I have a website that was setup specifically for PHP/MySQL development so I can show clients their projects as I progress. I would like to block anyone from viewing this site unless I have allowed their IP to view it.
On my local system I can configure Apache to do it in the config file but I am on shared hosting so I don't have access to the config file.
I don’t really want corporate web filtering companies such as websense, surfcontrol, SonicWall, Symantec etc.. Visiting and categorising my website. I know there is an IP list somewhere that lists a few thousand IP address used by these companies but I haven’t found it yet.
View 2 Replies View RelatedIn AWStats I am getting a lot of traffic from one URL but it is all spam traffic. How can I make it so that any visitors that come from that URL cannot access my site?
They have a link on their site to mine...
I am new to apache, and really terrible with regular expressions.
How to craft an htaccess rule that looks a the URL of the page you are visiting, and redirects HTTPS to the same URL in HTTP if the URL contains a certain text string (in the case the word "products")...
Attached is a (badly) drawn diagram of two sites, connected by a vpn.
The site to the left, is network 10.0.0.0/24 which runs a linux server as the router for the network.
The site to the right, is network 10.1.0.0/24 which runs a windows 2003 server as the router for the network.
Now, my problem is, the clients behind the windows 2003 server can ping any machine on the first network because i setup a static route to route all traffic to 10.0.0.0/24 over the vpn interface.
now, my problem is, only the linux server can ping any machine on the windows 2003 network, any client behind the linux server cant seem to route over the interface.
I have the following route on the linux server: .....
Starting point: a working site using a shared IPv4, dedicated IPv6, and SSL. HTTP and HTTPS work, the latter only using SNI of course.
The good news: If I simply allocate an IP resource of 1 to a subscription it is pulled from the pool, assigned to the service node, assigned to the web site, DNS is updated, and the site is automatically changed to using a Dedicated IPv4 and Dedicated IPv6.
The bad news: visitors land on the default web site of the service node, with the default SSL certificate.
Other info: I can't ping the new IP, even though it shows in "ip a l" and /etc/sysconfig/network-scripts/ifcfg-eth0:0. [edited]
After the IP assignment, it is still installed, and /etc/httpd/conf/plesk.conf.d/ip_default/domainname.conf shows the new certificate is being used.
However, a second set of VirtualHost entries is created in server.conf for this IP for ports 80 and 443, with NameVirtualHost enabled on the new IP. The port 443 entry uses the default certificate. Apache's setup this default VirtualHost entry will override the web site configuration because Apache is listening on port 443 with the wrong cert.
If I go to "Change webspace settings" and toggle to Shared IPv4, Dedicated IPv6 the site works again via HTTPS, and Dedicated IPv4 and Dedicated IPv6 breaks it again. Setting the SSL cert to None and back again does not work.
Setting the SSL cert to None, changing to a dedicated IP, and enabling SSL results in the server being inexplicably inaccessible...browsers no longer connect to either the default site or the correct site, and I don't see any entries in the vhosts's logs.
is there anyone knows for a good hosting located in uk,which is allowed : adult site and casino betting online site ?
im looking for vps and dedicated server.
please help me i really need as soon as possible.thx
I run basicly run two main site.
1.Forum big one .
2.File and image sharing site.
(image sharing site generates thumbnails which produces lots of hits)
In these conditions how much difference can lighttpd can do as compared to apache for keeping my 600 MB Ram VPS host constant.
I'm on a short assignment to inventory and manage the fixed assets of a small company, and we've just bought a web-based database for this purpose. While I'm pretty good at administering/running local databases, the web part has me stymied. Our company is between IT people, and there's no one on site with any more idea than I have about what's going on!!
Here's what I have so far:
--The company has a website which I'll call "ourwebsite.org" -- which I think, from searching the IP address the website points to, is hosted by HostMySite.com.
--There's also a record in DNS Management with the same name (ourwebsite.org), but pointing to our little server's local IP address.
--I need to find a way to get my database -- which I can access on the network at (server's IP address)/database (ie 0.0.00.0/database) -- online. I tried creating records in DNS Management (for ex., assets.ourwebsite.org) that point to our server's IP (the one that, if I type it in on the network, I can get to the site I'm looking for), but get generic "can't find the page" or "can't connect to the server" errors, even after 72 hours, when trying to access it from off the network.
--If I browse to assets.ourwebsite.org/database on the server itself, I get to the website! But if I go to that page from any other computer, on or off the network, it doesn't work.
--The Server is running Windows Server 2003
So, what are my options? Do I have to talk to the HostMySite.com people to add this page? Shouldn't I just be able to use my server's name (ourcompanyadc.ourcompany.org) and have that route to the server? What's going on here! Is there a simple way to get a tiny local-server-hosted website online outside of the network?
I just transferred a domain from one cpanel box to another.
Now, that site is showing someone else's page. I've seen this happen before, but I cannot remember the fix.
the virtual host in httpd.conf is fine, shows proper IP, username, docroot, etc
Dns zone is fine as well.
The domain is using the server's main IP, so that's not the cause.
Centos 5 / cpanel 11 / apache 1.3 / php 4x
I am curious, what is the best way to ban certain IP from accessing server? I have software firewall (APF) and there is, of course, /etc/hosts.deny.
Which is the most efficient? I've read that software firewall becomes unstable after so many entries. Does the same apply to /etc/hosts.deny file?
Or is there a better way altogether?
some Chinese forums hotlinking images from my site and I even delete those images they keep sending me huge amount of http requests to my hosting server and eating 800mb of memory and upto 1GB cause server crash
I tried to block incoming referrer traffic from those sites using htaccess but it didn't work , I still see their http request on my server logs and memory keep goes high , am not sure my code is the right
how can I block these http request from these domains , what is the right htaccess code , I use DirectAdmin panel by the way
Can any one let me know how to block a range IP on SSH?
Eg: i'd like to block all IP: 67.63.123.xxx
I'm currently experiencing a lot of IP's starting with 200 and 201 (from Brazil) some IP’s have over 200 connections. I have APF installed and want to know how to block a block on ip's if this is possible.
IPS:
200.11.*******
201.*******
I have DDos Attack right now so I want to block all the IP from all over the world and just allow certain IP range.
How to do it using APF or any other way.
For example I want to block everything but Germany IP
Code:
53.0.0.0/8
62.4.64.0/19
62.8.32.0/19
62.8.128.0/17
62.24.0.0/19
62.26.0.0/15
62.40.0.0/19
62.44.32.0/19
62.48.64.0/19
62.50.32.0/19
62.50.96.0/19
62.50.192.0/18
62.52.0.0/14
62.61.32.0/19
62.68.0.0/19
62.72.0.0/18
62.72.64.0/19
62.75.128.0/17
62.78.64.0/20
62.80.0.0/18
62.80.96.0/19
62.89.160.0/19
62.91.0.0/16
62.93.192.0/18
62.95.128.0/18
62.104.0.0/16
62.109.64.0/18
62.109.128.0/19
62.111.0.0/17
62.112.32.0/19
62.112.64.0/19
62.112.128.0/19
62.116.128.0/18
62.117.0.0/19
62.128.0.0/19
62.128.160.0/19
62.133.0.0/19
62.138.0.0/16
62.141.32.0/19
62.141.160.0/19
62.145.0.0/19
62.143.0.0/16
62.144.0.0/16
62.146.0.0/16
62.152.0.0/19
62.152.160.0/19
62.153.0.0/16
62.154.0.0/15
62.156.0.0/14
62.165.0.0/19
62.168.192.0/19
62.169.0.0/19
62.176.128.0/19
how can i block to access to some IP?
for examaple scripts in my hosts can not access to some IPs i want
Fortigate appliances blocking an IP that is not in RBLs I have a problem with the IP 66.187.108.157 of my VPS it seems to be blocked by Fortigate appliances, as you can see in this error message:
SMTP error from remote mail server after RCPT TO:[url] host mail.am.com.pe [200.62.221.107]: 554 5.7.1 This message has been
blocked because it is from a FortiGuard - AntiSpam black IP address.(connection black ip 66.187.108.157)
However I have searched in this URL [url]and it is clean.
Any ideas on how to have/force Fortigate databases to become updated.
I'm having difficulties with a whm running on centos dedicated server. The problem is that we receive too much of spam and junk emails. by too much I mean 2000 bulks per week. It's killing us.
how I can stop it.
IM about tired of spam and hackers putting phishing items on my server.
My question is.
How can I block the whole world expect for US, CA and UK?
I've added several countrys to csf's csf.deny list but half of them keep disappearing.
Is there any way to block a particular ISP? Have a visitor that changes IP hourly, but the IP always resolves back to a hostname like dsl.yuns.sksk.uk .
I have CSF installed. Any way to block all visitors from dsl.yuns.sksk.uk?
in one of my servers i have this line in my ConfigServer Security & Firewall:
190.28.118.155 # lfd: 10 (suhosin) login failures from 190.28.118.155 - Mon Jun 16 23:27:50 2008
is this ok? i mean... its an attack of some sort? i know suhosin is meant to increase php security, so its blocking an attack right?
I have blocked this IP 125.115.144.28
/etc/apf/apf -d 125.115.144.28
But
netstat -anp|grep tcp|awk '{print $5}'| cut -d : -f1 | sort | uniq -c | sort -n
It still showing
202 125.115.144.28
Why?
Is it supposed to blocked right away, or need some time to get blocked.
When I checked /etc/apf/deny_hosts.rules
The IP is in the file.
I set up a forum for a small group of users, so I don't really wish to see spiders or bots on it, so I've put a robots.txt file there to prevent all of them from accessing the forum pages.
I know not all bots follow the robots.txt rule, and these days a really annoying bot called MUNAXNET or Munax AB with IP range 82.99.30.0 - 82.99.30.127 is causing the forum to have extra and unexpected loads.
I've tried to block this IP range with .htaccess and uploaded it to the root of the site a few days ago, here is the content:
<Limit GET HEAD POST>
order allow,deny
deny from 82.99.30.0-82.99.30.127
allow from all
</LIMIT>
However strangely it seems that all of these are not working for this bot, today I saw my forum had 80 users online and that army still keeps coming and browsing all pages of my forums...
I tested the .htaccess with blocking myself, and it actually worked for me, dunno why it's not working for that bot..
I was just researching my log analyzers to see whats happening... I noticed something new in the logs, a large number of unnamed robots or spiders... so I found the robot... it was this:
23310 7.99% 23303 9.48% 1159765 18.56% 22 0.12% 77.88.26.26
After some reading, sites say the ip belongs to spider26.yandex.ru
For simply security reasons, would it be in best interest to block the entire subnet? It seems that the same IP ending in .25 belongs to spider25.yandex.ru
Is anyone using snort?
Does it really block any web based attacks?
I know I can do port scans, and it can alert you to a whole bunch of false positvies, but is it blocking/detecting any serious attacks on your web server?
If so, which rules are the one is alerting on?
I have a Juniper firewall. I'm seeing a ton of traffic from the Twiceler bot in the range of 100,000 hits a day. Luckily they've more recently put up a list of IP addresses their bots use at:
[url]
So, I'm blocking all of these now. However I think it's a simple Netmask issue I'm having. I'm blocking all ports from
208.36.144.0/24
38.99.13.0/24
38.99.44.0/24
64.1.215.0/24
However, I am still seeing the bot in server log files. Could it be that I should not be specifying .0 at the end, but instead .1? Like this in the policy?
64.1.215.1/24
I have spamassassin configured its working 90% but still I am receiving mails from my ID only. Like I have info@domain.com so I am receiving mail from info@domain.com to info@domain.com.
View 7 Replies View RelatedHow do I block known proxy sites such as anonymouse.org or such via CSF (firewall)? I'll need to block by domains, wildcard domains (such as *proxy.tld) and IP's.
What is the proper way and is there a nice list of such proxies? I'm trying to prevent some degenerate troll from accessing my forum.
Since yesterday I have noticed some odd activity at one of my websites - www.cartuningcentral.com
The problem is that I am getting huge traffic from what I would say are traffic exchange programs, which I didn't buy, and don't want to have at all.
Examples of the referrals I am getting are:
[url]
[url]
Full details can be found here:
[url]
Now, I have tried to block all those using .htaccess, but I am by no means an expert on that.
Here's what I have done:
RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} ^(http://)?67.192.42.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} (tserve) [NC,OR]
RewriteCond %{HTTP_REFERER} (trafficserver) [NC,OR]
RewriteCond %{HTTP_REFERER} (67.192.42.2) [NC,OR]
RewriteCond %{HTTP_REFERER} (67.192.42.5) [NC]
RewriteRule .* - [F]
But it's not working at all.
how to block those referrals please?
