Is it possible to block connections from China (CN) without blocking e-mail from China?
We have one account that must receive e-mail from China. If I use CC_Deny, they e-mail is denied.
I would like to block login attempts, but not block e-mail from CN.
I'm not sure if whitelisting would work, but even if it did, I wouldn't know what domains to whitelist because they are working with different people all the time.
Thanks.
Blocking connections without blocking e-mail
Re: Blocking connections without blocking e-mail
What you need to block is the offending IP not the account.
If you can, paste the text of the failed login and rewrite sensitive info with xxxxx.
Sergio
If you can, paste the text of the failed login and rewrite sensitive info with xxxxx.
Sergio
Re: Blocking connections without blocking e-mail
There are thousands. That won't work.
Re: Blocking connections without blocking e-mail
Empty message.
Re: Blocking connections without blocking e-mail
I didn't mean all your attacks, lol.
Just paste an example.
Just paste an example.
Re: Blocking connections without blocking e-mail
Ha! I thought you meant put the offending IPs into a black list....
This one is caught by Cpanel cpHulk
A device at the “124.234.183.221” IP address has made a large number of invalid login attempts against the account “www”. This brute force attempt has exceeded the maximum number of failed login attempts that the system allows. For security purposes, the system has temporarily blocked this IP address in order to prevent further attempts.
Service:
pure-ftpd
Local IP Address:
XXX.XXX.XXX.XXX
Local Port:
21
Remote IP Address:
124.234.183.221
Authentication Database:
system
Username:
www
Number of authentication failures:
3
Maximum number allowed:
3
This on is caught by CSF
Time: Mon Jun 8 02:28:39 2020 -0400
IP: 61.142.20.19 (CN/China/-)
Failures: 3 (ftpd)
Interval: 3600 seconds
Blocked: Permanent Block [LF_FTPD]
Log entries:
Jun 8 02:28:16 64 pure-ftpd: (?@61.142.20.19) [WARNING] Authentication failed for user [anonymous]
Jun 8 02:28:23 64 pure-ftpd: (?@61.142.20.19) [WARNING] Authentication failed for user [www]
Jun 8 02:28:30 64 pure-ftpd: (?@61.142.20.19) [WARNING] Authentication failed for user [www]
This one is caught by Cpanel cpHulk
A device at the “124.234.183.221” IP address has made a large number of invalid login attempts against the account “www”. This brute force attempt has exceeded the maximum number of failed login attempts that the system allows. For security purposes, the system has temporarily blocked this IP address in order to prevent further attempts.
Service:
pure-ftpd
Local IP Address:
XXX.XXX.XXX.XXX
Local Port:
21
Remote IP Address:
124.234.183.221
Authentication Database:
system
Username:
www
Number of authentication failures:
3
Maximum number allowed:
3
This on is caught by CSF
Time: Mon Jun 8 02:28:39 2020 -0400
IP: 61.142.20.19 (CN/China/-)
Failures: 3 (ftpd)
Interval: 3600 seconds
Blocked: Permanent Block [LF_FTPD]
Log entries:
Jun 8 02:28:16 64 pure-ftpd: (?@61.142.20.19) [WARNING] Authentication failed for user [anonymous]
Jun 8 02:28:23 64 pure-ftpd: (?@61.142.20.19) [WARNING] Authentication failed for user [www]
Jun 8 02:28:30 64 pure-ftpd: (?@61.142.20.19) [WARNING] Authentication failed for user [www]
Re: Blocking connections without blocking e-mail
The way to do what you want is fair simple, just block any ports to CN but don't block the email ports:
110,143,993,995,25,26,463,587
In CSF search info for CC_
and check what suits for you.
Sergio
110,143,993,995,25,26,463,587
In CSF search info for CC_
and check what suits for you.
Sergio
Re: Blocking connections without blocking e-mail
Can you provide the specific CC_ option? I don't see one that allows me to include ports and CC; only ports OR CC_.
Re: Blocking connections without blocking e-mail
Check all the options under:
Country Code Lists and Settings
Each option is well explained inside CSF FireWall Configuration.
But the most importat for this to work is to have an IP DataBase.
I recommend MaxMind.
MaxMind is a database of all the IPs around the world with info about the Countries IPs, there are a free and a payed lists.
Sergio
Country Code Lists and Settings
Each option is well explained inside CSF FireWall Configuration.
But the most importat for this to work is to have an IP DataBase.
I recommend MaxMind.
MaxMind is a database of all the IPs around the world with info about the Countries IPs, there are a free and a payed lists.
Sergio
Re: Blocking connections without blocking e-mail
Those explanations often create more questions than they answer......