Hi,
It is possible to change CSF in such a way that users from banned IP can see info page?
I mean lastly I had few clients complaining about server non working, but it turn out they IP was blocked because of their fault (wrong cpanel/ftp/pop3 password) :rolleyes: .
In this case customers are pointless and dont know what to do. I would like to give them some option/ info about it.
Its possible?
Best,
Piotr
Banned IP users get info page - its possible?
-
nabuhonodozor
- Junior Member
- Posts: 48
- Joined: 29 Oct 2007, 07:01
-
MattsHosting
- Junior Member
- Posts: 9
- Joined: 04 May 2008, 15:54
this would be possible
this would be possible if you was using htaccess nstead of iptable firewall , somthing chirpy could look in to ,
using the deny parameters in htaccess and redirects but this would involve writting the file to each users area if you was a shared hosting host
i did make somthing similar but dint get it fully done as i didnt no how to intergrate in to cpanel :P my bad
using the deny parameters in htaccess and redirects but this would involve writting the file to each users area if you was a shared hosting host
i did make somthing similar but dint get it fully done as i didnt no how to intergrate in to cpanel :P my bad
perhaps you could use more than one dns server , the 2nd, alternate dns address pair pointing to a different box with a special page for banned users. might want to make the alt, address dns entry with a very low TTL/refresh setting as so users dont cache the entry too long. I haven't tried this, It was just an idea off the top of my head dns name pairs would be set at the registrar of course.
Does anyone know if this would or wouldn't work? I haven't played with dns much. Might try some experimenting if I get some free time
Does anyone know if this would or wouldn't work? I haven't played with dns much. Might try some experimenting if I get some free time
Maybe Im just paranoid, but it seems to me that giving a banned IP any sort of response means allowing an active connection to the server which an attacker could possible exploit. I think I'd rather deal with the support overhead and rest assured that anyone blocked by the firewall is really blocked.
-
JDStallings
- Junior Member
- Posts: 56
- Joined: 10 Dec 2006, 10:04
This would be a way to do it if anyone has written such a script or volunteers.. LOL..
I have some PHP and could part of it, but would have problems when IP TABLES show a block on a segment. Take something like 156.0.0.0/9 and trying to figure out if 156.21.31.22 is part of that in a script is beyond me right now.
But was wondering if anyone has written a PHP or CGI that would look at the IP tables and report back to someone what ports are being blocked for their IP address.
So when they go to a URL, it checks the IP TABLES for their IP address and reports all the blocks and why they are blocked... ie.. spammer, hacker, or temp block.
This would work for everything except a port 80 or total block unless two things....
You have another URL on a backup server they can check and that server gets an FTP or transmit of the IP TABLES from the main server every x minutes. This would actually allow them to see total blocks as well as port 80,443 blocks.
With the new CSF 4.0, the information being presented to the blocked party ... might be able to give them the URL to check their blocks or even forward them to it.
Comments?
I have some PHP and could part of it, but would have problems when IP TABLES show a block on a segment. Take something like 156.0.0.0/9 and trying to figure out if 156.21.31.22 is part of that in a script is beyond me right now.
But was wondering if anyone has written a PHP or CGI that would look at the IP tables and report back to someone what ports are being blocked for their IP address.
So when they go to a URL, it checks the IP TABLES for their IP address and reports all the blocks and why they are blocked... ie.. spammer, hacker, or temp block.
This would work for everything except a port 80 or total block unless two things....
You have another URL on a backup server they can check and that server gets an FTP or transmit of the IP TABLES from the main server every x minutes. This would actually allow them to see total blocks as well as port 80,443 blocks.
With the new CSF 4.0, the information being presented to the blocked party ... might be able to give them the URL to check their blocks or even forward them to it.
Comments?
I agree.deadeye wrote:Maybe Im just paranoid, but it seems to me that giving a banned IP any sort of response means allowing an active connection to the server which an attacker could possible exploit. I think I'd rather deal with the support overhead and rest assured that anyone blocked by the firewall is really blocked.
However, the request has been made and for some it may make sense from a support POV, which is why I've added the new Messenger functionality that appears in the v4 beta.
Anything beyond what the Messenger service provides could be fraught with security implications, especially revealing to the person blocked the reason for the block, etc.
-
nabuhonodozor
- Junior Member
- Posts: 48
- Joined: 29 Oct 2007, 07:01