How To Block (IP) Failed Logins

Mar 2, 2008

I have a personal dedicated server for family sites, but there seems to be someone or something trying to ssh into the server.

I have BFD installed and that has blocked the IP(s) after a number of attempts.

How can I change when it blocks the IP, say after 3 attempts or a certain number of attempts within a time limit, is this possible with BFD?

View 3 Replies


ADVERTISEMENT

WHM/Cpanel Block All Non Ssl Logins

Oct 30, 2008

We are being required to turn off all non-ssl logins to our server. I have turned on ssl redirection, but that only works when access by domain.

if a user types in the direct port number either http://domain.com:2086
or http://xxx.xxx.xxx.xxx:2086
they can still get access to the non-ssl login page.

I need to be able to disable all port access to non-ssl login pages for ports 2086,2082 and 2095.

My servers are running CSF+LFD and i have tried removing the ports from the configuration, but i still can gain access.

View 2 Replies View Related

Exim Sda7: Write Failed, User Block Limit Reached

May 23, 2009

i have run exim -qff from SSH then i got below error let me know what to do

Code:
root@web [~]# exim -qff
sda7: write failed, user block limit reached.
sda7: write failed, user block limit reached.
sda7: write failed, user block limit reached.

View 4 Replies View Related

Record .htaccess Logins?

Dec 20, 2006

I have a site that has a members section requiring members to log in with a username/password through .htaccess & .htpasswd file. Just wondering, is there a way I can record their logins and ip addresses using PHP scripts or .htaccess? I just want to keep track of the logins so I can see which login is being abused and keeping track of them.

View 3 Replies View Related

Anyone Seeing Tons Of Rejected Ssh Logins

May 6, 2008

I have DenyHosts to ban an IP after 5 failed ssh logins, and send me an e-mail when it happens. Ordinarily I average around 3 banned hosts a week.

I've gotten ten today. Four of them happened with a couple minutes of each other.

I'm just wondering if this is widespread, as if something new was just unleashed? Or is it just dumb (un)luck? I'm not really concerned; every account has a strong password.

I'm merely curious about whether or not other people have seen a surge in brute-force attempts?

(This machine is just hosting a couple of my sites, which get almost no hits... It's not as if people are specifically targeting me. It's just them guessing "alice" and "bob" type usernames.)

View 8 Replies View Related

How To Limit Number Of Simultaneous SSH Logins

May 28, 2009

I would like to know if it is possibl to limit SSH logins for any user to 2. The OS is CentOS.

View 3 Replies View Related

Installed A Script To Notify Me Of Root Logins

Apr 29, 2009

I got an email from my server telling me "tty1" has logged into root. Can anyone tell me what that means? Is this some sort of hack? Usually it tells me which IP logged when someone logs in not "tty1".

View 6 Replies View Related

2-5min Delay In Logins And Misc. Apps.

May 9, 2009

VPS: Openvz, 512mb, 50gb hd, 10mbit shared located in Kansas.

Problem: After entering in my username / password I experience a 2-5 minute delay before the login is processed. I have tried logging in from 3 different ISP's (AT&T, Comcast, T-mobile via Blackberry), 1 webserver (ssh), and HyperVM's Java client. Each produces the same result.

Also, apps such as yum and traceroute produce the same long delays ranging from 2-5 minutes as though the vps locks up or the node has zero resources.

When I use the command center via HyperVM I receive the same long delays. Rebuilding the VPS does nothing. O/S has no affect.

Despite long discussions with the VPS staff they insist there are no problems on their end and that no one else is experiencing this problem. What gives?

View 9 Replies View Related

Way To Block IP

Jul 8, 2009

I am curious, what is the best way to ban certain IP from accessing server? I have software firewall (APF) and there is, of course, /etc/hosts.deny.

Which is the most efficient? I've read that software firewall becomes unstable after so many entries. Does the same apply to /etc/hosts.deny file?

Or is there a better way altogether?

View 7 Replies View Related

How To Block IP

Jun 8, 2009

some Chinese forums hotlinking images from my site and I even delete those images they keep sending me huge amount of http requests to my hosting server and eating 800mb of memory and upto 1GB cause server crash

I tried to block incoming referrer traffic from those sites using htaccess but it didn't work , I still see their http request on my server logs and memory keep goes high , am not sure my code is the right

how can I block these http request from these domains , what is the right htaccess code , I use DirectAdmin panel by the way

View 7 Replies View Related

Block IP, How To

May 16, 2007

Can any one let me know how to block a range IP on SSH?

Eg: i'd like to block all IP: 67.63.123.xxx

View 5 Replies View Related

How To Block A Block Of IP'S

Jan 9, 2007

I'm currently experiencing a lot of IP's starting with 200 and 201 (from Brazil) some IP’s have over 200 connections. I have APF installed and want to know how to block a block on ip's if this is possible.
IPS:
200.11.*******
201.*******

View 3 Replies View Related

How To Block All Other IP And Allow Certain IP Using APF

Apr 27, 2007

I have DDos Attack right now so I want to block all the IP from all over the world and just allow certain IP range.

How to do it using APF or any other way.

For example I want to block everything but Germany IP

Code:
53.0.0.0/8
62.4.64.0/19
62.8.32.0/19
62.8.128.0/17
62.24.0.0/19
62.26.0.0/15
62.40.0.0/19
62.44.32.0/19
62.48.64.0/19
62.50.32.0/19
62.50.96.0/19
62.50.192.0/18
62.52.0.0/14
62.61.32.0/19
62.68.0.0/19
62.72.0.0/18
62.72.64.0/19
62.75.128.0/17
62.78.64.0/20
62.80.0.0/18
62.80.96.0/19
62.89.160.0/19
62.91.0.0/16
62.93.192.0/18
62.95.128.0/18
62.104.0.0/16
62.109.64.0/18
62.109.128.0/19
62.111.0.0/17
62.112.32.0/19
62.112.64.0/19
62.112.128.0/19
62.116.128.0/18
62.117.0.0/19
62.128.0.0/19
62.128.160.0/19
62.133.0.0/19
62.138.0.0/16
62.141.32.0/19
62.141.160.0/19
62.145.0.0/19
62.143.0.0/16
62.144.0.0/16
62.146.0.0/16
62.152.0.0/19
62.152.160.0/19
62.153.0.0/16
62.154.0.0/15
62.156.0.0/14
62.165.0.0/19
62.168.192.0/19
62.169.0.0/19
62.176.128.0/19

View 2 Replies View Related

To Block IP

Apr 15, 2007

how can i block to access to some IP?

for examaple scripts in my hosts can not access to some IPs i want

View 6 Replies View Related

How To Tell Fortigate Not To Block My VPS IP

May 5, 2009

Fortigate appliances blocking an IP that is not in RBLs I have a problem with the IP 66.187.108.157 of my VPS it seems to be blocked by Fortigate appliances, as you can see in this error message:

SMTP error from remote mail server after RCPT TO:[url] host mail.am.com.pe [200.62.221.107]: 554 5.7.1 This message has been

blocked because it is from a FortiGuard - AntiSpam black IP address.(connection black ip 66.187.108.157)

However I have searched in this URL [url]and it is clean.

Any ideas on how to have/force Fortigate databases to become updated.

View 1 Replies View Related

Block Spam

May 12, 2009

I'm having difficulties with a whm running on centos dedicated server. The problem is that we receive too much of spam and junk emails. by too much I mean 2000 bulks per week. It's killing us.

how I can stop it.

View 14 Replies View Related

How To Block The World

Jul 4, 2009

IM about tired of spam and hackers putting phishing items on my server.

My question is.

How can I block the whole world expect for US, CA and UK?

I've added several countrys to csf's csf.deny list but half of them keep disappearing.

View 14 Replies View Related

Block A Specific ISP

Jun 12, 2008

Is there any way to block a particular ISP? Have a visitor that changes IP hourly, but the IP always resolves back to a hostname like dsl.yuns.sksk.uk .

I have CSF installed. Any way to block all visitors from dsl.yuns.sksk.uk?

View 3 Replies View Related

Suhosin Block

Jun 17, 2008

in one of my servers i have this line in my ConfigServer Security & Firewall:

190.28.118.155 # lfd: 10 (suhosin) login failures from 190.28.118.155 - Mon Jun 16 23:27:50 2008

is this ok? i mean... its an attack of some sort? i know suhosin is meant to increase php security, so its blocking an attack right?

