Herself's Webtools

Way back yonder when spam first started to appear on the internet, long before filter programs, the first thing everyone did was use a white list.

A white list let in all the email by people you knew and dumped everything else in the trash can. It totally kept out spam. It also kept out anyone whose email address had changed or that you hadn’t yet met since those addresses weren’t yet on your white list.

So white listing fell away and blacklisting came to be in the world of email. Now everything wound up in your in box except what you had told your email program not to let in. This too works but you have to get a bad email first to know what to block. So it took time to build up rules that kept most bad things out. And those rules lists could get awfully long.

Most security programs on your computer work the same way. Some things get white listed, some things get blacklisted. Too much white listing keeps good things out, too little blacklisting lets bad things in.

The security plugins I just wrote for WP work on black lists. You need to tell it what not to let in. As time goes on and new problems appear, the black list needs to be updated to reflect new threats. This is what your home anti-virus software is doing when it is updating daily.

Black listing has improved with centralized black listing. This allows us all to compare black lists, blacklisting is more accurate and much faster this way. [ Spamhaus, Stop Forum Spam, Emerging Threats, rules ]

White listing is slowly coming to the internet. I expect before too much time goes by you will have a master login that lets everyone know you are a good guy. We have fought for anonymity on the internet long and hard. but unless we can come up with something better than white and black lists it may not be a choice.

Lots of people have asked how to white list some ip numbers on the ttc-security-plugin. I strongly recommend you adjust your blocked settings rather than a use a white list. But If you want a white list here is how you do it.

Open a copy of your ttc-security.php file and find this section:

// don't ban ourselves....
if ( $http_local_addr == $http_remote_addr ){
$blacklisted = 0;
}


Right underneath that is where your white list will go. I’ve white listed 3 ip addresses 127.0.0.1, 127.0.0.2, 127.0.0.3 here.

/// White list of known good guys
///-----------------------------------------------------------------------------------------------------------


if ( “127.0.0.1″ == $http_remote_addr ){
$blacklisted = 0;
}else if ( “127.0.0.2″ == $http_remote_addr ){
$blacklisted = 0;
}else if ( “127.0.0.3″ == $http_remote_addr ){
$blacklisted = 0;
}
///———————————————————————————————————–

You just need to change the 127.0.0.1, 127.0.0.2, 127.0.0.3 to the addresses you want to white list. You can just add more
else if ( "127.0.0.3" == $http_remote_addr ){
$blacklisted = 0;
}

if you need to white list more ips. This is the fastest way I know to do this. Before white listing any ips be sure to go to Whois and verify they are who you think they claim to be.