

So how does one try to protect themselves against all this?

Well it seems that various security groups and individuals around cyberspace all think the same ... that the Chinese cyberspace should be blocked from connecting to users machines ... in other words stopping them from connecting to you full stop not just via websites but anything that uses cyberspace to communicate on.

I have obtained a list of everysingle IP range in China and converted this list into a format to use in a FREE IP blocker known as PeerGuardian.

This software essentially blocks ALL connections from hitting your computer that you specify and once you add the Chinese list to it than no one from China on the Chinese cyberspace can get you unless they use proxy's .... they can also all be blocked and I have a list for those also for another time.

You dont have to use PeerGuardian if you dont like and may opt for another free ip blocker known as ProtoWall which is just as good but I'm more familier with PG.

If you dont want to use IP blocking software than you can also convert it to various firewalls such as Blackice, Blockpost for Outpost, IP Chains, Shoreline firewall, Smoothwall express, Snort, Sygate, Trusty and Zone Alarm pro version 4.

The list can also be converted to work inside the various p2p software such as Shareaza.

A htaccess version is also available and will be supplied on request basis.

All these formats with the exception of the htaccess can be done using yet another free tool called the BlockList Manager

This piece of kit will import the list I have made and allow you to convert it into another format, such as the ones I have been talking about.

Please let me know if you have troubles with it and need help.

Right, so thats that. You know about the list of all of China's cyberspace for blocking and what software you can use to have this effect but how do you setup PeerGuardian and I assume most of you will use that as the lists I have on here are in the format ready for use with it.

Well download PeerGaurdian and install her on your computer. Once done you simply follow some simple guidelines. PG comes with the benefit of having access to various blocklists around the net incl but not limited to education ranges, spyware, hijacked ranges and those provided by DShield too.

You can opt to have these lists incl in the blocking if you like, its your choice. Sometimes you may notice various websites not working properly especially if you use the spider list which I do not advise you do because its more for webmasters not wanting search engines crawling their site, otherwise you will be blocking yourself from going to Google and Yahoo etc etc.

If you do notice any regular websites you were visiting become blocked than you can easily unblock them in the application bu right clicking the IP in the user interface and going from that.

Think before you do allow it though as that site you really liked could have been a dangerous one and one you may now be protected from, such as trojans and spyware being sent to your computer from some malicious group.

Now that you have sorted PeerGuardian out we can move on to importing the Chinese file I have for you, and if you are stuck than please read the very helpful documentation here and get PG setup.

Make a note of where the Chinese blocklist is saved on your computer and once PG is running smoothly go to its main screen and locate the 'List Manager' tab and click it.

Once inside here you will see various lists if any have been added. Locate the 'add' tab near the bottom and click it.

In here its fairly simple. Write a description of what the file is, which is a cyberspace blocklist for China but also includs Korea aswell because lots of spamming, trojans and other nasties also come from Korean networks. So you dont just have all of China blocked but also all of Korea ... sorry I forgot to mention that in the earlier portion of the post.

So in the description, call it what you may. Locate the 'add file' tab and than browse for the file on your machine. Once located simply click it and the address will appear in that empty field.

By default the list will be set to block, but double check by looking to the bottom left as it will say type and than block or allow underneath .. clock block [Doesnt need pointing out haha].

Its a very simple case of clicking ok and exiting the screen back to the main PG menu. Now you will notice a list building as a bar goes across the screen in blue. The ranges are being loaded into the memory for use in the application.

Once that has finished you are DONE ... protected from China & Korean cyberspace on all fronts.

You can go further and add a filter with all this data in for your e-mail server if you have one. I dont have one and its more for webmasters who get hit allot from the region.

Really the sky is the limit what you can do with these lists and with what software or hardware. Its just now a matter of converting it to the relavant format for use in that application which the blocklist manager does rather well indeed but if you cannot find the format you need please post here what format you need and I will do a scout around and see what I can do.

Have PeerGuardian load everytime your machine does and your protected than all the time. When you surf and use the various applications you do a times blocks will appear in PG and you can see what IP address this has come from.

Doesnt mean that the IP blocked is bad, some are good but we cant filter out the good from the bad so blocking the whole nation seems rather speedier as from my experience most of the worlds viruses, worms and trojans come from China & Korea because of POORLY maintained and patched networks.

So thats it. In future posts I will discuss further about security such as useing the hosts file in windows to block ads and other crap like spyware from hitting your machine and locking that file so sites cant modift it, so they have your browser return to them eachtime you load.

I'll also talk further about the blocklist manager and peerguardian but also other various strong security freeware that will protect you on the net and an encryptian application that works on the fly to encrypt your entire operating system and HD if you so wish!

With all that and more blocklists including a Russian and Cambodian one, it will be busy around here.

Hope you find this helpful

The link to download the blocklist is here and is all setup ready for use with PeerGuardian but the download wont start until after approx 45 seconds as its hosted on a free public server.

No comments: