Results 1 to 9 of 9
  1. #1
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    2,419
    Blocking sites at a server level
    Does anybody know how to do this.

    I get a report everyday of access attempts from unatorized ip's trying to access my server and they are almost always from overseas "Asia Pacific Network" such as :

    Failed logins from these:
    admin/password from 61.233.84.104: 5 Time(s)
    guest/password from 61.233.84.104: 3 Time(s)
    jordan/password from 221.115.123.27: 10 Time(s)
    root/password from 61.233.84.104: 5 Time(s)
    test/password from 61.233.84.104: 8 Time(s)
    user/password from 61.233.84.104: 2 Time(s)

    **Unmatched Entries**
    Illegal user test from 61.233.84.104
    Illegal user test from 61.233.84.104
    Illegal user test from 61.233.84.104
    Illegal user test from 61.233.84.104
    Illegal user test from 61.233.84.104
    Illegal user test from 61.233.84.104
    Illegal user test from 61.233.84.104
    Illegal user guest from 61.233.84.104
    Illegal user guest from 61.233.84.104
    Illegal user guest from 61.233.84.104
    Illegal user admin from 61.233.84.104
    Illegal user admin from 61.233.84.104
    Illegal user admin from 61.233.84.104
    Illegal user admin from 61.233.84.104
    Illegal user admin from 61.233.84.104
    Illegal user user from 61.233.84.104
    Illegal user user from 61.233.84.104
    Illegal user test from 61.233.84.104
    Illegal user jordan from 221.115.123.27
    Illegal user jordan from 221.115.123.27
    Illegal user jordan from 221.115.123.27
    Illegal user jordan from 221.115.123.27
    Illegal user jordan from 221.115.123.27
    Illegal user jordan from 221.115.123.27
    Illegal user jordan from 221.115.123.27
    Illegal user jordan from 221.115.123.27
    Illegal user jordan from 221.115.123.27
    Illegal user jordan from 221.115.123.27

    I've done massive IPDenys on most of the domains on this server yet such as 61*, 221* ..., but I still get the damn messages. Is there a way I can IPDeny from the servers WHM? If it is I don't see it. I only see IPDeny available at the domain levels in cpanel.

    On some days the amount of attemps to hack are unbelievable and it irks me to no end that they are using my server resources trying to break in.

    Any info on blocking these turds at the server level sure would be appreciated.

  2. #2
    Crazy Cat Lady Heidi's Avatar
    Join Date
    January 18th, 2005
    Location
    Rochester, NY
    Posts
    1,685
    Looks like you got the same list of ips there that try to hack my server also - let me know if you find a solution to this.
    Heidi
    "Happy are those who dream dreams and are willing to pay the price to make them come true"

  3. #3
    Full Member
    Join Date
    January 18th, 2005
    Posts
    373
    I think it's best if you have a dedicated server to have a software firewall installed like iptables. With iptables it's relatively easy to block access for certain ips. It's best to let your host install and configure iptables. They probably ask a fee ($50-$100?) for this but I think it's worth it, as it often is more expensive when the server gets hacked.

  4. #4
    I like traffic lights
    Join Date
    January 18th, 2005
    Location
    Southern hemisphere - away from Fukushima
    Posts
    2,936
    Install logcheck and portsentry on your dedicated server.

  5. #5
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    If you really want to cut out all traffic from Asia Pacific, it's fairly easy: block all IPs beginning with 58.-61., 202.-203., 210.-211., 218.-222.

    You can also block the whole of South America with IPs beginning 200.-201.

    Note that although it's pretty easy to block by continent, blocking by individual country (e.g. Nigeria) is much harder because the IP addresses aren't so neatly arranged.

    One caveat here.. if you block AsiaPac, then you'll not get any inbound links from those countries on forums and things.
    Innovative advertising with Slimeware Corporation and Telephore. Mail-order fuel with Petrol Direct.

  6. #6
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    2,419
    OK An update for others who also have this issue. I talked with the provider of my server and explained the issue to them. These attempts to access the server are being done via ssh and most often programtically.

    They suggested to basically close down ssh to anyone not in my isps - ip range. I dont have a static ip but my isp does alway issue from lets say "just as an example" 99.whatever.

    As stated earlier the IPDeny's on these folks didn't do squat and I guess that's because they were coming in with ssh not via a browser. They've assumed me that this will correct the problem.

  7. #7
    Crazy Cat Lady Heidi's Avatar
    Join Date
    January 18th, 2005
    Location
    Rochester, NY
    Posts
    1,685
    so how do you close down ssh to anyone not in your isp's range? I have SSH shut off on all the sites I own, but I can still log in as root of course - so if they manage to hack that password, I'd be sunk.
    Heidi
    "Happy are those who dream dreams and are willing to pay the price to make them come true"

  8. #8
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    2,419
    My server provider made the change for me so I have no idea exactly what they did.

  9. #9
    Crazy Cat Lady Heidi's Avatar
    Join Date
    January 18th, 2005
    Location
    Rochester, NY
    Posts
    1,685
    ok thanks, I'll ask mine to change it
    Heidi
    "Happy are those who dream dreams and are willing to pay the price to make them come true"

  10. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Ongoing struggle with all sites (on the same server)
    By teezone in forum Search Engine Optimization
    Replies: 13
    Last Post: September 6th, 2012, 02:09 PM
  2. Help! New Computer blocking sites - Kaspersky?
    By Tracy in forum Midnight Cafe'
    Replies: 0
    Last Post: March 5th, 2008, 12:15 AM
  3. Blocking access to all proxy sites?
    By ~Michelle in forum Virtual Family and Off-Topic
    Replies: 12
    Last Post: February 27th, 2007, 03:41 PM
  4. Multiple AE Sites on Same Server
    By egraham in forum Cusimano.com Scripts
    Replies: 1
    Last Post: September 27th, 2004, 11:41 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •