for about only 3 months running, my server iptables has 36 ipaddresses blocked so far (most of them are from .edu.cn and .edu.tw, dunno why? maybe because of summer break hehe..).
Those IP got blocked mostly because of SSH bruteforce. Everytime I noticed any SSH bruteforce on my /var/log/secure, I just issued "iptables -A INPUT -p all -s [ipaddress] -j DROP"
so, I'm just curious, how about yours ? how many IP in your blocked lists?
how can i set up a cron that will run monthly and will delete the ips blocked by csf and those logged in iptables? its like every month i want to start clean with iptables
View 2 Replies View RelatedI have blocked an IP both in host.deny AND in iptables...and the guy is still able to access my server...any suggestions or something to look for.
CentOS 4.5
One of my VPS clients has had all of the ip addresses on his server blocked/blacklisted on the hotmail service, he cannot send email to or recieve email from anyone with a hotmail email address, does anyone have any ideas on a solution, other than changing all the ip's on his vps?
View 11 Replies View RelatedI cannot send emails to name@hotmail.com from any of sites hosted on my server. No mass emails. no unusual activities. Even though they blocked it. I filled out their forms but they didn't remove the block.
View 11 Replies View Relatedhow to find how many ip blocked in ip table?also tell me how clear the ip table and find what are ips blocked in ip table
View 5 Replies View RelatedJust wondering if there was a way to trace if an email has been blocked by a webhosts server.
My customer gets an automated email when he books online for Qantas Australia (Australia's biggest Airline Company). I have moved them from an Australian based web host to a US based server and host.
Since the host move, these emails no longer go through to the clients email address on the new hosts server.
I got Qantas to send the email through to me which is on a US server also but a different host to that of my client?? But they did not come through to me even.
I got Qantas to send it through to my personal email address (an Australian bigname ISP) which went through fine and I received it.
The auto generated email possibly could be coming through a 3rd party server so I was thinking maybe this server IP has been blocked for whatever reason (if 3rd party it could have been anyone) It is just strange that used to get them OK through the Australian server and still through my persoanl Australian ISP.
So is there a way to check and confirm and secondly if my suspicions are right would there be a process of trying to get the hosts to accept an email from Qantas as this customer doesnt want to have another email account.
I would like to setup a rule through iptables or something that will let me so, only one ip can have XX connections per minute/hour or whatever time is set.
or something that will ban ips that are opening massive connections kinda like this ...
I'm trying to help someone with a shoutcast bandwidth server issue.
They have almost maxed out their bandwidth on one server and need the shoutcast servers on another box (but needs to maintain the same ip)
I tried this:....
There is a strange problem with the new feature fail2ban. I have noticed that a local ip address (ip address from the webserver itself) was added to the blocked ip addresses of fail2ban now for the second time. What I can see is that it was the recidive jail.
If there is nginx used as reverse proxy you get a "502 Bad Gateway". Any way to find out more about the reason why an ip address is added to the list of blocked ip addresses in fail2ban?
my question
i Have a server with centos and WHM cpanel , the last days i have read in the ssh log files (security) many failure logins from many IP adress
i read some about IPtables and everytime when i read in the log for an ip i block this Ip from IPtables , but this seems bad and boring exepiriance everyday.
so does anyone know the exact command for the IPtables , how to have access to my ssh ONLY from my ip address ?
my IP adress it is static and i want only from that ip to have access to the server and noone else from diferent ip
I execute the following commands, in the following order:
iptables --flush
iptables --zero
iptables -A INPUT -s 218.65.12.161 -j DROP
will that last command successfully ban that IP until reboot?
If not, what needs to be done? I can't access my site if I don't flush + zero iptables first but I need to be able to ban with iptables.
My customer has an external facing Apache server that is acting as a reverse proxy to two internal applications. They have:
- external addresses for each app which resolve to different ip addresses, so app1.their_domain.com and app2.their_domain.com resolve to 77.3.170.10 and 77.3.170.11 respectively.
- the Apache server has two network interfaces with ip addresses 192.168.10.10 and 192.168.10.11
- the external ip addresses resolve to the above internal addresses
- the firewall between the Apache server and the internal app servers is configured to allow traffic from 192.168.10.10 to reach app_server1, and traffic from 192.168.10.11 to reach app_server2, both using port 7777.
I have configured a virtual host in httpd.conf for each ip, i.e.
Code:
<VirtualHost 192.168.10.10:80>
...
ProxyPass /app http://app_server1:7777/app
ProxyPassReverse /app http://app_server1:7777/app
RewriteRule ^/$ /app/app1 [R,L]
...
<VirtualHost>
and
Code:
<VirtualHost 192.168.10.11:80>
...
ProxyPass /app http://app_server2:7777/app
ProxyPassReverse /app http://app_server2:7777/app
RewriteRule ^/$ /app/app2 [R,L]
...
<VirtualHost>
This works fine in that the external address are being routed to the correct application, however the firewall is blocking requests to the second app as it appears the requests are coming from the Apache servers 'primary' ip address 192.168.10.10 instead of 192.168.10.11.
Is it possible to send requests using the ip address from the relevant VirtualHost?
Windows server 2008
Apache 2.2
I am using virtuozzo firewall to secure access.
I enter 58.27.175.211/255.255.255.0 for Source Address and Netmask for port 22.
But still I can connect using 58.181.103.217 or 58.27.151.120.
Second is it possible to enter two different ip address in source address?
I just bought a new ip address and want to setup this new ip as my server's main ip, making the 'existing main ip' as the secondary ip.
Which means, this new ip will be the server's default ip address for all services, including when connecting to other server.
I'm using CentOs 4.5 and swsoft's panels: HSPcomplete & Virtuozzo Power Panel, and Webmin.
I want to redirect a website to a particular URL so that the address bar shows the same URL and not the destination URL. I know it is possible via URL masking, however, I want it in such a way that whenever somebody clicks on any link in the website, the address bar should still show the original URL. To put it in simple words, Suppose I want to redirect [url] to [url]. Now if there is a link named contact/index.htm and somebody clicks on it the address bar should display [url]and not redirect to [url]
How can it be possible using URL Rewrite method in .htaccess file?
The problem usually goes like this:
- I can't access the webserver
- I'll try to restart httpd, and I'll get
Starting httpd: (98)Address already in use: make_sock: could not bind to address [::]:443
To fix this, I run
[root@www1 ~]# lsof -i tcp:443
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
perl 11307 apache 4u IPv6 476943447 TCP *:https (LISTEN)
There is always leftover process that is causing the restart to fail. Once i force kill the process, I am able to restart httpd properly.
Now it is ok if this just occurs once in a while, but this problem keeps repeating itself almost everyday at 4am server time (cron time?). What can I do to permanently fix this?
i have vbulletin forum with 250,000 member
i tried to send a message to them so i used this blugin
[url]
and send 200 message every 10 minute
after 4 days my ip address are blocked from yahoo server
every mail i want to send i get this message
[TS03] All messages from xx.xx.xx.xx will be permanently deferred; Retrying will NOT succeed. See [url]
All of a sudden my sites are not visible to me hosted in the same cirtex hosting account. I have verified that it wasn't spyware messing with my local computer and can view the site via a proxy. They use cpanel and there is no block visible, but there has to be something somehwere. I told them to restart and that did make the site visible until I checked in the morning, Where would a block be if this is it and is there a chance this was done by a hacker?
View 1 Replies View Relatedhow willing your ISP/carrier is to block one or multiple IP addresses that have may have been causing issues for you such as DDoS attacks, hackings etc.
What has been your experience? Please provide as much detail on your experience as possible.
I am blocked by MSN. All email messages directed to any @hotmail.com address is rejected, here a typical message:
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
name@hotmail.com
SMTP error from remote mail server after MAIL FROM:<user@mydomain.com> SIZE=1802:
host mx3.hotmail.com [65.54.244.200]: 550 Your e-mail was rejected for policy reasons on this gateway. Reasons for rejection may be related to content such as obscene language, graphics, or spam-like characteristics (or) other reputation problems.
I have never spammed nor sent similar content as that listed above.
My host provider says they are contacting MSN for an explantion, but time is running and I need to find a solution to this, because I have some customers (hosted in my server) which need to answer to @hotmailers prospects on their product/services.
I need to block a specific IP:
93.6.224.242
It adds fine when I do:
iptables -A INPUT -s 93.6.224.242 -j DROP
However, the IP is still accessing files and pages on the site according to Apache:
When I ban other IP's they are blocked from accessing anything on the server (e.g. it wouldn't even reach Apache level because of firewall), but this IP just isn't banning properly.
am using APF firewall and am getting ddos from these range ips
4.68.25.*
8.0.4.*
8.0.5.*
how could i delete all the range from these ip's?
I have recently switched to GreenGeeks, great company and great support, but I am having a huge problem that all my clients and I are having problems with. No one can send emails to ATT, Verizon, Earthlink, Comcast, Etc. because they bounce back as being blocked. I have contacted them to unblock the IP and they do, but then a few days pass and it's blocked again. WTH? I've contacted GreenGeeks and they are aware of the problem but I really need to move on with this problem, does anyone know of any solution to do?
Example: ....
We just got a new windows server and didnt put an antivirus or configure windows firewall, while setting up for the 1st two months.
our IP address has been blocked twice now by this company, on saturday, released on monday and blocked again on tuesday.
[url]
we applied to have it removed which they did and blocked it again, they claim we were spamming, which we never did
We have installed mcafee and setup windows firewall.
One of my clients ran an e-mail bomber and gmail is blocking all emails from my server. I've searched but can't find a way to reach google or unblock the IP.
View 6 Replies View RelatedI have exim mailserver (cpanel based),and when i send mails to some domains i have got the following error
550 Service unavailable; Client host [xxx.xxx.xxx.xxx] blocked using 88.blacklist.zap; Mail From IP Banned To request removal from this list please forward this message to delist@frontbridge.com
How can i solve this issue ? How can i avoid my IP from listing in 88.blacklist.zap?
Recently switched firewalls from APF and CSF, and so far couldn't be happier! But I do have some questions on SYNFLOOD_RATE within CSF.
Currently have a setting for "40/s" and I am still getting many messages in /var/log/messages with *SYNFLOOD Blocked*.
If I enable Synflood checking, the load on the server increases, but the bandwidth usage decreases. But I'm wondering if 'good' visitors are getting turned away?
Is the setting meaning block above 40/s per IP?
Or simply block above 40/s?
Also, does the firewall simply drop the packets above 40?
And is the IP Blocked?
They started blocking my Port 25, so I made an iptables entry on my server to redirect posrt 26 to port 25 so I could set my outgoing mail for my server (from Outlook) to port 26. But one day later teh bastards are blocking my port 26 too! Guess they just don't want ANY outbound mail send from anything but their servers! If I had any other option, I'd dump Comcast in a heartbeat!
View 3 Replies View Related