ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

Blocking the IP totally (no matter which port is connected to)

https://mail.forum.configserver.com/viewtopic.php?t=8733

Page 1 of 1

Blocking the IP totally (no matter which port is connected to)

Posted: 13 Jun 2015, 16:59
by floppyfringe
I've noticed that one server is getting a hammering, looks like IPs are trying POP3, IMAP, SMTP, HTTP, HTTPS and SSH etc, resulting in 5+ lines of blocks in /etc/csf/csf.deny for just one IP.

At this rate and by the amount of attacks, any blockings are for 24 to 36 hours because the oldest line is deleted to make room for the current block at the end of the file. So some IPs could return in 48 hours and hammer the server again :(

Any advice?? Or is it just an improvement the CSF writers can make?

Re: Blocking the IP totally (no matter which port is connected to)

Posted: 03 Jul 2015, 16:15
by floppyfringe
Is this why "7.73 - Fix for temporary denies allowing duplicate IP/Port blocks/allows" was created?

The reason being it's possible for a hacker to use port 80 and maybe 443 to "hack" a webserver

and the POP3, SMTP and IMAP ports to "hack" or get more opportunities to "hack" the email server(s)

Thanks a lot :)
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited