Blocking IP Addresses At Server Level
May 4, 2008
I've been carrying some weird hours lately, so I'm able to see activity on my sites that I normally don't see.
Certain IPs are trying to diddle their things into my server and need the boot. It's not consistent (ie not happening every 5, 10 mins)... it's periodically throughout the months. I'll see an IP I blocked 2 months ago just randomly show up at 4:30am and try accessing the same files it was probing during it's last visit. Assuming this is just some sort of bot, can I block it permanently?
I know APF has a collection system that purges an IP list to keep it from bloating, and I had PSM do some hardening so I'm not entirely sure about the workings of APF firewall. So far my IP blocks are blank (which is a good sign!), but I'd like to add some nuisances to it, to keep their crap from appearing in my error logs anymore as "Denied by Server Configuration"
My question is: Can I block people at server level permanently? I do not want their IP being taken out with the purge list that comes by every so often.
View 4 Replies
ADVERTISEMENT
May 24, 2007
APF firewall is blocking IP's from the allowed range
I have this inserted in /etc/apf/allowed_hosts.rules and restarted APF of course
67.79.221.0/24
70.112.124.0/24
70.113.54.0/24
It still blocked this IP for example, 67.79.221.154
Anyone know why?
View 4 Replies
View Related
Jul 5, 2007
I'm tired of india people hitting our website (because it is a top hit on google and the others) then calling the next day to bug me to use them for outsourcing.
I am going to block some IP blocks in my .htaccess file to prevent this.
I can see from my statcounter logs that the hits from india so far have come from 59.* 102.* and 203.* (as in 59.###.###.###).
Is there a place I can lookup to find out if I block those, will I will also be blocking some north america IPs (since I'm using such a broad wildcard)?
All our paying business comes from north america.
my htaccess file will look like this:
Code:
# prevents a directory listing when typing in the directory path in the browser
Options -Indexes
#
# My effort to keep india sites from seeing our website
order allow,deny
deny from 203.
deny from 59.
allow from all
View 7 Replies
View Related
Jul 16, 2007
I'm trying to figure out a method to stop some of the email spam that we get, and I have something figured out, but I need help on implementing it.
Basically, we get a lot of spam emails from addresses claiming to be from our domain (EX: From: someguy@mysite.com). The email is actually not from our domain, nor does the address actually exist, but the From address is being forged to look like it is our domain.
Basically to fix this, i want to block all email where the From address is claiming to be from our domain, with a nonexistent email address. I'm pretty sure that this is configurable in Exim, but I haven't found any tutorial on it, and I'm not familiar enough with Exim to do it very easily. Anyway if anyone knows of a tutorial or how this could be accomplished, please let me know.
Just to Add:
The reason that these emails are a problem is that the spam software we are running recognizes these emails as being from our domain which it trusts, so they pass most spam filters.
View 0 Replies
View Related
Oct 10, 2009
Is there any preset criteria for it like Level 1 includes a, b & c, Level 2 includes d, e & f and level includes x, y & z?
I know the difference in General but, I wanted a specific answer.
View 14 Replies
View Related
Nov 27, 2007
I have a few boxes on a special setup in a rack that I want to monitor bandwidth usage on for a while. There really isn't a way at the moment to do it switch level. Some of the servers have cPanel, some are just straight Linux (CentOS). I have seen where you can setup iptables to measure/monitor bandwidth, any other easy and effective suggestions for doing this?
View 3 Replies
View Related
Mar 9, 2008
I recently signed up a new client to my dedicated server - The minute they switched over to my server, it seems that all hell broke loose. (I'm going to refer to them as "Company A")
Company A called me up and said that one of their employees was getting a huge amount of SPAM and that after a day or two, they were having issues with their E-mail.
I looked at my logs and it showed something unusual-
LOGIN FAILED, user=myclientuser@companya.com, ip=[::ffff:XX.XXX.170.47]: 110 Time(s)
When I explained this to Company A, they ran some virus checks on their computers and 3 out of 5 computers had viruses on them.
They claim to have fixed the viruses but now, they cannot send e-mails to specific clients.
I checked their I.P. against blacklists and they are using Comcast cable internet at their location and I cleared their only blacklisting (spamhaus.org).
I'm still getting calls that Company A cannot e-mail a few of their clients and just to make sure it's not JUST them, I tried to send a test e-mail to the same clients as Company A.
The e-mails from me were rejected due to time-out.
HERE IS MY QUESTION:
Is this an issue on MY end that must be taken care of *OR* is it due to the fact that they had viruses on their computers and now they are blocked because the virus tried to attack everybody in THEIR e-mail address book?
None of my other clients are complaining of e-mail issues or that e-mails are getting kicked back. Just Company A.
View 4 Replies
View Related
Jun 30, 2008
I am hosting about 12 TYPO3 websites in a shared hosting environment, but I need to think about upgrading to a faster (dedicated) server as some of the sites have a higher traffic volume.
I am not a pro and use Linux only as a user. How dificult is it to manage a root server? Is all done via an easy Control Panel or do I need expert knowledge to install software etc?
Or shoud I look for a managed server where all is done for me?
View 5 Replies
View Related
Nov 20, 2008
My server is getting a lot of spam robots registering as fake users into my forums (altho most emails are invalid
View 2 Replies
View Related
May 21, 2008
If your server is blocking googlebot from finding your robots.txt file, how do you configure your firewall to unblock it?
I've searched through Google and I've seen may people just say your firewall is blocking it, but none mention how to really stop it from doing that. Like does Google have an IP it uses, and if so, what is the IP you should whitelist for your server?
As I keep getting that message: Network unreachable: robots.txt unreachable
and I'm sure it's due to a firewall issue, just have no idea how to fix that.
View 5 Replies
View Related
Feb 26, 2007
I was wondering if it is possible to block traffic to and from a server with iptables.
Like for example a user transferring files with his ftp client to another server x.x.x.x (FXP)....
been trying with these rules here:
iptables -IINPUT -s x.x.x.x -j DROP
iptables -I OUTPUT -s x.x.x.x -j DROP
iptables -I FORWARD -s x.x.x.x -j DROP
But still the user can transfer to the server destination...
View 0 Replies
View Related
Jul 10, 2007
I have a wierd problem on my server. I'm updating an order with my php shopping cart script and notice some of the orders hang on updating. After research I discovered the orders that wont update are orders that have domain names in the textarea field. More specifically. www.yourdomain.com will just hang if I try to update them.
After further research I discovered the if I put an backslash it'll update no problem. IE: www.yourdomain.com
This only happens with domain names inside a textarea. I'm not sure if it's a php config setting, apache setting, my firewall, mod_evasive, mod_security. I've looked at all of them and can't seem to find what is blocking the script from updating just because of www.domainname.com in a textarea.
View 7 Replies
View Related
Aug 31, 2007
Rather than just tagging the subject with ***SPAM***. Am I going to have to recompile spam assassin in order to get that working? I have a client of mine who wants all spam just removed before it hits his inbox. Is there a setting somewhere in cpanel that I am missing for this? Possible just to apply it to one domain name?
View 3 Replies
View Related
May 27, 2009
Is there any way to block or monitor and find scripts such as rapidleech and other torrent upload scripts on a cPanel server?
View 2 Replies
View Related
Feb 1, 2008
how can i remove list of blocking IPs on iptable on my server its over 100 IPs how can i remove it?
View 2 Replies
View Related
Jun 28, 2009
Which virtualization technology is better? Hardware level or software level? My friend suggested me to go for software level virtualization. However, I am still concerned about the technology as to which I should choose?
View 3 Replies
View Related
Jun 28, 2009
Which virtualization technology is better? Hardware level or software level? My friend suggested me to go for software level virtualization. However, I am still concerned about the technology as to which I should choose?
View 0 Replies
View Related
Aug 14, 2007
This topic has probably been covered many times. I am trying to block spam bots from direclty accessing scripts on my site. Measures I have taken thus far, also block my site pages that want are designed to use the scripts. This includes Hot Link Protection and a couple of directives in the .htaccess file.
how I can block direct access to my scripts?
View 0 Replies
View Related
Jun 17, 2014
When I create Mailbox for customer, spamassassin have status (default):
HTML:
Status false
The score that a message must
receive to qualify as spam
What to do with spam mail move
Add the following text to the true
beginning of subject of each
message recognized as spam
Modify spam mail subject text ***SPAM***
Black list
================================
Server-wide black list:
User's black list:
White list
================================
Server-wide white list:
User's white list:
But i want it:
HTML:
Status false
The score that a message must 7
receive to qualify as spam
What to do with spam mail text
Add the following text to the true
beginning of subject of each
message recognized as spam
Modify spam mail subject text ***SPAM***
Black list
================================
Server-wide black list:
User's black list:
White list
================================
Server-wide white list:
User's white list:
Not Move, it only text at "What to do with spam mail text"
How i can do it ?
View 6 Replies
View Related
Apr 13, 2015
Every time my server tries to send mail to Gmails/yahoos - they reject it with the following message:
Code:
Apr 13 11:35:49 m1370 plesk sendmail[5009]: handlers_stderr: PASS
Apr 13 11:35:49 m1370 plesk sendmail[5009]: PASS during call 'limit-out' handler
Apr 13 11:35:49 m1370 plesk sendmail[5009]: handlers_stderr: SKIP
Apr 13 11:35:49 m1370 plesk sendmail[5009]: SKIP during call 'check-quota' handl er
Apr 13 11:35:49 m1370 postfix/pickup[1759]: C90FA61668: uid=48 from=<apache>
[Code] ....
I tried Qmail, same issue
Code:
Hi. This is the qmail-send program at m1370.contabo.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. It didn't work out.
<emailhere@gmail.com>:
2a00:1450:4013:0c00:0000:0000:0000:001b failed after I sent the message.
[Code] .....
Centos 6.6 + Plesk 12 Web Pro Edition
My server certainly did not spam Gmail servers, (my old server works fine sending email t gmail) I fear this has something to do with my "Postfix" configuration.
View 1 Replies
View Related
Apr 8, 2009
How can you tell if two IPs are setup on the same server without having access to the server?
View 6 Replies
View Related
Oct 26, 2008
server with many IP (100-200) and possible buying +20-50 each month. Configuration - CPU: 1.5-2ghz, RAM: 512-1024mb, HDD: 40-80gb. Location - any. Traffic - 1-2tb. OS - CentOS preff.
View 8 Replies
View Related
Feb 4, 2008
I am having a pretty weird problem about ip s at my server. I have a dedi at netdirekt and they gave me like 4 free ips,
all of the sites are at main ip, but today i created a new account and also add 1 of those ips to server and i changed ip of the site.
After that problem started, when i try to ping site it shows ip of the site (new ip), but it gives request timed out. Also sometimes it says, 89.149.218.46 : Destination host unreachable.
If i change the ip of the new site to main ip, site loads well but when i change it to new ip it doesn't load plus gives that ping problem
View 4 Replies
View Related
May 8, 2007
How to add an IP adress to CentOS server?
I can't find 'how to"
How can I add secondary adress using SSH?
What command?
View 1 Replies
View Related
Jul 2, 2008
i just got a 2nd server
i had a problem at the beginning that i had to reload
so i think the tech forgot to add my other ips to my network card configs
i remember layeredtech once reloaded my server and the same problem happend so they advised me to add it to a config file in my server
View 6 Replies
View Related
Jul 8, 2008
My story starts with my getting burned by fumiNET (the first *grrr*)...
Burstnet reactivates my server (for an additional payment of course). The server seems fine but I thought that I might do better with a BurstNET reseller (better service). So...
I sign up with a reseller, and since I got my new server I've been plagued with email bounces, rejections, etc. Seems that my server (via the reseller) was supplied with a bunch of banned IPs (in other words, crap IPs). (the second *grrrr*)
I've reported to the providers abuse department, but was told that I have to handle this. (third *grrrr* - or is it just continued from the second?)
I've had it. I'm ready to fold up shop. As it is the sites keep me busy - but then...
- I get screwed by fumiNET (losing a big chunk of money)
- the hassle of trying to get my fumiNET server back up (thanks BurstNET)
- transferring to the reseller for better service, and finding out that perhaps BurstNET service was better than the reseller's
I'm open if anyone has suggestions. Some that I've come up with myself...
- finding yet another server provider (recommendations welcome)
- drinking large quantities of Guinness (worth it regardless)
- pulling the plug on the server and getting shared hosting to hold some minimal content
- forgetting the whole damn thing and getting a job as a [pick one]: store clerk, street cleaner, used car salesman
View 1 Replies
View Related
Aug 29, 2008
How to view all ip on the server ?
os linux
View 1 Replies
View Related
Apr 5, 2008
I want to change whole server IPs. I use cPanel.
I have main IP used for first nameserver and client sites, and second IP used for second name server.
What steps I have to make if I would recive 2 new IPs from my Data Center?
I have DDoS and my DC said that they can only change my IPs to new.
View 7 Replies
View Related