Security Vendor seeks simple guidance for creating integrations

[GenericVendor]

Hello all!

First, I apologize for the vague title, but honestly, I am a little lost in exactly what to ask.. 

I am a developer for a leading security company that specializes in anti-phishing efforts.  Over the years, we have created wonderful relationships with hosting providers, registrars, registries, telecom providers, etc. etc. etc.. and I am looking at how we can provide a more seamless integration between our impacted clients and "your" abused networks.

For the providers who have given us direct authority to terminate malicious content detected on their networks, we have reduced overall abuse by at least 30%, upwards of 70%.

However, what I just mentioned, the idea of us acting as an automated watch dog is a HUGE ask, and most are not comfortable giving us such authority - rightfully so, that's a whole lotta legal boundaries.

Instead, for everyone else, we find ourselves sometimes overwhelming them with incidents we detect on their networks.  We understand how difficult handling abuse can be, and sometimes due to your own policies, the necessary steps that must be taken before any action can be had.

 

SO.. with all of that said, I simply would like to create a 'suite' of plugins, for which a provide can integrate into their WHCMS panel.  For instance, the simplest, would be a UI the provider would be able to list their IP ranges as a configuration, and this would result in a live feed of active malicious websites seen on those networks.  Another, to allow said provide to mark X malicious URL as 'resolved', which would feed that information directly back to us.. 

 

The list goes on.  Suffice to say.. is the direction that I need to take `Addons` ?  Seems silly.. but I am versed in writing software that crawls millions of websites a day, not this stuff 😉

 

Thank you greatly in advance, and if you're so willing, I would love to hear any ideas that would make a fruitful integration between a company of my status and a provider such as yourself.

[Kian]

Hi,

Yes, an Addon module is what you need but the data flow of your solution is unclear to me. It looks like a sort of anti-virus where Provider X, Y and Z "ask" for the health status of their IPs on your solution. If I'm right, an Addon module would be a perfect solution.

First off you could retrieve IPa directly from WHMCS. In fact usually providers have all their servers listed in WHMCS eventually with additional IPs. Of course providers should be allowed to manually add/remove IP, but in the meantime you can save them a lot of time by importing all IPs that already exist on WHMCS. Eventually you could let them perform actions on each IP (eg. blacklist, whitelist, fly, sing, walk, die... I don't know 😀).

Once you have your IPs, you can connect your addon module with your server via API/WebService to do your stuff. Probably it should work automatically with the cron job of WHMCS (daily, hourly, weekly... choose one) and also on demand with a "Check now" button. Lastly you can teach your addon module to perform actions based on response received via API (eg. API: "Hey, 123.123.123.123 IP is spamming from example.com!", Addon: "Roger, I'm going to suspend example.com and send and email to its owner with a beautiful 🖕").