Web Hosting Forum | Lunarpages
News: October 6, 2008 - Submit Your Site for the October 2008 Site of the Month!
 
Home Help Search Calendar Login Register
*
Welcome, Guest. Please login or register.
Did you miss your activation email? 		October 12, 2008, 06:51:30 PM


Login with username, password and session length


Web Hosting Forum | Lunarpages > Lunarpages Web Hosting - Advanced Assistance > Lunarpages - Dedicated Web Hosting > Lunarpages - Security > Using APF to ban a ip/domain?
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Using APF to ban a ip/domain?  (Read 477 times)
JeremyD
SleePy...
Jabba the Hutt
*****
Offline Offline

Posts: 731


SMF Team Member


WWW
« on: April 07, 2008, 10:58:48 PM »
I was just browsing around my root of my server when I found the /var/logs folder.
The security file that was in it has a ton (yes a ton) of failed SSH logins from this one site, The IP and domain name does not change. Its a russian website that is doing it and I am not sure if its intentional or if they have become victims.

How could I simply block this domain from making any sort of connections to my server (or at least to SSH).

How would I go about contacting their host or similar to get this resolved as well? Would a message to the support team get this directed to the right people to have these failed logins cease?

Last but not least, does APF have a user manual  Very Happy
« Last Edit: April 07, 2008, 11:00:45 PM by JeremyD » Logged
SMF Mods:
[Move Old Topics][SSI MemberGroup][View Single Category][View Single PM][View Single Post][More...]

Sites
LcT - Online Multiplayer, Multicommunity, Multigaming clans under one name (Multiplayerhome.com | clanheadquarters.com)
Offical BattleStar-75 (Formally Battlestar2142)
My Latest in Development of scripts
perestrelka
Administrator
Master Jedi
*****
Offline Offline

Posts: 1058
« Reply #1 on: April 08, 2008, 04:18:04 AM »
Hello,

You can use "apf -d ip.address" command to block bruteforcing ip addresses in APF permanently. I would also recommend looking at the following anti-bruteforcing solution called BFD that integrates into APF and will be blocking malicious IPs on itself:

http://rfxnetworks.com/bfd.php

As for the address of complains, it is usually the abuse address that is taken from the whois query on the IP behaving maliciously.

Finally, basic APF information is contained in the README file that comes in APF archive. It is also available online as http://rfxnetworks.com/appdocs/README.apf
Logged
Kind Regards,
Vlad Artamonov
JeremyD
SleePy...
Jabba the Hutt
*****
Offline Offline

Posts: 731


SMF Team Member


WWW
« Reply #2 on: April 08, 2008, 02:50:26 PM »
Thanks for the information. I banned the ip and another one that just started to do random ssh logins as well. Hopefully the nice emails I sent out to the abuse addresses will get things sorted.
Logged
SMF Mods:
[Move Old Topics][SSI MemberGroup][View Single Category][View Single PM][View Single Post][More...]

Sites
LcT - Online Multiplayer, Multicommunity, Multigaming clans under one name (Multiplayerhome.com | clanheadquarters.com)
Offical BattleStar-75 (Formally Battlestar2142)
My Latest in Development of scripts
perestrelka
Administrator
Master Jedi
*****
Offline Offline

Posts: 1058
« Reply #3 on: April 08, 2008, 08:32:35 PM »

Anytime Smile
Logged
Kind Regards,
Vlad Artamonov
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.6 | SMF © 2006-2008, Simple Machines LLC

Valid XHTML 1.0! Valid CSS! Dilber MC Theme by HarzeM