How do I block known proxy sites such as anonymouse.org or such via CSF (firewall)? I'll need to block by domains, wildcard domains (such as *proxy.tld) and IP's.
What is the proper way and is there a nice list of such proxies? I'm trying to prevent some degenerate troll from accessing my forum.
I have a proxy site which is hosted with a proxy host, do i have to use proxy hosting as i have an account with another host i might want to use. The proxy hosting has run out.
I'm using the isapi rewrite module for iis 6 which uses the exact same syntax as mod_rewrite in apache. I'm not very well versed in apache and need getting this to work asap. Basically I have a directory in our website: URL....
I need to forward this to an IP address, for example to this address:100.12.33.45/folder.While keeping the original URL (www.xyz.edu/folder). I'm unsure of the apache syntax for this.
some Chinese forums hotlinking images from my site and I even delete those images they keep sending me huge amount of http requests to my hosting server and eating 800mb of memory and upto 1GB cause server crash
I tried to block incoming referrer traffic from those sites using htaccess but it didn't work , I still see their http request on my server logs and memory keep goes high , am not sure my code is the right
how can I block these http request from these domains , what is the right htaccess code , I use DirectAdmin panel by the way
I'm currently experiencing a lot of IP's starting with 200 and 201 (from Brazil) some IP’s have over 200 connections. I have APF installed and want to know how to block a block on ip's if this is possible. IPS: 200.11.******* 201.*******
I work for a company who is on Microsoft Technology, IIS 6.0 specifically is what I deal with day to day. We support classic asp 3.0, .net and php ( through plain jane cgi mode *yuck* ) and I am newly hired and bring ruby on rails to the table.
Eventually we are going to replace the entire stack with ruby on rails as I re-code our existing tech. While waiting for IIS 7 to solve the majority of their problems with the lack of MS made IIS modules for rewriting URLs, fast CGI, Server-Side Forwarding I need to get my application out the door and for it to be stable.
Our server is a 2.4ghz Xeon with 512mb and our first order of business is to finally push it to 2g ram. That will help Ruby best as the application is running. What I would like to do is Have IIS sit in front of Mongrel, a ruby HTTP server serving my RoR applications, and pass requests to it.
For example the IIS right now is serving 3 .org/edu sites. We use a company to redirect our URL requests to our IP and IIS has 3 virtual servers passing on the buck all on port 80. It works very well.
I want mongel to sit at, for example, port 8080 and have 1 .org that we serve to use mongrel to serve the content. As I understand it this is called Server-Side Forwording, aka Proxy, and is very ellusive on Windows.
The options I have found is a) the use of Microsoft ISA which is probably out of the question. b) an ISAPI such is ISAPI Rewrite or c) Pound
Our problems arise is that we don't have the ability to toss up another machine for Pound or ISA. Pound can run on CentOS out the box but again, no machine as we are funded by grants, and that will ruin one of the network admins remote desktop uses [so I understand but I could be wrong.]
I have posted on the ISAPI Rewrite forums to see if their 'proxy' feature is indeed what I am looking for. I don't have anything bad to say about Microsoft tech, I enjoy Apache 1x, 2x and have come to respect IIS 6 as well. I just find it hard to find a lot of solid products and documented howto's on MS. One thing I don't find lack of is people with the same darn problem and nobody willing to share solutions exept the ones that are really just technology previews.
So my question is : Has anyone has run across this need and what you did to solve it. Am I on the right track? Again, solutions like mod_proxy for apache isn't an option I need IIS.
I'm from a country that block websites! Recently they blocked a useful website that my friends and me can't live without!
We already have a dedicated server (located in the US). We need to do the following:
- register a domain name, and when this domain is requested, requests will be served through our server. That means that our server will get the requested website then delivers it to the user who has requested the website
I know I can simply install a web proxy script such as CGIProxy and use it to surf this blocked website or other blocked websites as well, but that website heavily uses Javascript which I noticed that it does not function probably with scripts such as CGIProxy .
I do not need a detailed HowTo of course, I just need to know where to start from, is this related to some apache option? Do I need some specific software to be installed on server? I need any clue to get me started.
Fortigate appliances blocking an IP that is not in RBLs I have a problem with the IP 66.187.108.157 of my VPS it seems to be blocked by Fortigate appliances, as you can see in this error message:
SMTP error from remote mail server after RCPT TO:[url] host mail.am.com.pe [200.62.221.107]: 554 5.7.1 This message has been
blocked because it is from a FortiGuard - AntiSpam black IP address.(connection black ip 66.187.108.157)
However I have searched in this URL [url]and it is clean.
Any ideas on how to have/force Fortigate databases to become updated.
I'm having difficulties with a whm running on centos dedicated server. The problem is that we receive too much of spam and junk emails. by too much I mean 2000 bulks per week. It's killing us.
Is there any way to block a particular ISP? Have a visitor that changes IP hourly, but the IP always resolves back to a hostname like dsl.yuns.sksk.uk .
I have CSF installed. Any way to block all visitors from dsl.yuns.sksk.uk?
I set up a forum for a small group of users, so I don't really wish to see spiders or bots on it, so I've put a robots.txt file there to prevent all of them from accessing the forum pages.
I know not all bots follow the robots.txt rule, and these days a really annoying bot called MUNAXNET or Munax AB with IP range 82.99.30.0 - 82.99.30.127 is causing the forum to have extra and unexpected loads.
I've tried to block this IP range with .htaccess and uploaded it to the root of the site a few days ago, here is the content:
<Limit GET HEAD POST> order allow,deny deny from 82.99.30.0-82.99.30.127 allow from all </LIMIT> However strangely it seems that all of these are not working for this bot, today I saw my forum had 80 users online and that army still keeps coming and browsing all pages of my forums...
I tested the .htaccess with blocking myself, and it actually worked for me, dunno why it's not working for that bot..
I was just researching my log analyzers to see whats happening... I noticed something new in the logs, a large number of unnamed robots or spiders... so I found the robot... it was this:
After some reading, sites say the ip belongs to spider26.yandex.ru
For simply security reasons, would it be in best interest to block the entire subnet? It seems that the same IP ending in .25 belongs to spider25.yandex.ru
I know I can do port scans, and it can alert you to a whole bunch of false positvies, but is it blocking/detecting any serious attacks on your web server?
I have a Juniper firewall. I'm seeing a ton of traffic from the Twiceler bot in the range of 100,000 hits a day. Luckily they've more recently put up a list of IP addresses their bots use at:
[url]
So, I'm blocking all of these now. However I think it's a simple Netmask issue I'm having. I'm blocking all ports from
However, I am still seeing the bot in server log files. Could it be that I should not be specifying .0 at the end, but instead .1? Like this in the policy?
I have spamassassin configured its working 90% but still I am receiving mails from my ID only. Like I have info@domain.com so I am receiving mail from info@domain.com to info@domain.com.
I Have APF and BFD Installed but it always seems to show 80 odd events before blocking the IP. Is there a way of setting it to say 10 wrong attempts?
I Tried this, but it hasn't done a thing. below happened after the change.
Quote:
REQ="/usr/sbin/sshd" if [ -f "$REQ" ]; then LP="/var/log/secure" TLOG_TF="sshd" TRIG="10"
Quote:
Originally Posted by From BFD E-mail
The remote system 205.234.140.219 was found to have exceeded acceptable login failures on URL; there was 83 events to the service sshd. As such the attacking host has been banned from further accessing this system. For the integrity of your host you should investigate this event as soon as possible.
Executed ban command: /etc/apf/apf -d 205.234.140.219 {bfd.sshd}
The following are event logs from 205.234.140.219 on service sshd (all time stamps are GMT -0600):
Feb 12 09:08:32 serverthree sshd[4552]: Failed password for invalid user test from ::ffff:205.234.140.219 port 35549 ssh2 Feb 12 09:08:32 serverthree sshd[4552]: Received disconnect from ::ffff:205.234.140.219: 11: Bye Bye Feb 12 03:08:33 serverthree sshd[4555]: Invalid user test from ::ffff:205.234.140.219 Feb 12 03:08:35 serverthree sshd[4553]: Failed password for invalid user test from ::ffff:205.234.140.219 port 35745 ssh2 Feb 12 09:08:35 serverthree sshd[4554]: Failed password for invalid user test from ::ffff:205.234.140.219 port 35745 ssh2 Feb 12 09:08:35 serverthree sshd[4554]: Received disconnect from ::ffff:205.234.140.219: 11: Bye Bye Feb 12 03:08:35 serverthree sshd[4557]: Invalid user test from ::ffff:205.234.140.219 Feb 12 03:08:35 serverthree sshd[4555]: Failed password for invalid user test from ::ffff:205.234.140.219 port 35794 ssh2 Feb 12 09:08:35 serverthree sshd[4556]: Failed password for invalid user test from ::ffff:205.234.140.219 port 35794 ssh2 Feb 12 09:08:35 serverthree sshd[4556]: Received disconnect from ::ffff:205.234.140.219: 11: Bye Bye Feb 12 03:08:36 serverthree sshd[4559]: Invalid user test from ::ffff:205.234.140.219 Feb 12 03:08:37 serverthree sshd[4557]: Failed password for invalid user test from ::ffff:205.234.140.219 port 35978 ssh2 Feb 12 09:08:37 serverthree sshd[4558]: Failed password for invalid user test from ::ffff:205.234.140.219 port 35978 ssh2 Feb 12 09:08:37 serverthree sshd[4558]: Received disconnect from ::ffff:205.234.140.219: 11: Bye Bye Feb 12 03:08:38 serverthree sshd[4561]: Invalid user test from ::ffff:205.234.140.219 Feb 12 03:08:38 serverthree sshd[4559]: Failed password for invalid user test from ::ffff:205.234.140.219 port 36033 ssh2 Feb 12 09:08:38 serverthree sshd[4560]:
[snipped irrelevant and lengthy log file - gbjbaanb]
Failed password for invalid user testing from ::ffff:205.234.140.219 port 42990 ssh2 Feb 12 09:10:00 serverthree sshd[4679]: Received disconnect from ::ffff:205.234.140.219: 11: Bye Bye Feb 12 03:10:01 serverthree sshd[4682]: Invalid user testing from ::ffff:205.234.140.219 Feb 12 03:10:02 serverthree sshd[4680]: Failed password for invalid user testing from ::ffff:205.234.140.219 port 43145 ssh2 Feb 12 09:10:02 serverthree sshd[4681]: Failed password for invalid user testing from ::ffff:205.234.140.219 port 43145 ssh2 Feb 12 09:10:02 serverthree sshd[4681]: Received disconnect from ::ffff:205.234.140.219: 11: Bye Bye ----
I am seeing quite a few hacking attempts coming from the TOR network. I'd like to block the TOR network on the firewall level. Anyone know how to block them?
There is a python script, but I am not familiar with Python at all and do not know how run this script. It is supposed to extract all current IP Addresses and provide a list.
I think they have about 450 IP addresses and I would like to block them.