It can be either using .htaccess, php, whatever.
I Have APF and BFD Installed but it always seems to show 80 odd events before blocking the IP. Is there a way of setting it to say 10 wrong attempts?
I Tried this, but it hasn't done a thing. below happened after the change.
Quote:
REQ="/usr/sbin/sshd"
if [ -f "$REQ" ]; then
LP="/var/log/secure"
TLOG_TF="sshd"
TRIG="10"
Quote:
Originally Posted by From BFD E-mail
The remote system 205.234.140.219 was found to have exceeded acceptable login failures on URL; there was 83 events to the service sshd. As such the attacking host has been banned from further accessing this system. For the integrity of your host you should investigate this event as soon as possible.
Executed ban command:
/etc/apf/apf -d 205.234.140.219 {bfd.sshd}
The following are event logs from 205.234.140.219 on service sshd (all time stamps are GMT -0600):
Feb 12 09:08:32 serverthree sshd[4552]: Failed password for invalid user test from ::ffff:205.234.140.219 port 35549 ssh2 Feb 12 09:08:32 serverthree sshd[4552]: Received disconnect from ::ffff:205.234.140.219: 11: Bye Bye Feb 12 03:08:33 serverthree sshd[4555]: Invalid user test from ::ffff:205.234.140.219 Feb 12 03:08:35 serverthree sshd[4553]: Failed password for invalid user test from ::ffff:205.234.140.219 port 35745 ssh2 Feb 12 09:08:35 serverthree sshd[4554]: Failed password for invalid user test from ::ffff:205.234.140.219 port 35745 ssh2 Feb 12 09:08:35 serverthree sshd[4554]: Received disconnect from ::ffff:205.234.140.219: 11: Bye Bye Feb 12 03:08:35 serverthree sshd[4557]: Invalid user test from ::ffff:205.234.140.219 Feb 12 03:08:35 serverthree sshd[4555]: Failed password for invalid user test from ::ffff:205.234.140.219 port 35794 ssh2 Feb 12 09:08:35 serverthree sshd[4556]: Failed password for invalid user test from ::ffff:205.234.140.219 port 35794 ssh2 Feb 12 09:08:35 serverthree sshd[4556]: Received disconnect from ::ffff:205.234.140.219: 11: Bye Bye Feb 12 03:08:36 serverthree sshd[4559]: Invalid user test from ::ffff:205.234.140.219 Feb 12 03:08:37 serverthree sshd[4557]: Failed password for invalid user test from ::ffff:205.234.140.219 port 35978 ssh2 Feb 12 09:08:37 serverthree sshd[4558]: Failed password for invalid user test from ::ffff:205.234.140.219 port 35978 ssh2 Feb 12 09:08:37 serverthree sshd[4558]: Received disconnect from ::ffff:205.234.140.219: 11: Bye Bye Feb 12 03:08:38 serverthree sshd[4561]: Invalid user test from ::ffff:205.234.140.219 Feb 12 03:08:38 serverthree sshd[4559]: Failed password for invalid user test from ::ffff:205.234.140.219 port 36033 ssh2 Feb 12 09:08:38 serverthree sshd[4560]:
[snipped irrelevant and lengthy log file - gbjbaanb]
Failed password for invalid user testing from ::ffff:205.234.140.219 port 42990 ssh2 Feb 12 09:10:00 serverthree sshd[4679]: Received disconnect from ::ffff:205.234.140.219: 11: Bye Bye Feb 12 03:10:01 serverthree sshd[4682]: Invalid user testing from ::ffff:205.234.140.219 Feb 12 03:10:02 serverthree sshd[4680]: Failed password for invalid user testing from ::ffff:205.234.140.219 port 43145 ssh2 Feb 12 09:10:02 serverthree sshd[4681]: Failed password for invalid user testing from ::ffff:205.234.140.219 port 43145 ssh2 Feb 12 09:10:02 serverthree sshd[4681]: Received disconnect from ::ffff:205.234.140.219: 11: Bye Bye
----
I am seeing quite a few hacking attempts coming from the TOR network. I'd like to block the TOR network on the firewall level. Anyone know how to block them?
There is a python script, but I am not familiar with Python at all and do not know how run this script. It is supposed to extract all current IP Addresses and provide a list.
I think they have about 450 IP addresses and I would like to block them.