Can't Remove The Ip Blocked By APF Antidos

Mar 2, 2007

APF Antidos blacklisted a number of ips that seem to be okay to me
I have tried to delete them with /etc/apf/apf -l , /etc/apf/apf --unban xxx.xx..,
and even iptables --flush no avail ! Where does apf store its ip rules. I guess that is /etc/apf/.ipt.chains but not found ..

looks like there was no command line option allowing to remove IPs from apf backlist

View 7 Replies


ADVERTISEMENT

APF And AntiDOS

Mar 24, 2007

I have installed APF. I also activated AntiDos that is part of APF.

I have changed the following in the config file:

Quote:

# Try to detect syn-flood attacks [0=off,1=on]
DET_SF="1"

The rest of settings are default. I have Intel Xeon-Woodcrest 5148-DualCore-LV [2.33GHz] server with 4 gigs of RAM. My web server is extremely slow.
I run commands, such as:

Quote:

netstat -pan | sort +4 |awk '{print$5}'| sed -e s/':.*'/''/g | sort | uniq -c | sort -k1 -nr | head -n 20
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
netstat -plan|grep :25|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
netstat -nap | grep SYN | awk '{print $5}' | awk -F ":" '{print $1}' | sort | uniq -c | sort -n
netstat -n | grep SYN

Sometimes I see entries that indicate possible attack, such as:
Quote:

63 80.191.210.252

, but most of times, there are many IPs, example:

Quote:

24 85.133.177.70
20 89.178.184.215
18 83.11.216.179
15 84.234.0.183
7 87.228.120.88
7 172.188.3.203
6 202.84.43.178
5 89.178.45.124
4 85.117.72.151
2 202.40.181.72
2 217.172.29.7

Here are my questions: what is going on? I understand that apache is getting flooded, but any way to adjust APF's antidos to block those attacks?

ANy better solution? Does AntiDos feature of APF really work?

I've read about mod_evasive addon. Shall I install it, too?

Will there be a conflict between APF's AntiDos and mod_evasive running together?

My users are tired of waiting for forum to load.

View 14 Replies View Related

Antidos Setting

May 29, 2008

Can someone tell me the difference?

This comes from the antidos config.

# Trigger value before we drop an event SRC
TRIG="75"

# Trigger value before we drop syn-floods for SRC
SF_TRIG="75"

View 1 Replies View Related

How To Get BFD Or Antidos To Work On Ubuntu 5.10 / 6.06 --- Plesk 8?

Sep 18, 2006

Have been trying to get BFD and APF Antidos (not at same time) to work on Ubuntu 5.10 / Plesk and 6.06 (No Plesk yet) servers. APF appears to work fine after checking /sbin/iptables -L -n

Both cronjobs run but getting a lot of brute force attacks to ssh and Plesk but no offending IP's are being blocked and no e-mails reporting that they are being blocked. Log files for BFD and Antidos are always "0". Everything setup and configured the same as on my previous CentOS servers.

Can't find much on the net with this newer OS. Can anyone point me in the right direction to get one of these to work on the systems above? Thought it might be a path error referencing rc.d but put a symlink in for that and no change.

View 2 Replies View Related

Remove Empty Folders And Remove From A Db

Jul 22, 2009

ive got a site which auto creates subdomains and installs a script automaticly and inserts details into a mysql db. i have had some issues recent so have loads (talking 100s) of folders that are empty which i need to remove, and to remove the details of said folder from db also. any ideas how i can do this, using plesk control panel so removing the subdomain via plesk cli may be the best way in that respect but the db is external to plesk so that would not be edited

View 0 Replies View Related

My Ip Blocked

May 14, 2009

i have vbulletin forum with 250,000 member

i tried to send a message to them so i used this blugin

[url]

and send 200 message every 10 minute

after 4 days my ip address are blocked from yahoo server

every mail i want to send i get this message

[TS03] All messages from xx.xx.xx.xx will be permanently deferred; Retrying will NOT succeed. See [url]

View 3 Replies View Related

IP Blocked

Jan 20, 2008

All of a sudden my sites are not visible to me hosted in the same cirtex hosting account. I have verified that it wasn't spyware messing with my local computer and can view the site via a proxy. They use cpanel and there is no block visible, but there has to be something somehwere. I told them to restart and that did make the site visible until I checked in the morning, Where would a block be if this is it and is there a chance this was done by a hacker?

View 1 Replies View Related

Getting IP's Blocked By Your ISP

Dec 30, 2007

how willing your ISP/carrier is to block one or multiple IP addresses that have may have been causing issues for you such as DDoS attacks, hackings etc.

What has been your experience? Please provide as much detail on your experience as possible.

View 10 Replies View Related

Blocked By MSN

Jul 19, 2007

I am blocked by MSN. All email messages directed to any @hotmail.com address is rejected, here a typical message:

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

name@hotmail.com
SMTP error from remote mail server after MAIL FROM:<user@mydomain.com> SIZE=1802:
host mx3.hotmail.com [65.54.244.200]: 550 Your e-mail was rejected for policy reasons on this gateway. Reasons for rejection may be related to content such as obscene language, graphics, or spam-like characteristics (or) other reputation problems.

I have never spammed nor sent similar content as that listed above.

My host provider says they are contacting MSN for an explantion, but time is running and I need to find a solution to this, because I have some customers (hosted in my server) which need to answer to @hotmailers prospects on their product/services.

View 7 Replies View Related

IP Not Being Blocked Properly

Jun 28, 2009

I need to block a specific IP:
93.6.224.242

It adds fine when I do:
iptables -A INPUT -s 93.6.224.242 -j DROP

However, the IP is still accessing files and pages on the site according to Apache:

When I ban other IP's they are blocked from accessing anything on the server (e.g. it wouldn't even reach Apache level because of firewall), but this IP just isn't banning properly.

View 11 Replies View Related

Blocked Range Ips Through Apf - How To

Nov 5, 2009

am using APF firewall and am getting ddos from these range ips

4.68.25.*

8.0.4.*

8.0.5.*

how could i delete all the range from these ip's?

View 4 Replies View Related

Emails Blocked From ISP

Oct 13, 2009

I have recently switched to GreenGeeks, great company and great support, but I am having a huge problem that all my clients and I are having problems with. No one can send emails to ATT, Verizon, Earthlink, Comcast, Etc. because they bounce back as being blocked. I have contacted them to unblock the IP and they do, but then a few days pass and it's blocked again. WTH? I've contacted GreenGeeks and they are aware of the problem but I really need to move on with this problem, does anyone know of any solution to do?

Example: ....

View 14 Replies View Related

Blocked IP By Spamhaus

Jul 8, 2009

We just got a new windows server and didnt put an antivirus or configure windows firewall, while setting up for the 1st two months.

our IP address has been blocked twice now by this company, on saturday, released on monday and blocked again on tuesday.

[url]

we applied to have it removed which they did and blocked it again, they claim we were spamming, which we never did

We have installed mcafee and setup windows firewall.

View 7 Replies View Related

Blocked By Gmail

Feb 3, 2009

One of my clients ran an e-mail bomber and gmail is blocking all emails from my server. I've searched but can't find a way to reach google or unblock the IP.

View 6 Replies View Related

Blocked Using 88.blacklist.zap

May 25, 2009

I have exim mailserver (cpanel based),and when i send mails to some domains i have got the following error

550 Service unavailable; Client host [xxx.xxx.xxx.xxx] blocked using 88.blacklist.zap; Mail From IP Banned To request removal from this list please forward this message to delist@frontbridge.com

How can i solve this issue ? How can i avoid my IP from listing in 88.blacklist.zap?

View 1 Replies View Related

SYNFLOOD Blocked

Feb 20, 2008

Recently switched firewalls from APF and CSF, and so far couldn't be happier! But I do have some questions on SYNFLOOD_RATE within CSF.

Currently have a setting for "40/s" and I am still getting many messages in /var/log/messages with *SYNFLOOD Blocked*.

If I enable Synflood checking, the load on the server increases, but the bandwidth usage decreases. But I'm wondering if 'good' visitors are getting turned away?

Is the setting meaning block above 40/s per IP?

Or simply block above 40/s?

Also, does the firewall simply drop the packets above 40?

And is the IP Blocked?

View 8 Replies View Related

Port 110 Blocked

Nov 16, 2008

They started blocking my Port 25, so I made an iptables entry on my server to redirect posrt 26 to port 25 so I could set my outgoing mail for my server (from Outlook) to port 26. But one day later teh bastards are blocking my port 26 too! Guess they just don't want ANY outbound mail send from anything but their servers! If I had any other option, I'd dump Comcast in a heartbeat!

View 3 Replies View Related

Blocked URLs

May 4, 2008

I'm testing scripts on new server now, and server has 2 problems.

1. I can not enter domain name as "get" parameter. For example, if I'm requesting URL like domain.com/file.php?url=[url] - it does not work. If I'm requesting URL like domain.com/file.php?url=[url](please note it has INVALID extension for TLD) - it works!

2. fsockopen and file_get_contents does not work. I added these settings into php.ini:

allow_url_fopen = On
allow_url_include = On

...and nothing works. I get just blank pages when using these functions.

Server is running cpanel + apache 2.2 + php 5 + APF firewall

View 6 Replies View Related

CSF :: Port Getting Blocked

Apr 22, 2008

Been running CSF and very happy with. Just wondering if anyone periodically has to restart CSF because it is blocking something it shouldn't? For example, I have port 5151 open in csf.conf, suddenly (at random) the port will be blocked. I restart CSF and everything is fine.

