The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

block IP

Discussion in 'General Discussion' started by danielldf, Jun 14, 2006.

  1. danielldf

    danielldf Member

    Joined:
    Oct 9, 2005
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    if i see in /var/log/secure for example that some ips are trying to log in in my ssh how can i block these IP?

    thankz :D
     
  2. mohit

    mohit Well-Known Member

    Joined:
    Jul 12, 2005
    Messages:
    553
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Sticky On Internet
    best is change the ssh port to a higher value.

    see ya,
    mohit
     
  3. danielldf

    danielldf Member

    Joined:
    Oct 9, 2005
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    i did that...

    but back into my question


     
  4. mohit

    mohit Well-Known Member

    Joined:
    Jul 12, 2005
    Messages:
    553
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Sticky On Internet
    try another port, check if the IP is of a person who know's about your new port.

    see ya,
    mohit
     
  5. rhenderson

    rhenderson Well-Known Member

    Joined:
    Apr 21, 2005
    Messages:
    785
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Oklahoma
    cPanel Access Level:
    Root Administrator
    I would install apf firewall. Apf uses iptables to block ips. You can then just edit the conf file and block whatever ip's you wish. You can use iptables directly without apf, something like iptables -I INPUT -p tcp -s 00.00.00.00 -j DROP where the 00.00.00.00 is the ip address. You can google iptables blocking ip's and get tons of examples.

    You might also look at bfd (Instructions here http://www.webhostgear.com/index.php?art/id:60 ) to auto block Brute force attempts to login.
     
  6. IPSecureNetwork

    IPSecureNetwork Well-Known Member

    Joined:
    May 28, 2005
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    6
    yeap .. install APF to add ip to the firewall system.
    using apf -d ip you will add the ip to the deny list.

    if you have freebsd .. you can block the guy with more options. like block the mac adreess of the guy.

    but if you use linux.. apf is a good solution.


    i recommend you install BFD .. Brute Force Detect ... is a nice tool .. use APF to block ssh fails access..
    an excample:--- one guy try to access your SSh server.. and try 3 times.. when the guy try to login the 4 time.. the BFD block the ip guy to access to your box.
     
  7. sitekeeper

    sitekeeper Well-Known Member

    Joined:
    Aug 13, 2001
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Troy, Mo
  8. djblamire

    djblamire Well-Known Member

    Joined:
    May 3, 2003
    Messages:
    250
    Likes Received:
    0
    Trophy Points:
    16
    I already use just the BFD (not APF), and would like to try chirpy's firewall.

    What is the best way to 'uninstall' BFD before installing this ?

    Thanks in advance,
    Daniel
     
  9. sitekeeper

    sitekeeper Well-Known Member

    Joined:
    Aug 13, 2001
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Troy, Mo
    This script comes with a tool to remove it, just read the docs....
     
  10. djblamire

    djblamire Well-Known Member

    Joined:
    May 3, 2003
    Messages:
    250
    Likes Received:
    0
    Trophy Points:
    16
    So, to uninstall BFD, all I would need to do is:

    sh disable_apf_bfd.sh

    before installing Chirpy's version ?

    Thanks in advance,
    Daniel
     
  11. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Yes, just follow the instructions in the install.txt of csf. You'll also see two options in the WHM > ConfigServer Firewall > page after installation where you can completely remove APF and BFD if you wish.
     
  12. djblamire

    djblamire Well-Known Member

    Joined:
    May 3, 2003
    Messages:
    250
    Likes Received:
    0
    Trophy Points:
    16
    Thanks Chirpy :)

    Daniel
     
Loading...

Share This Page