Web Hosting Forum | Lunarpages


*
Welcome, Guest. Please login or register.
Did you miss your activation email?



Login with username, password and session length
August 20, 2014, 02:48:39 AM

Pages: [1]   Go Down
  Print  
Author Topic: Using APF to ban a ip/domain?  (Read 5865 times)
JeremyD
SleePy...
Jabba the Hutt
*****
Offline Offline

Posts: 733

SMF Team Member


WWW
« on: April 07, 2008, 09:58:48 PM »

I was just browsing around my root of my server when I found the /var/logs folder.
The security file that was in it has a ton (yes a ton) of failed SSH logins from this one site, The IP and domain name does not change. Its a russian website that is doing it and I am not sure if its intentional or if they have become victims.

How could I simply block this domain from making any sort of connections to my server (or at least to SSH).

How would I go about contacting their host or similar to get this resolved as well? Would a message to the support team get this directed to the right people to have these failed logins cease?

Last but not least, does APF have a user manual  Very Happy
« Last Edit: April 07, 2008, 10:00:45 PM by JeremyD » Logged

perestrelka
Administrator
Master Jedi
*****
Offline Offline

Posts: 1397



« Reply #1 on: April 08, 2008, 03:18:04 AM »

Hello,

You can use "apf -d ip.address" command to block bruteforcing ip addresses in APF permanently. I would also recommend looking at the following anti-bruteforcing solution called BFD that integrates into APF and will be blocking malicious IPs on itself:

http://rfxnetworks.com/bfd.php

As for the address of complains, it is usually the abuse address that is taken from the whois query on the IP behaving maliciously.

Finally, basic APF information is contained in the README file that comes in APF archive. It is also available online as http://rfxnetworks.com/appdocs/README.apf

Logged

Kind Regards,
Vlad Artamonov
JeremyD
SleePy...
Jabba the Hutt
*****
Offline Offline

Posts: 733

SMF Team Member


WWW
« Reply #2 on: April 08, 2008, 01:50:26 PM »

Thanks for the information. I banned the ip and another one that just started to do random ssh logins as well. Hopefully the nice emails I sent out to the abuse addresses will get things sorted.
Logged

perestrelka
Administrator
Master Jedi
*****
Offline Offline

Posts: 1397



« Reply #3 on: April 08, 2008, 07:32:35 PM »


Anytime Smile
Logged

Kind Regards,
Vlad Artamonov
Pages: [1]   Go Up
  Print  
 
Jump to: