Ok so, buddy of mine has his ssh server setup and upon checking his logs he sees a ton of failed attempts. Now obviously these are people that are scanning him and trying to brute force him. So is there a way to block them? We know you can block each IP but is there a way to block ALL connections except for certain ones, such as his and mine? Maybe a couple others.
View 6 RepliesMy Problem is: I want to stop gmail access without blocking https. Yes in my squid proxy normal [URL].. is not accessible. But gmail recently started https service by which user can still get access to gmail. I DONT WANT TO STOP https CAUSE ITS BEING USING BY OTHER PROGRAMS.
View 1 Replies View RelatedMy server gets ddos attacks. I dig into access logs and I saw that attacker ips doesn't have valid requests headers, like their browser application info or requested url info.I want to close those connections immediately, and if it's possible block those ips for a time period.Can I do that with Apache and iptables?I searched on the internet but couldn't find useful results. Probably couldn't search for the right words.
View 2 Replies View RelatedI might be misunderstanding the log but it looks like UFW is blocking connections. I want to allow all incoming and outgoing. I guess what I'm saying is that the servers on my computer will open ports but all other ports should respond with closed just like a default Ubuntu install. Trying to use UFW to monitor connections without really doing any firewalling.
Code:
Aug 1 07:14:07 universal-mechanism kernel: [311111.963762] [UFW BLOCK] IN=eth0 OUT= MAC=00:1f:c6:8a:e9:66:00:01:5c:32:f4:c1:08:00 SRC=72.21.203.146 DST=174.44.178.56 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=51984 DF PROTO=TCP SPT=80 DPT=54466 WINDOW=8201 RES=0x00 RST URGP=0
My home computer has 11.3 and SuSEfirewall enabled. It connects to the net over the wireless and SuSEfirewall has this connection in the external zone.
I can successfully ssh into this computer from remote (the work computer) but none of the ssh port-forwarded connections work. I'm trying to tunnel VNC over ssh. I also tried setting http on the home computer to serve pages on a high-numbered port (8090) and tunnelling that but it also didn't work - proving that it's not a VNC problem.
Here are the relevant messages from the firewall logs on the home machine:
Code:
I don't understand why this isn't working now, I had the same setup on 11.2 and it worked fine.
The 95.91.92.92 is the public IP address of my home router, I don't understand why a connection would appear to be coming from there when I use ssh-tunnelling?
Mobloquer starts up at boot and before I've even opened firefox or transmission or anything, mobloquer shows that is has started blocking several outgoing connections as well as ton of incoming connections. I was wondering if the outgoing connections is normal and what's a normal amount of network activity to show up in system monitor when I'm not actively using the internet.
View 2 Replies View RelatedI need to write program for non blocking socket connections.I have made extensive research but could only get to non blocking READ or WRITE after the connection is established. run the program do a series of tasks (ex: counter printing time on screen) if there is request for connection, connect send or receive data.
View 1 Replies View Relatedon my linux server i have many websites but with difrent ips address, is some way to i can block all the ips with many connection (100+) just from my website not from all websites
View 5 Replies View RelatedI need some suggestions on software. I would like to offer remote desktop support to some of our clients, but some of them are using ISP's that block incoming connections so, VNC is out of the question. I was wondering if there is something similar to logmein for ubuntu?
View 1 Replies View RelatedI have noticed interesting problem. I use two browsers - Firefox and Konqueror. Konqueror is configured to use tor, Firefox not. Using Gufw I block all incoming and outgoing traffic and it works while using Firefox, I mean that I can't view any www site and it is ok. But if I use Konqueror I can establish any conection. How to understand this? Should I have different firewall while using tor?
View 5 Replies View RelatedI am trying to write a shell script that will block any outgoing Internet connection, focusing mainly on the HTTP connections.
It would be nice if this command could work on both Mac OSX and Linux.
I am still new to ubuntu and I use firestarter as my firewall tool and I was told that its just ufw in a gui. Well anyways I noticed a connection to 174.129.241.144 using https and python, I didn't have any scripts running and my browser was closed, I read the man files for ufw and it said to do something like deny from 174.129.0.0/12 and I want to block all incoming and outgoing connections to this IP range and I was wondering how to do that, I heard of iptables that it would be able to do this but I dont know anything about it. What I should learn so I can handle these kinds of situation in the future and how I can block this ip subnet or also what does the /8, /12, and /16 stand for?
View 7 Replies View RelatedThe below issue has been solved, the problem wasn't Debian but I simply didn't pay attention that somebody disabled port forwarding *facepalm*
View 5 Replies View Relatedhave a problem with my network-manager in ubuntu 10.10.when I dial one of my vpn connections, my other vpn connections be disabled and I can't use them!I tried to restart network-manager and gnome-panel, but it does't seem to solve this problem.
View 1 Replies View RelatedFor system calls, is blocking or non-blocking default in C? Simple question, just am not seeing the answer super quickly.
View 4 Replies View RelatedI have a device that is working on modbus protocol andI have written a small program(with block TCP read method ) to read its registers via modbus protocol.my program is working very well but except those times that I unplug the Ethernet cable or turning off the modbus gateway during programs work.at this time my program stops on recv system call (if it reach this system call exacly when I unplug Ethernet cable or turning off the modbus gateway during programs work).I changed my source to work in nonblock TCP method, at this time with the same situation my program does not stop/block on recv system call but after pluging back the Ethernet cable or resuming the connectivity situation back it reads data incorrectly .this is my code:Quote:
#define DEBUG
#include <fcntl.h>
#include <string.h>
[code]...
I've a CentOS Box with no control panel.. I used to manage it via SSH. Any way, I've installed CSF/LFD on it.. and it seemed to be working just fine. The only problem I've encountered is that when I start and enable CSF, messages and emails keeps stocked in the mail queue.. I've double checked and made sure needed ports are opined.. But, I still have the problem.
View 2 Replies View RelatedI have a Debian server running at the gateway level on a LAN. This runs squid for creating block lists of websites - for eg. blocking social networking on the LAN. Also uses iptables.
I am able to do a lot of things with squid & iptables, but a few things seem difficult to achieve.
1) If I block http://www.facebook.com, people can still access https://www.facebook.com because squid doesn't go through https traffic by default. However, if the users set the gateway IP address as proxy on their web browser, then https is also blocked. So I can do one thing - using iptables drop all outgoing 443 traffic, so that people are forced to set proxy on their browser in order to browse any HTTPS traffic. However, is there a better solution for this.
2) As the number of blocked urls increase in squid, I am planning to integrate squidguard. However, the good squidguard lists are not free for commercial use. Anyone knows of a good squidguard list which is free.
3) Block yahoo messenger, gtalk etc. There are so many ports on which these Instant Messenger softwares work. You need to drop lots of outgoing ports in iptables. However, new ports get added, so you have to keep adding them. And even if your list of ports is current, people can still use the web version of gtalk etc.
4) Blocking P2P. Haven't been able to figure out how to do this till now.
I configured squid in oracle enterprise linux 5.I want to block skype access.i configured the following to block skype.but it is not blocking.acl skype_blocking urlpath_regex [0-9]+.[0-9]+.[0-9]+.[0-9]+ http_access deny skype_blocking
View 3 Replies View RelatedHow can I block certain countries from accessing my server in any capacity? Is this possible? What do I need to add to my /etc/hosts.deny for this?
View 4 Replies View RelatedI would like to COMPLETELY block a specific IP address using iptables. I found this one:
Code:
iptables -A INPUT -p tcp -s xxx.xxx.xxx.xxx -j REJECT --reject-with tcp-reset
Will this work? How do I undo the changes later?
How to block an ip address from mikrotik so that when a fake user use this ip he doesn't get internet but in the mean time real user gets internet. Real user will not harm if fake user trying to access.
View 3 Replies View RelatedMy Pastebin for .HTACCESSIf you can offer any tips on improvements..but the main reason: I cannot get the bots to stop showing up.Esp the first one in the list.I need to block these two specifically
Code:
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8
&
[code]....
I need to block mac address in my network then i foolowed as below acl's but am getting output as follows I tried as in /etc/squid/squid.conf acl block arp aa:aa:yy:yy:xx:xx http_access deny block but it give me error as like: - (This is the output of # squid -k parse) aclParseAclLine: Invalid ACL type 'arp' FATAL: Bungled squid.conf line 1234: acl block arp aa:aa:yy:yy:xx:xx squid Cache (Version 2.5.STABLE6): Terminated abnormally.
View 7 Replies View RelatedMy MailScanner running on CentOs is blocking docx files, saying "The original e-mail attachment "****.docx" is on the list of unacceptable attachments for this site and has been replaced by this warning message.
I've tried adding it the list of allowed files:
/etc/MailScanner/filename.rules.conf:
allow .docx$ - -
but it still blocks them.
I've also tried manually coping the message file from the /var/spool/MailScanner quarantine/ directory into /var/spool/postfix/incoming
but this did not result in the mail being delivered.
I desperately need these mails released, and docx files to be allowed unconditionally. Anyone know why the above isn't working? Failing that, can all file blocking be turned off? I'd rather have virus relayed than legitimate mails blocked.
I have these ACLS for video streaming like ..... & onilne tv channles. But they are also blocking downloading exe,rar,and other software connectivity like TeamViewer. What acl are bsically blocking my downloading of exes and rar files and teamviewr connectivity .
acl WMP browser Windows-Media-Player/*
i am using squid proxy server to block some websites in my organization.now i was doing one testing that is, when i blocked Google. gmail automatically gets block.is there any method by which i could block google but gmail access is
View 1 Replies View RelatedI have an ubuntu 8.04 dedicated server running openssh which I am having problems with.
The server is based in England yet I am currently working from Thailand. Slow speeds and timeouts I am used to but it is now over 24hr since I have managed to SSH the server (from here).
I just tried remote desktop on my PC back in the UK and this connected straight away through both SSH and SCP.
Thinking that it may be the IP being blocked from my works network I switched off wifi on my phone and tried to connect over the data network a few times with no luck.
Another strange problem is that when we got the server it was locked into a chroot jail which SSH(22) always leads into. After accessing SSH on port 22 I have to run a break script to gain root access. The sshd_config file says that the server is listening on port 57 yet I have never been able to access this.
Code:
> netstat -a | grep ssh
tcp6 0 0 [::]:ssh [::]:* LISTEN
> iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
[Code].....
Running Red Hat (not sure of the build atm) and I need to be able to put all of the IP blocking in a separate file. It will eventually be uploaded to a large number of hosting accounts, and modified from time to time...so it isn't feasible to modify that many httpd.conf files each time we need to add an IP to be blocked. In httpd.conf I can add the "Deny from" line to the following directive and blocks it just fine:
Code:
<Directory "/var/www/html">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
[code]....
There is an include to pick up all *conf files in ../conf.d, and everything else in there is working just fine. I created a file called robots.conf; it currently has a set of mod_rewrite rules which work. So I added this to that file:
Code:
<Directory "/var/www/html">
Order allow,deny
Allow from all
Deny from 123.456.789.098
</Directory>
It is not blocking access from the IP with it in there.I've done all of the usual things; restarted Apache, cleared browser cache etc. I can also block it using that same directive in a local .htaccess.
I have a problem with sendmail. I am using the zen.spamhaus.org dnsbl, and it is doing a wonderful job of blocking incoming spam from open relays. But it is blocking my users who are on a dynamic ip range from any isp remotely. They should be able to authenticate and send messages no matter where they are as long as they authenticate right? I just want to use the blacklist to block incoming mail to my server that is being distributed to our email addresses.
I want to block people that are hosting mail servers and sending mail to my domain from isp sub-nets. But I don't want to block my users that are sitting on isp subnets using their mail client to authenticate over smtp and send an email from my mail servers.