Apf To Block An IP Address

Apr 29, 2008

I have blocked this IP 125.115.144.28

/etc/apf/apf -d 125.115.144.28

But

netstat -anp|grep tcp|awk '{print $5}'| cut -d : -f1 | sort | uniq -c | sort -n

It still showing

202 125.115.144.28

Why?

Is it supposed to blocked right away, or need some time to get blocked.

When I checked /etc/apf/deny_hosts.rules

The IP is in the file.

View 12 Replies


ADVERTISEMENT

How To Block All Emails From A Certain Address

Apr 14, 2008

I am receiving around 7.000 emails from different sources with the subject “Undelivered Mail Returned to Sender” or similar.

It seems someone is using an alias to my email address to send huge amounts of spam. I have checked the mail queue in WHM and the emails are not there. I have turned on the SMTP Tweak in security center, but that doesn’t seem to work.

I have no idea if this person is using my server to send massive amounts of spam,

What I have noticed is that most emails return to msxf@mydomain.com so is there a way to block this?

View 10 Replies View Related

DoS :: Block IP Address Automatically

May 4, 2008

I manage a website which runs on the cpanel/whm interface and was wondering if there was anything my host could do to prevent DoS attacks on the server...at the moment we are having huge DoS attacks on our website therefore taking the whole website down for quite long periods of time.

My host just seems to be manually blocking the DoS'ers IP's manually but this is just too tedious and not efficient enough.

Is there any program for example that he can install which will block andy ip which sends a certain amount of requests within a given time period?

View 3 Replies View Related

I Want To Block IP Address Of Ddos Like Behavior

Oct 18, 2009

Like exceeding 60 connections per minute same IP = automatically blocked.
How do I set it up?

View 4 Replies View Related

Block My Own Email Address To Receive Spam

Jun 11, 2008

I have configured qmail+spamassassin. It working find but still I have 2 problem. I am receiving spam mails from my own account to my own account e.g. from=info@domain.com to info@domain.com. How can I block this spam?

View 2 Replies View Related

Plesk 11.x / Linux :: How To Block Mail From Specific Address

May 19, 2014

I'm trying to use spamfilter to block mail from specific address, adding this e-mail to spamfilter in mail account settings, but it doesn't work. In logs I see:

spamc[13430]: skipped message, greater than max message size (256000 bytes).

View 8 Replies View Related

Apache :: How To Use Virtual Host IP Address In Request To Remote Address

Feb 6, 2015

My customer has an external facing Apache server that is acting as a reverse proxy to two internal applications. They have:

- external addresses for each app which resolve to different ip addresses, so app1.their_domain.com and app2.their_domain.com resolve to 77.3.170.10 and 77.3.170.11 respectively.
- the Apache server has two network interfaces with ip addresses 192.168.10.10 and 192.168.10.11
- the external ip addresses resolve to the above internal addresses
- the firewall between the Apache server and the internal app servers is configured to allow traffic from 192.168.10.10 to reach app_server1, and traffic from 192.168.10.11 to reach app_server2, both using port 7777.

I have configured a virtual host in httpd.conf for each ip, i.e.

Code:

<VirtualHost 192.168.10.10:80>
...
ProxyPass /app http://app_server1:7777/app
ProxyPassReverse /app http://app_server1:7777/app
RewriteRule ^/$ /app/app1 [R,L]
...
<VirtualHost>

and

Code:

<VirtualHost 192.168.10.11:80>
...
ProxyPass /app http://app_server2:7777/app
ProxyPassReverse /app http://app_server2:7777/app
RewriteRule ^/$ /app/app2 [R,L]
...
<VirtualHost>

This works fine in that the external address are being routed to the correct application, however the firewall is blocking requests to the second app as it appears the requests are coming from the Apache servers 'primary' ip address 192.168.10.10 instead of 192.168.10.11.

Is it possible to send requests using the ip address from the relevant VirtualHost?

Windows server 2008
Apache 2.2

View 1 Replies View Related

Virtuozzo Firewall :: Is It Possible To Enter Two Different Ip Address In Source Address?

Aug 4, 2008

I am using virtuozzo firewall to secure access.

I enter 58.27.175.211/255.255.255.0 for Source Address and Netmask for port 22.

But still I can connect using 58.181.103.217 or 58.27.151.120.

Second is it possible to enter two different ip address in source address?

View 4 Replies View Related

How Do I Setup A New Ip Address As My Server's Main Ip Address

Jul 26, 2007

I just bought a new ip address and want to setup this new ip as my server's main ip, making the 'existing main ip' as the secondary ip.

Which means, this new ip will be the server's default ip address for all services, including when connecting to other server.

I'm using CentOs 4.5 and swsoft's panels: HSPcomplete & Virtuozzo Power Panel, and Webmin.

View 1 Replies View Related

URL Redirection Without Changing The Address In The Address Bar

Nov 8, 2007

I want to redirect a website to a particular URL so that the address bar shows the same URL and not the destination URL. I know it is possible via URL masking, however, I want it in such a way that whenever somebody clicks on any link in the website, the address bar should still show the original URL. To put it in simple words, Suppose I want to redirect [url] to [url]. Now if there is a link named contact/index.htm and somebody clicks on it the address bar should display [url]and not redirect to [url]

How can it be possible using URL Rewrite method in .htaccess file?

View 2 Replies View Related

98)Address Already In Use: Make_sock: Could Not Bind To Address [::]:443

Aug 4, 2007

The problem usually goes like this:

- I can't access the webserver
- I'll try to restart httpd, and I'll get

Starting httpd: (98)Address already in use: make_sock: could not bind to address [::]:443

To fix this, I run

[root@www1 ~]# lsof -i tcp:443
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
perl 11307 apache 4u IPv6 476943447 TCP *:https (LISTEN)

There is always leftover process that is causing the restart to fail. Once i force kill the process, I am able to restart httpd properly.

Now it is ok if this just occurs once in a while, but this problem keeps repeating itself almost everyday at 4am server time (cron time?). What can I do to permanently fix this?

View 5 Replies View Related

Way To Block IP

Jul 8, 2009

I am curious, what is the best way to ban certain IP from accessing server? I have software firewall (APF) and there is, of course, /etc/hosts.deny.

Which is the most efficient? I've read that software firewall becomes unstable after so many entries. Does the same apply to /etc/hosts.deny file?

Or is there a better way altogether?

View 7 Replies View Related

How To Block IP

Jun 8, 2009

some Chinese forums hotlinking images from my site and I even delete those images they keep sending me huge amount of http requests to my hosting server and eating 800mb of memory and upto 1GB cause server crash

I tried to block incoming referrer traffic from those sites using htaccess but it didn't work , I still see their http request on my server logs and memory keep goes high , am not sure my code is the right

how can I block these http request from these domains , what is the right htaccess code , I use DirectAdmin panel by the way

View 7 Replies View Related

Block IP, How To

May 16, 2007

Can any one let me know how to block a range IP on SSH?

Eg: i'd like to block all IP: 67.63.123.xxx

View 5 Replies View Related

How To Block A Block Of IP'S

Jan 9, 2007

I'm currently experiencing a lot of IP's starting with 200 and 201 (from Brazil) some IP’s have over 200 connections. I have APF installed and want to know how to block a block on ip's if this is possible.
IPS:
200.11.*******
201.*******

View 3 Replies View Related

How To Block All Other IP And Allow Certain IP Using APF

Apr 27, 2007

I have DDos Attack right now so I want to block all the IP from all over the world and just allow certain IP range.

How to do it using APF or any other way.

For example I want to block everything but Germany IP

Code:
53.0.0.0/8
62.4.64.0/19
62.8.32.0/19
62.8.128.0/17
62.24.0.0/19
62.26.0.0/15
62.40.0.0/19
62.44.32.0/19
62.48.64.0/19
62.50.32.0/19
62.50.96.0/19
62.50.192.0/18
62.52.0.0/14
62.61.32.0/19
62.68.0.0/19
62.72.0.0/18
62.72.64.0/19
62.75.128.0/17
62.78.64.0/20
62.80.0.0/18
62.80.96.0/19
62.89.160.0/19
62.91.0.0/16
62.93.192.0/18
62.95.128.0/18
62.104.0.0/16
62.109.64.0/18
62.109.128.0/19
62.111.0.0/17
62.112.32.0/19
62.112.64.0/19
62.112.128.0/19
62.116.128.0/18
62.117.0.0/19
62.128.0.0/19
62.128.160.0/19
62.133.0.0/19
62.138.0.0/16
62.141.32.0/19
62.141.160.0/19
62.145.0.0/19
62.143.0.0/16
62.144.0.0/16
62.146.0.0/16
62.152.0.0/19
62.152.160.0/19
62.153.0.0/16
62.154.0.0/15
62.156.0.0/14
62.165.0.0/19
62.168.192.0/19
62.169.0.0/19
62.176.128.0/19

View 2 Replies View Related

To Block IP

Apr 15, 2007

how can i block to access to some IP?

for examaple scripts in my hosts can not access to some IPs i want

View 6 Replies View Related

How To Tell Fortigate Not To Block My VPS IP

May 5, 2009

Fortigate appliances blocking an IP that is not in RBLs I have a problem with the IP 66.187.108.157 of my VPS it seems to be blocked by Fortigate appliances, as you can see in this error message:

SMTP error from remote mail server after RCPT TO:[url] host mail.am.com.pe [200.62.221.107]: 554 5.7.1 This message has been

blocked because it is from a FortiGuard - AntiSpam black IP address.(connection black ip 66.187.108.157)

However I have searched in this URL [url]and it is clean.

Any ideas on how to have/force Fortigate databases to become updated.

View 1 Replies View Related

Block Spam

May 12, 2009

I'm having difficulties with a whm running on centos dedicated server. The problem is that we receive too much of spam and junk emails. by too much I mean 2000 bulks per week. It's killing us.

how I can stop it.

View 14 Replies View Related

How To Block The World

Jul 4, 2009

IM about tired of spam and hackers putting phishing items on my server.

My question is.

How can I block the whole world expect for US, CA and UK?

I've added several countrys to csf's csf.deny list but half of them keep disappearing.

View 14 Replies View Related

Block A Specific ISP

Jun 12, 2008

Is there any way to block a particular ISP? Have a visitor that changes IP hourly, but the IP always resolves back to a hostname like dsl.yuns.sksk.uk .

I have CSF installed. Any way to block all visitors from dsl.yuns.sksk.uk?

View 3 Replies View Related

Suhosin Block

Jun 17, 2008

in one of my servers i have this line in my ConfigServer Security & Firewall:

190.28.118.155 # lfd: 10 (suhosin) login failures from 190.28.118.155 - Mon Jun 16 23:27:50 2008

is this ok? i mean... its an attack of some sort? i know suhosin is meant to increase php security, so its blocking an attack right?

View 0 Replies View Related

Block An IP Range ...

Apr 6, 2008

I set up a forum for a small group of users, so I don't really wish to see spiders or bots on it, so I've put a robots.txt file there to prevent all of them from accessing the forum pages.

I know not all bots follow the robots.txt rule, and these days a really annoying bot called MUNAXNET or Munax AB with IP range 82.99.30.0 - 82.99.30.127 is causing the forum to have extra and unexpected loads.

I've tried to block this IP range with .htaccess and uploaded it to the root of the site a few days ago, here is the content:

<Limit GET HEAD POST>
order allow,deny
deny from 82.99.30.0-82.99.30.127
allow from all
</LIMIT>
However strangely it seems that all of these are not working for this bot, today I saw my forum had 80 users online and that army still keeps coming and browsing all pages of my forums...

I tested the .htaccess with blocking myself, and it actually worked for me, dunno why it's not working for that bot..

View 3 Replies View Related

Should I Block Yandex

Mar 13, 2008

I was just researching my log analyzers to see whats happening... I noticed something new in the logs, a large number of unnamed robots or spiders... so I found the robot... it was this:

23310 7.99% 23303 9.48% 1159765 18.56% 22 0.12% 77.88.26.26

After some reading, sites say the ip belongs to spider26.yandex.ru

For simply security reasons, would it be in best interest to block the entire subnet? It seems that the same IP ending in .25 belongs to spider25.yandex.ru

View 0 Replies View Related

Anyone Using Snort - Does It Really Block Anything

Apr 25, 2008

Is anyone using snort?

Does it really block any web based attacks?

I know I can do port scans, and it can alert you to a whole bunch of false positvies, but is it blocking/detecting any serious attacks on your web server?

If so, which rules are the one is alerting on?

View 0 Replies View Related

Block A Bot By Netmask

Jan 8, 2008

I have a Juniper firewall. I'm seeing a ton of traffic from the Twiceler bot in the range of 100,000 hits a day. Luckily they've more recently put up a list of IP addresses their bots use at:

[url]

So, I'm blocking all of these now. However I think it's a simple Netmask issue I'm having. I'm blocking all ports from

208.36.144.0/24
38.99.13.0/24
38.99.44.0/24
64.1.215.0/24

However, I am still seeing the bot in server log files. Could it be that I should not be specifying .0 at the end, but instead .1? Like this in the policy?

64.1.215.1/24

View 3 Replies View Related

Block Spam

Jun 16, 2008

I have spamassassin configured its working 90% but still I am receiving mails from my ID only. Like I have info@domain.com so I am receiving mail from info@domain.com to info@domain.com.

View 7 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved