*Request* Easy IP ban

10 posts / 0 new
Last post
#1 Sat, 03/29/2008 - 14:59
sales@mytechdir...

*Request* Easy IP ban

Can an easier way to ban IP's be implemented?

I have been getting a lot of bots from China and if I could just start banning IP's with a couple of clicks, that would be great.

Thank you.

Sun, 03/30/2008 - 08:35
desperatedcoolman

Maybe you can set it in Webmin->Networking->Linux Firewall?

I think it's pretty fast to do it.

Thu, 04/17/2008 - 03:29 (Reply to #2)
DanLong

We've had this discussion before, blocking IPs changing ports, etc.

http://www.virtualmin.com/forums/limit/10/limitstart/0/help-home-for-new...

Another of the wonders of Joe and Jamie and Virtualmin/Webmin and the ease of administration it brings. These rules changed life here immeasurably with the only inconvenience being a legitimate user with a failed login having to wait a period before retrying. But we are now able to allow SSH and FTP with minimal intrusions.

Hope that helps,
Dan

Sun, 03/30/2008 - 08:47
sales@mytechdir...

I am unfamiliar with linux, so to me, I wonder what it all is.

Sun, 03/30/2008 - 15:18 (Reply to #4)
Joe
Joe's picture

The Linux Firewall module documentation can be found here:

http://doxfer.com/Webmin/LinuxFirewall

You may also want to consider some automatic tool like fail2ban, or consider adding a stateful rule to your firewall that blocks rapidly repeating connection attempts, rather than manually adding rules.

Note that we don't use either on our systems, but many folks here have reported success with them.

There was a good thread here in the forums a while back about active iptables rules, which is worth reading if this kind of attack is a concern for you:

http://www.virtualmin.com/index.php?option=com_fireboard&Itemid=77&a...

--

Check out the forum guidelines!

Sun, 03/30/2008 - 16:09
sales@mytechdir...

Thank you, I will read up on it next week. After 3 days, they seem to have gone away. However, the server was off this morning so I am not sure what happened over night.

Fri, 04/04/2008 - 06:38
SteveHeinsch

Sorry if this double posts, they always seem to for me. Anyway, in addition to Joes suggestion, I also suggest to change the default ports for ssh and ftp. After this simple change, my failed logins went down by about 90%. That doesnt mean that people wont find you with a port scanner, but it significantly cut down the number of attempts, which frees resources. Oh, we also block as much of china and russia as we can in our iptables. Nothing good (traffic-wise) ever comes from those places as far as my customers go. Spam will also be reduced, which will really help free system resources.

PS- I dont mean to offend anybody of Chinese or Russian descent, its just been my experience that the majority of hacking attempts come from these 2 countries. They are like the US used to be in the 80s. :)

Mon, 04/07/2008 - 00:52 (Reply to #7)
trex

odd .. most of the hacking attempts on my server come from USA.. (not all but most .. yes some do come from china or japan.. but 80% from usa ) ... spam is like 97% from usa

the best way to kill al hacking attempts is to simply block ssh.. and only allow access to it from trusted ip's (customer ip's).

Mon, 04/07/2008 - 00:59 (Reply to #8)
trex

The
"Oops! You've hit a bug in the forum software. It'll be fixed soon."
is preventing me from editing my post .. therefor i'll add another one.

99% of the spam and hacking attempts come from hacked boxes (users on dial-up or dsl, users with dynamic ip's).

in the end an easy ban mod would sound great
a way to configure rules on how it will block connections
and a batch mod to add multiple ip's at once that would make banning much faster.

Wed, 04/16/2008 - 21:43
sales@mytechdir...

Damn I hate these Chinese bots.