for about only 3 months running, my server iptables has 36 ipaddresses blocked so far (most of them are from .edu.cn and .edu.tw, dunno why? maybe because of summer break hehe..).
Those IP got blocked mostly because of SSH bruteforce. Everytime I noticed any SSH bruteforce on my /var/log/secure, I just issued "iptables -A INPUT -p all -s [ipaddress] -j DROP"
so, I'm just curious, how about yours ? how many IP in your blocked lists?
how can i set up a cron that will run monthly and will delete the ips blocked by csf and those logged in iptables? its like every month i want to start clean with iptables
One of my VPS clients has had all of the ip addresses on his server blocked/blacklisted on the hotmail service, he cannot send email to or recieve email from anyone with a hotmail email address, does anyone have any ideas on a solution, other than changing all the ip's on his vps?
I cannot send emails to name@hotmail.com from any of sites hosted on my server. No mass emails. no unusual activities. Even though they blocked it. I filled out their forms but they didn't remove the block.
Just wondering if there was a way to trace if an email has been blocked by a webhosts server.
My customer gets an automated email when he books online for Qantas Australia (Australia's biggest Airline Company). I have moved them from an Australian based web host to a US based server and host.
Since the host move, these emails no longer go through to the clients email address on the new hosts server.
I got Qantas to send the email through to me which is on a US server also but a different host to that of my client?? But they did not come through to me even.
I got Qantas to send it through to my personal email address (an Australian bigname ISP) which went through fine and I received it.
The auto generated email possibly could be coming through a 3rd party server so I was thinking maybe this server IP has been blocked for whatever reason (if 3rd party it could have been anyone) It is just strange that used to get them OK through the Australian server and still through my persoanl Australian ISP.
So is there a way to check and confirm and secondly if my suspicions are right would there be a process of trying to get the hosts to accept an email from Qantas as this customer doesnt want to have another email account.
I would like to setup a rule through iptables or something that will let me so, only one ip can have XX connections per minute/hour or whatever time is set.
or something that will ban ips that are opening massive connections kinda like this ...
There is a strange problem with the new feature fail2ban. I have noticed that a local ip address (ip address from the webserver itself) was added to the blocked ip addresses of fail2ban now for the second time. What I can see is that it was the recidive jail.
If there is nginx used as reverse proxy you get a "502 Bad Gateway". Any way to find out more about the reason why an ip address is added to the list of blocked ip addresses in fail2ban?
i Have a server with centos and WHM cpanel , the last days i have read in the ssh log files (security) many failure logins from many IP adress
i read some about IPtables and everytime when i read in the log for an ip i block this Ip from IPtables , but this seems bad and boring exepiriance everyday.
so does anyone know the exact command for the IPtables , how to have access to my ssh ONLY from my ip address ?
my IP adress it is static and i want only from that ip to have access to the server and noone else from diferent ip
My customer has an external facing Apache server that is acting as a reverse proxy to two internal applications. They have:
- external addresses for each app which resolve to different ip addresses, so app1.their_domain.com and app2.their_domain.com resolve to 77.3.170.10 and 77.3.170.11 respectively. - the Apache server has two network interfaces with ip addresses 192.168.10.10 and 192.168.10.11 - the external ip addresses resolve to the above internal addresses - the firewall between the Apache server and the internal app servers is configured to allow traffic from 192.168.10.10 to reach app_server1, and traffic from 192.168.10.11 to reach app_server2, both using port 7777.
I have configured a virtual host in httpd.conf for each ip, i.e.
This works fine in that the external address are being routed to the correct application, however the firewall is blocking requests to the second app as it appears the requests are coming from the Apache servers 'primary' ip address 192.168.10.10 instead of 192.168.10.11.
Is it possible to send requests using the ip address from the relevant VirtualHost?
I want to redirect a website to a particular URL so that the address bar shows the same URL and not the destination URL. I know it is possible via URL masking, however, I want it in such a way that whenever somebody clicks on any link in the website, the address bar should still show the original URL. To put it in simple words, Suppose I want to redirect [url] to [url]. Now if there is a link named contact/index.htm and somebody clicks on it the address bar should display [url]and not redirect to [url]
How can it be possible using URL Rewrite method in .htaccess file?
- I can't access the webserver - I'll try to restart httpd, and I'll get
Starting httpd: (98)Address already in use: make_sock: could not bind to address [::]:443
To fix this, I run
[root@www1 ~]# lsof -i tcp:443 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME perl 11307 apache 4u IPv6 476943447 TCP *:https (LISTEN)
There is always leftover process that is causing the restart to fail. Once i force kill the process, I am able to restart httpd properly.
Now it is ok if this just occurs once in a while, but this problem keeps repeating itself almost everyday at 4am server time (cron time?). What can I do to permanently fix this?
All of a sudden my sites are not visible to me hosted in the same cirtex hosting account. I have verified that it wasn't spyware messing with my local computer and can view the site via a proxy. They use cpanel and there is no block visible, but there has to be something somehwere. I told them to restart and that did make the site visible until I checked in the morning, Where would a block be if this is it and is there a chance this was done by a hacker?
how willing your ISP/carrier is to block one or multiple IP addresses that have may have been causing issues for you such as DDoS attacks, hackings etc.
What has been your experience? Please provide as much detail on your experience as possible.
I am blocked by MSN. All email messages directed to any @hotmail.com address is rejected, here a typical message:
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
name@hotmail.com SMTP error from remote mail server after MAIL FROM:<user@mydomain.com> SIZE=1802: host mx3.hotmail.com [65.54.244.200]: 550 Your e-mail was rejected for policy reasons on this gateway. Reasons for rejection may be related to content such as obscene language, graphics, or spam-like characteristics (or) other reputation problems.
I have never spammed nor sent similar content as that listed above.
My host provider says they are contacting MSN for an explantion, but time is running and I need to find a solution to this, because I have some customers (hosted in my server) which need to answer to @hotmailers prospects on their product/services.
It adds fine when I do: iptables -A INPUT -s 93.6.224.242 -j DROP
However, the IP is still accessing files and pages on the site according to Apache:
When I ban other IP's they are blocked from accessing anything on the server (e.g. it wouldn't even reach Apache level because of firewall), but this IP just isn't banning properly.
I have recently switched to GreenGeeks, great company and great support, but I am having a huge problem that all my clients and I are having problems with. No one can send emails to ATT, Verizon, Earthlink, Comcast, Etc. because they bounce back as being blocked. I have contacted them to unblock the IP and they do, but then a few days pass and it's blocked again. WTH? I've contacted GreenGeeks and they are aware of the problem but I really need to move on with this problem, does anyone know of any solution to do?
One of my clients ran an e-mail bomber and gmail is blocking all emails from my server. I've searched but can't find a way to reach google or unblock the IP.
I have exim mailserver (cpanel based),and when i send mails to some domains i have got the following error
550 Service unavailable; Client host [xxx.xxx.xxx.xxx] blocked using 88.blacklist.zap; Mail From IP Banned To request removal from this list please forward this message to delist@frontbridge.com
How can i solve this issue ? How can i avoid my IP from listing in 88.blacklist.zap?
Recently switched firewalls from APF and CSF, and so far couldn't be happier! But I do have some questions on SYNFLOOD_RATE within CSF.
Currently have a setting for "40/s" and I am still getting many messages in /var/log/messages with *SYNFLOOD Blocked*.
If I enable Synflood checking, the load on the server increases, but the bandwidth usage decreases. But I'm wondering if 'good' visitors are getting turned away?
Is the setting meaning block above 40/s per IP?
Or simply block above 40/s?
Also, does the firewall simply drop the packets above 40?
They started blocking my Port 25, so I made an iptables entry on my server to redirect posrt 26 to port 25 so I could set my outgoing mail for my server (from Outlook) to port 26. But one day later teh bastards are blocking my port 26 too! Guess they just don't want ANY outbound mail send from anything but their servers! If I had any other option, I'd dump Comcast in a heartbeat!