Blocking the IP totally (no matter which port is connected to)

Post Reply
floppyfringe
Junior Member
Posts: 7
Joined: 01 Aug 2011, 22:47

Blocking the IP totally (no matter which port is connected to)

Post by floppyfringe »

I've noticed that one server is getting a hammering, looks like IPs are trying POP3, IMAP, SMTP, HTTP, HTTPS and SSH etc, resulting in 5+ lines of blocks in /etc/csf/csf.deny for just one IP.

At this rate and by the amount of attacks, any blockings are for 24 to 36 hours because the oldest line is deleted to make room for the current block at the end of the file. So some IPs could return in 48 hours and hammer the server again :(

Any advice?? Or is it just an improvement the CSF writers can make?
Top
floppyfringe
Junior Member
Posts: 7
Joined: 01 Aug 2011, 22:47

Re: Blocking the IP totally (no matter which port is connected to)

Post by floppyfringe »

Is this why "7.73 - Fix for temporary denies allowing duplicate IP/Port blocks/allows" was created?

The reason being it's possible for a hacker to use port 80 and maybe 443 to "hack" a webserver

and the POP3, SMTP and IMAP ports to "hack" or get more opportunities to "hack" the email server(s)

Thanks a lot :)
Top
Post Reply

Return to “General Discussion (csf)”