I've been carrying some weird hours lately, so I'm able to see activity on my sites that I normally don't see.
Certain IPs are trying to diddle their things into my server and need the boot. It's not consistent (ie not happening every 5, 10 mins)... it's periodically throughout the months. I'll see an IP I blocked 2 months ago just randomly show up at 4:30am and try accessing the same files it was probing during it's last visit. Assuming this is just some sort of bot, can I block it permanently?
I know APF has a collection system that purges an IP list to keep it from bloating, and I had PSM do some hardening so I'm not entirely sure about the workings of APF firewall. So far my IP blocks are blank (which is a good sign!), but I'd like to add some nuisances to it, to keep their crap from appearing in my error logs anymore as "Denied by Server Configuration"
My question is: Can I block people at server level permanently? I do not want their IP being taken out with the purge list that comes by every so often.
I'm tired of india people hitting our website (because it is a top hit on google and the others) then calling the next day to bug me to use them for outsourcing.
I am going to block some IP blocks in my .htaccess file to prevent this.
I can see from my statcounter logs that the hits from india so far have come from 59.* 102.* and 203.* (as in 59.###.###.###).
Is there a place I can lookup to find out if I block those, will I will also be blocking some north america IPs (since I'm using such a broad wildcard)?
All our paying business comes from north america.
my htaccess file will look like this:
Code: # prevents a directory listing when typing in the directory path in the browser Options -Indexes # # My effort to keep india sites from seeing our website order allow,deny deny from 203. deny from 59. allow from all
I'm trying to figure out a method to stop some of the email spam that we get, and I have something figured out, but I need help on implementing it.
Basically, we get a lot of spam emails from addresses claiming to be from our domain (EX: From: someguy@mysite.com). The email is actually not from our domain, nor does the address actually exist, but the From address is being forged to look like it is our domain.
Basically to fix this, i want to block all email where the From address is claiming to be from our domain, with a nonexistent email address. I'm pretty sure that this is configurable in Exim, but I haven't found any tutorial on it, and I'm not familiar enough with Exim to do it very easily. Anyway if anyone knows of a tutorial or how this could be accomplished, please let me know.
Just to Add: The reason that these emails are a problem is that the spam software we are running recognizes these emails as being from our domain which it trusts, so they pass most spam filters.
I have a few boxes on a special setup in a rack that I want to monitor bandwidth usage on for a while. There really isn't a way at the moment to do it switch level. Some of the servers have cPanel, some are just straight Linux (CentOS). I have seen where you can setup iptables to measure/monitor bandwidth, any other easy and effective suggestions for doing this?
I recently signed up a new client to my dedicated server - The minute they switched over to my server, it seems that all hell broke loose. (I'm going to refer to them as "Company A")
Company A called me up and said that one of their employees was getting a huge amount of SPAM and that after a day or two, they were having issues with their E-mail.
I looked at my logs and it showed something unusual-
When I explained this to Company A, they ran some virus checks on their computers and 3 out of 5 computers had viruses on them.
They claim to have fixed the viruses but now, they cannot send e-mails to specific clients.
I checked their I.P. against blacklists and they are using Comcast cable internet at their location and I cleared their only blacklisting (spamhaus.org).
I'm still getting calls that Company A cannot e-mail a few of their clients and just to make sure it's not JUST them, I tried to send a test e-mail to the same clients as Company A.
The e-mails from me were rejected due to time-out.
HERE IS MY QUESTION:
Is this an issue on MY end that must be taken care of *OR* is it due to the fact that they had viruses on their computers and now they are blocked because the virus tried to attack everybody in THEIR e-mail address book?
None of my other clients are complaining of e-mail issues or that e-mails are getting kicked back. Just Company A.
I am hosting about 12 TYPO3 websites in a shared hosting environment, but I need to think about upgrading to a faster (dedicated) server as some of the sites have a higher traffic volume.
I am not a pro and use Linux only as a user. How dificult is it to manage a root server? Is all done via an easy Control Panel or do I need expert knowledge to install software etc?
Or shoud I look for a managed server where all is done for me?
If your server is blocking googlebot from finding your robots.txt file, how do you configure your firewall to unblock it?
I've searched through Google and I've seen may people just say your firewall is blocking it, but none mention how to really stop it from doing that. Like does Google have an IP it uses, and if so, what is the IP you should whitelist for your server?
As I keep getting that message: Network unreachable: robots.txt unreachable and I'm sure it's due to a firewall issue, just have no idea how to fix that.
I was wondering if it is possible to block traffic to and from a server with iptables. Like for example a user transferring files with his ftp client to another server x.x.x.x (FXP)....
been trying with these rules here:
iptables -IINPUT -s x.x.x.x -j DROP iptables -I OUTPUT -s x.x.x.x -j DROP iptables -I FORWARD -s x.x.x.x -j DROP
But still the user can transfer to the server destination...
I have a wierd problem on my server. I'm updating an order with my php shopping cart script and notice some of the orders hang on updating. After research I discovered the orders that wont update are orders that have domain names in the textarea field. More specifically. www.yourdomain.com will just hang if I try to update them.
After further research I discovered the if I put an backslash it'll update no problem. IE: www.yourdomain.com
This only happens with domain names inside a textarea. I'm not sure if it's a php config setting, apache setting, my firewall, mod_evasive, mod_security. I've looked at all of them and can't seem to find what is blocking the script from updating just because of www.domainname.com in a textarea.
Rather than just tagging the subject with ***SPAM***. Am I going to have to recompile spam assassin in order to get that working? I have a client of mine who wants all spam just removed before it hits his inbox. Is there a setting somewhere in cpanel that I am missing for this? Possible just to apply it to one domain name?
Which virtualization technology is better? Hardware level or software level? My friend suggested me to go for software level virtualization. However, I am still concerned about the technology as to which I should choose?
Which virtualization technology is better? Hardware level or software level? My friend suggested me to go for software level virtualization. However, I am still concerned about the technology as to which I should choose?
This topic has probably been covered many times. I am trying to block spam bots from direclty accessing scripts on my site. Measures I have taken thus far, also block my site pages that want are designed to use the scripts. This includes Hot Link Protection and a couple of directives in the .htaccess file.
When I create Mailbox for customer, spamassassin have status (default):
HTML: Status false The score that a message must receive to qualify as spam What to do with spam mail move Add the following text to the true beginning of subject of each message recognized as spam Modify spam mail subject text ***SPAM***
Black list ================================ Server-wide black list:
User's black list:
White list ================================ Server-wide white list:
User's white list:
But i want it:
HTML:
Status false The score that a message must 7 receive to qualify as spam What to do with spam mail text Add the following text to the true beginning of subject of each message recognized as spam Modify spam mail subject text ***SPAM***
Black list ================================ Server-wide black list:
User's black list:
White list ================================ Server-wide white list:
User's white list:
Not Move, it only text at "What to do with spam mail text"
Code: Hi. This is the qmail-send program at m1370.contabo. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. It didn't work out.
<emailhere@gmail.com>: 2a00:1450:4013:0c00:0000:0000:0000:001b failed after I sent the message.
[Code] .....
Centos 6.6 + Plesk 12 Web Pro Edition
My server certainly did not spam Gmail servers, (my old server works fine sending email t gmail) I fear this has something to do with my "Postfix" configuration.
server with many IP (100-200) and possible buying +20-50 each month. Configuration - CPU: 1.5-2ghz, RAM: 512-1024mb, HDD: 40-80gb. Location - any. Traffic - 1-2tb. OS - CentOS preff.
I am having a pretty weird problem about ip s at my server. I have a dedi at netdirekt and they gave me like 4 free ips,
all of the sites are at main ip, but today i created a new account and also add 1 of those ips to server and i changed ip of the site.
After that problem started, when i try to ping site it shows ip of the site (new ip), but it gives request timed out. Also sometimes it says, 89.149.218.46 : Destination host unreachable.
If i change the ip of the new site to main ip, site loads well but when i change it to new ip it doesn't load plus gives that ping problem
My story starts with my getting burned by fumiNET (the first *grrr*)...
Burstnet reactivates my server (for an additional payment of course). The server seems fine but I thought that I might do better with a BurstNET reseller (better service). So...
I sign up with a reseller, and since I got my new server I've been plagued with email bounces, rejections, etc. Seems that my server (via the reseller) was supplied with a bunch of banned IPs (in other words, crap IPs). (the second *grrrr*)
I've reported to the providers abuse department, but was told that I have to handle this. (third *grrrr* - or is it just continued from the second?)
I've had it. I'm ready to fold up shop. As it is the sites keep me busy - but then...
- I get screwed by fumiNET (losing a big chunk of money) - the hassle of trying to get my fumiNET server back up (thanks BurstNET) - transferring to the reseller for better service, and finding out that perhaps BurstNET service was better than the reseller's
I'm open if anyone has suggestions. Some that I've come up with myself...
- finding yet another server provider (recommendations welcome) - drinking large quantities of Guinness (worth it regardless) - pulling the plug on the server and getting shared hosting to hold some minimal content - forgetting the whole damn thing and getting a job as a [pick one]: store clerk, street cleaner, used car salesman
