not the biggest linux guy - just treading water here... but i'll try and do that next time.... thxSarcNBit said:You could always try 'locate iptables'
really? Niiiiiiiice
hmm... I always do SU
thats all i've ever been told... I'll do the su - from now on....
whats the difference? like I know it allows me to run stuff without the direct path.. but thats news to me....
thanks btw...
hmm... I always do SU
thats all i've ever been told... I'll do the su - from now on....
whats the difference? like I know it allows me to run stuff without the direct path.. but thats news to me....
thanks btw...
su - changes the environment variables and su doesn't . Basically changes all paths and home directory to the real root user.
If you already have APF installed why are you using iptables directly?
Simply add the following:
pico /etc/apf/deny_hosts.conf
Paste in the IP to a new line.
Save the file and restart APF.
If you already have APF installed why are you using iptables directly?
Simply add the following:
pico /etc/apf/deny_hosts.conf
Paste in the IP to a new line.
Save the file and restart APF.
Everyone,
I had someone/thing conduct break-in attempts last week, found this thread and used the drop command (iptables -A INPUT -p tcp -s xxx.xxx.xxx.xxx -j DROP, I know, I shouldn't have limited it to tcp...) to block access from a total of 10 IPs over four days.
All went well the first couple of days, with break-in attempts effectively shut from the IPs entered the previous day, until the log turned out clean on day 4.
However, since then, I've been receiving bitwise errors:
(I've also described this problem here).
Please help.
Thanks, Eric
I had someone/thing conduct break-in attempts last week, found this thread and used the drop command (iptables -A INPUT -p tcp -s xxx.xxx.xxx.xxx -j DROP, I know, I shouldn't have limited it to tcp...) to block access from a total of 10 IPs over four days.
All went well the first couple of days, with break-in attempts effectively shut from the IPs entered the previous day, until the log turned out clean on day 4.
However, since then, I've been receiving bitwise errors:
These errors have been spawning. I now get a "failed delivery" log message, filled with 1.2Mb of these bitwise error messages.
(I've also described this problem here).
Please help.
Thanks, Eric
Last edited:
From checking our logs, here are some you may want to consider adding to the APF deny_hosts list:
##Romania
212.146.127.100
213.154.137.210
# Korea
211.32.0.0/11
211.104.0.0/13
211.112.0.0/13
211.168.0.0/13
211.176.0.0/12
211.192.0.0/10
211.101.236.91
220.70.167.67
220.95.231.34
# Japan
160.26.74.74
# Taiwan
192.192.73.118
# China
211.20.131.90
222.45.45.132
# Italy
80.204.43.237
# Hong Kong
203.98.159.166
# European Union
130.88.20.170
# India
202.9.128.55
##Romania
212.146.127.100
213.154.137.210
# Korea
211.32.0.0/11
211.104.0.0/13
211.112.0.0/13
211.168.0.0/13
211.176.0.0/12
211.192.0.0/10
211.101.236.91
220.70.167.67
220.95.231.34
# Japan
160.26.74.74
# Taiwan
192.192.73.118
# China
211.20.131.90
222.45.45.132
# Italy
80.204.43.237
# Hong Kong
203.98.159.166
# European Union
130.88.20.170
# India
202.9.128.55
update....
Just wanted to let everybody know that i've installed APF and love it - have seen no attempts lately and have totally killed those old IP's all together.
And thanks BHD for that country list.
Just wanted to let everybody know that i've installed APF and love it - have seen no attempts lately and have totally killed those old IP's all together.
And thanks BHD for that country list.
So, how exactly do I ascertain that APF is working properly and
it is safe to take it out of development mode?
it is safe to take it out of development mode?
If you leave it in Development mode it disables itself in a minute. Just make sure you can SSH in when it's started up (i.e. enabled) and all things (such as Cpanel) are available also and it should be safe to disable development mode.dianaward said:
Definitely use BFD as well, but the best advice is to change your SSH port. You'll also need to change the Cpanel SSH port to the same thing or you won't be able to use the web SSH interface. There are many tutorials on EV1 forums - www.ev1servers.net (and numerous other forums)