View 0 Replies View Related

Apf To Block An IP Address

Apr 29, 2008

I have blocked this IP 125.115.144.28

/etc/apf/apf -d 125.115.144.28

But

netstat -anp|grep tcp|awk '{print $5}'| cut -d : -f1 | sort | uniq -c | sort -n

It still showing

202 125.115.144.28

Why?

Is it supposed to blocked right away, or need some time to get blocked.

When I checked /etc/apf/deny_hosts.rules

The IP is in the file.

View 12 Replies View Related

Block An IP Range ...

Apr 6, 2008

I set up a forum for a small group of users, so I don't really wish to see spiders or bots on it, so I've put a robots.txt file there to prevent all of them from accessing the forum pages.

I know not all bots follow the robots.txt rule, and these days a really annoying bot called MUNAXNET or Munax AB with IP range 82.99.30.0 - 82.99.30.127 is causing the forum to have extra and unexpected loads.

I've tried to block this IP range with .htaccess and uploaded it to the root of the site a few days ago, here is the content:

<Limit GET HEAD POST>
order allow,deny
deny from 82.99.30.0-82.99.30.127
allow from all
</LIMIT>
However strangely it seems that all of these are not working for this bot, today I saw my forum had 80 users online and that army still keeps coming and browsing all pages of my forums...

I tested the .htaccess with blocking myself, and it actually worked for me, dunno why it's not working for that bot..

View 3 Replies View Related

Should I Block Yandex

Mar 13, 2008

I was just researching my log analyzers to see whats happening... I noticed something new in the logs, a large number of unnamed robots or spiders... so I found the robot... it was this:

23310 7.99% 23303 9.48% 1159765 18.56% 22 0.12% 77.88.26.26

After some reading, sites say the ip belongs to spider26.yandex.ru

For simply security reasons, would it be in best interest to block the entire subnet? It seems that the same IP ending in .25 belongs to spider25.yandex.ru

View 0 Replies View Related

Anyone Using Snort - Does It Really Block Anything

Apr 25, 2008

Is anyone using snort?

Does it really block any web based attacks?

I know I can do port scans, and it can alert you to a whole bunch of false positvies, but is it blocking/detecting any serious attacks on your web server?

If so, which rules are the one is alerting on?

View 0 Replies View Related

Block A Bot By Netmask

Jan 8, 2008

I have a Juniper firewall. I'm seeing a ton of traffic from the Twiceler bot in the range of 100,000 hits a day. Luckily they've more recently put up a list of IP addresses their bots use at:

[url]

So, I'm blocking all of these now. However I think it's a simple Netmask issue I'm having. I'm blocking all ports from

208.36.144.0/24
38.99.13.0/24
38.99.44.0/24
64.1.215.0/24

However, I am still seeing the bot in server log files. Could it be that I should not be specifying .0 at the end, but instead .1? Like this in the policy?

64.1.215.1/24

View 3 Replies View Related

Block Spam

Jun 16, 2008

I have spamassassin configured its working 90% but still I am receiving mails from my ID only. Like I have info@domain.com so I am receiving mail from info@domain.com to info@domain.com.

View 7 Replies View Related

Block Proxy

Feb 21, 2007

How do I block known proxy sites such as anonymouse.org or such via CSF (firewall)? I'll need to block by domains, wildcard domains (such as *proxy.tld) and IP's.

What is the proper way and is there a nice list of such proxies? I'm trying to prevent some degenerate troll from accessing my forum.

View 3 Replies View Related

How To Block Certain Referrals

Apr 22, 2008

Since yesterday I have noticed some odd activity at one of my websites - www.cartuningcentral.com

The problem is that I am getting huge traffic from what I would say are traffic exchange programs, which I didn't buy, and don't want to have at all.

Examples of the referrals I am getting are:

[url]
[url]

Full details can be found here:

[url]

Now, I have tried to block all those using .htaccess, but I am by no means an expert on that.

Here's what I have done:

RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} ^(http://)?67.192.42.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} (tserve) [NC,OR]
RewriteCond %{HTTP_REFERER} (trafficserver) [NC,OR]
RewriteCond %{HTTP_REFERER} (67.192.42.2) [NC,OR]
RewriteCond %{HTTP_REFERER} (67.192.42.5) [NC]
RewriteRule .* - [F]
But it's not working at all.

how to block those referrals please?

It can be either using .htaccess, php, whatever.

View 4 Replies View Related

BFD Events Before Block

Feb 12, 2007

I Have APF and BFD Installed but it always seems to show 80 odd events before blocking the IP. Is there a way of setting it to say 10 wrong attempts?

I Tried this, but it hasn't done a thing. below happened after the change.

Quote:

REQ="/usr/sbin/sshd"
if [ -f "$REQ" ]; then
LP="/var/log/secure"
TLOG_TF="sshd"
TRIG="10"

Quote:

Originally Posted by From BFD E-mail

The remote system 205.234.140.219 was found to have exceeded acceptable login failures on URL; there was 83 events to the service sshd. As such the attacking host has been banned from further accessing this system. For the integrity of your host you should investigate this event as soon as possible.

Executed ban command:
/etc/apf/apf -d 205.234.140.219 {bfd.sshd}

The following are event logs from 205.234.140.219 on service sshd (all time stamps are GMT -0600):

Feb 12 09:08:32 serverthree sshd[4552]: Failed password for invalid user test from ::ffff:205.234.140.219 port 35549 ssh2 Feb 12 09:08:32 serverthree sshd[4552]: Received disconnect from ::ffff:205.234.140.219: 11: Bye Bye Feb 12 03:08:33 serverthree sshd[4555]: Invalid user test from ::ffff:205.234.140.219 Feb 12 03:08:35 serverthree sshd[4553]: Failed password for invalid user test from ::ffff:205.234.140.219 port 35745 ssh2 Feb 12 09:08:35 serverthree sshd[4554]: Failed password for invalid user test from ::ffff:205.234.140.219 port 35745 ssh2 Feb 12 09:08:35 serverthree sshd[4554]: Received disconnect from ::ffff:205.234.140.219: 11: Bye Bye Feb 12 03:08:35 serverthree sshd[4557]: Invalid user test from ::ffff:205.234.140.219 Feb 12 03:08:35 serverthree sshd[4555]: Failed password for invalid user test from ::ffff:205.234.140.219 port 35794 ssh2 Feb 12 09:08:35 serverthree sshd[4556]: Failed password for invalid user test from ::ffff:205.234.140.219 port 35794 ssh2 Feb 12 09:08:35 serverthree sshd[4556]: Received disconnect from ::ffff:205.234.140.219: 11: Bye Bye Feb 12 03:08:36 serverthree sshd[4559]: Invalid user test from ::ffff:205.234.140.219 Feb 12 03:08:37 serverthree sshd[4557]: Failed password for invalid user test from ::ffff:205.234.140.219 port 35978 ssh2 Feb 12 09:08:37 serverthree sshd[4558]: Failed password for invalid user test from ::ffff:205.234.140.219 port 35978 ssh2 Feb 12 09:08:37 serverthree sshd[4558]: Received disconnect from ::ffff:205.234.140.219: 11: Bye Bye Feb 12 03:08:38 serverthree sshd[4561]: Invalid user test from ::ffff:205.234.140.219 Feb 12 03:08:38 serverthree sshd[4559]: Failed password for invalid user test from ::ffff:205.234.140.219 port 36033 ssh2 Feb 12 09:08:38 serverthree sshd[4560]:

[snipped irrelevant and lengthy log file - gbjbaanb]

Failed password for invalid user testing from ::ffff:205.234.140.219 port 42990 ssh2 Feb 12 09:10:00 serverthree sshd[4679]: Received disconnect from ::ffff:205.234.140.219: 11: Bye Bye Feb 12 03:10:01 serverthree sshd[4682]: Invalid user testing from ::ffff:205.234.140.219 Feb 12 03:10:02 serverthree sshd[4680]: Failed password for invalid user testing from ::ffff:205.234.140.219 port 43145 ssh2 Feb 12 09:10:02 serverthree sshd[4681]: Failed password for invalid user testing from ::ffff:205.234.140.219 port 43145 ssh2 Feb 12 09:10:02 serverthree sshd[4681]: Received disconnect from ::ffff:205.234.140.219: 11: Bye Bye
----

View 3 Replies View Related

Block TOR Network

Apr 17, 2007

I am seeing quite a few hacking attempts coming from the TOR network. I'd like to block the TOR network on the firewall level. Anyone know how to block them?

There is a python script, but I am not familiar with Python at all and do not know how run this script. It is supposed to extract all current IP Addresses and provide a list.

I think they have about 450 IP addresses and I would like to block them.

View 7 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved