Web Hosting Forum | Lunarpages

Author Topic: Using APF to ban a ip/domain?  (Read 9329 times)

Offline JeremyD

  • SleePy...
  • Jabba the Hutt
  • *****
  • Posts: 733
  • SMF Team Member
    • LcT Tribe
Using APF to ban a ip/domain?
« on: April 07, 2008, 09:58:48 PM »
I was just browsing around my root of my server when I found the /var/logs folder.
The security file that was in it has a ton (yes a ton) of failed SSH logins from this one site, The IP and domain name does not change. Its a russian website that is doing it and I am not sure if its intentional or if they have become victims.

How could I simply block this domain from making any sort of connections to my server (or at least to SSH).

How would I go about contacting their host or similar to get this resolved as well? Would a message to the support team get this directed to the right people to have these failed logins cease?

Last but not least, does APF have a user manual  :D

Offline perestrelka

  • Master Jedi
  • *****
  • Posts: 1397
Re: Using APF to ban a ip/domain?
« Reply #1 on: April 08, 2008, 03:18:04 AM »
Hello,

You can use "apf -d ip.address" command to block bruteforcing ip addresses in APF permanently. I would also recommend looking at the following anti-bruteforcing solution called BFD that integrates into APF and will be blocking malicious IPs on itself:

http://rfxnetworks.com/bfd.php

As for the address of complains, it is usually the abuse address that is taken from the whois query on the IP behaving maliciously.

Finally, basic APF information is contained in the README file that comes in APF archive. It is also available online as http://rfxnetworks.com/appdocs/README.apf

Kind Regards,
Vlad Artamonov

Offline JeremyD

  • SleePy...
  • Jabba the Hutt
  • *****
  • Posts: 733
  • SMF Team Member
    • LcT Tribe
Re: Using APF to ban a ip/domain?
« Reply #2 on: April 08, 2008, 01:50:26 PM »
Thanks for the information. I banned the ip and another one that just started to do random ssh logins as well. Hopefully the nice emails I sent out to the abuse addresses will get things sorted.

Offline perestrelka

  • Master Jedi
  • *****
  • Posts: 1397
Re: Using APF to ban a ip/domain?
« Reply #3 on: April 08, 2008, 07:32:35 PM »

Anytime :)
Kind Regards,
Vlad Artamonov

 

Share |