View 4 Replies View Related

Isp Blocked Port 110

Jul 25, 2008

i have a customer whos isp blocked both port 110 and 25, so far i was able to fix the problem with sending e-mails (port 25) but i cant see where do i change or add another port for receive email on my server, and since i cant do it... there is no point on opening a port in the firewall.

View 10 Replies View Related

Blocked IP Address Still Getting In

Apr 9, 2008

I have blocked an IP both in host.deny AND in iptables...and the guy is still able to access my server...any suggestions or something to look for.

CentOS 4.5

View 7 Replies View Related

PHP Files In IIS Blocked

Jul 7, 2007

I setup php on my IIS in my box and i know i set it up correctly, but each time i reinstall it because of this error i keep getting it.

When i try to see any php file on my IIS through a web browser it shows me some login page no matter what kind of php file it is.

If its html or asp it works fine like here

66.221.255.17
or 66.221.255.17/index.html

but this doesnt work it shows some login

66.221.255.17/index.php and so do all other php files.

View 14 Replies View Related

My Users Said His IP Is Blocked

Dec 12, 2007

My user said he can not view his site from his IP address. His friend from the same ISP also canot access the site.

But i can access from my ISP. So I think probably his IP address has been baned. Therefore, how can I check that? and how can i make his IP range available back?

View 6 Replies View Related

Blocked By Hotmail

Apr 23, 2007

My IP in clean from any blacklist/RBL databases but hotmail is blocking with the error message below:-

Remote host said: 550 Your e-mail was rejected for policy reasons on this gateway.

Reasons for rejection may be related to content such as obscene language, graphics, or spam-like characteristics (or) other reputation problems. For sender troubleshooting information, please go to [url]. Please note: if you are an end-user please contact your E-mail/Internet Service Provider for assistance.

View 14 Replies View Related

IP Blocked By Spamhaus

Aug 12, 2007

I've just got a fully manage VPS, unfortunately the newly aquired IP was listed in PBL (policy Block List)by spamhaus which is a nonspam source. I've got the ip de-listed but apparently some servers are still rejecting emails coming from this IP. It have been almost 48 hrs. Question is:

1) How can the IP got listed when it's never been use? How can we check IP is indeed a 'fresh' or pr-owned by spammers?

2) What is the possibility of the IP being blacklisted by these servers forever? How long does it normally take for it to be totally in the clear?

3) What are the preventive measures that can avoid IP being listed?

4) Is configuring Reverse DNS PTR a standard procedure in server set-up and could missing that config be the main reason the IP got tagged?

View 5 Replies View Related

TCP_IN Blocked

Oct 18, 2007

Today a client told he is not able to access the server.

I checked his IP in /var/log/mesages and found 5000 lines of

Quote:

Oct 18 14:24:46 server54 kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:18:e7:16:99:96:00:d0:00:f2:e4:00:08:00 SRC=124.43.217.81 DST=MY-IP-ADDR LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=37007 DF PROTO=TCP SPT=2182 DPT=554 WINDOW=65535 RES=0x00 SYN URGP=0

It seems he is connecting to the server on port 554.

View 4 Replies View Related

How To Find Blocked IPs

Jun 4, 2007

Some of our servers are complaining that they can't access the website. How can we check the blocked IPs using IP tables rules? Are there any special command to check?

View 3 Replies View Related

How To Check If An IP Is Blocked

Jul 15, 2007

One of my hosted user complained that he can't access his website nor he can ping the website. When I asked him to access my 2nd server (same datacenter), it went fine. I could be thinking that my server is blocking his IP.

How do I check if his IP is blocked?

I am using APF+BFD Iptables firewall (i don't know but i hope this make sense)

View 8 Replies View Related

Server Blocked

Nov 19, 2007

I have an issue with 4 servers, one at theplanet.com and 3 at ayksolutions.com

Traceroute from any ayk servers to the planet dies on the last router on the planet site,

traceroute from the planet to any ayk servers dies on the last router on the ayk site.

using a different IP for the planet server works.

Now, how can I figure out which router blocks this connection?

Everything was perfect till yesterday. I can ssh on all servers.

Technical staf from both ISPs has no idea and point to eachother. Is it other tool to see where I'm blocked.

View 5 Replies View Related

Email Getting Blocked

Feb 22, 2007

I have a leased server that I use cpanel and webhost manager to manage. I've just set up the server in the past week and put our website on it and created all the email accounts. The emails are all working fine now, but we have another website on someone elses server that has sends an email (using php) and the emails aren't going through.

They went through just fine before I moved our site and email accounts over, and I've checked in cpanel to see if I had any spam filters turned on and I don't. I've also tried sending email manually using thunderbird and outlook, both work fine. Also, on our server, i've been able to send email through php.

Anyone know of a setting that I might be missing in my webhost manager?

View 11 Replies View Related

WHMCS Being Blocked,

Dec 1, 2007

WHMCS wasn't working for me so I contacted there support and they said a firewall is blocking it, the only firewall I know i have installed is apf. What exactly do I need to unblock and how do I do it.

View 14 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved