Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

how do i stop apf antidos

Discussion in 'cPanel Developers' started by radical, Jul 13, 2005.

  1. radical

    radical Well-Known Member

    Joined:
    Nov 4, 2003
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    156
    hello

    after a recent install of apf/bfd and antidos of apf, i have noticed that a lot of ip's of a many popular ISP's out here get listed in ad.rules, due to which majority of my customers who are dial-up and broadband customers of these isp's are not able to connect to their mailboxes or open their websites on my server. i want to stop the antidos to prevent this, and since anyway my DC has a pretty good anti-ddos firewall, maybe i can skip antidos

    thanks
    Sunny
     
  2. nickb

    nickb Well-Known Member

    Joined:
    Feb 25, 2005
    Messages:
    347
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    India
    edit your conf.apf....and set USE_AD="0"
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. radical

    radical Well-Known Member

    Joined:
    Nov 4, 2003
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    156
    thanks, do i need to restart apf or any other service to stop the antidos cron from starting?
     
  4. lloyd_tennison

    lloyd_tennison Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    698
    Likes Received:
    1
    Trophy Points:
    168
    I would check because you have another problem because the majority of users are dial-up or broadband (Is there any other type of connection for a individual?). Your setup is corrupt in some other way.

    Exactly what is causing the IP to be listed? The log will tell. /var/log/apfados_log
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 lloyd_tennison, Jul 13, 2005
    Last edited: Jul 13, 2005
  5. radical

    radical Well-Known Member

    Joined:
    Nov 4, 2003
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    156
    as on today, majority of the ips blocked show this...

    Jul 13 04:09:32 server antidos(27604):XX.XX.XXX.XX -> My server IP (DROPPED)
    Jul 13 00:23:22 server antidos(1069):

    Yesterdays logs show as .. antidos(31519)

    If i just disable the antidos would i still be having a problem...

    Sunny
     
  6. dropby23

    dropby23 Well-Known Member

    Joined:
    Jan 16, 2005
    Messages:
    155
    Likes Received:
    0
    Trophy Points:
    166
    just delete the crontab entry for apf
     
  7. lloyd_tennison

    lloyd_tennison Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    698
    Likes Received:
    1
    Trophy Points:
    168
    I am going to suggest you check your exim log. I am getting flooding of people saying they are my IP and trying to hack/relay in. I get about 1100 a day by IP and a couple of thousand more by domain name spoofing. If you see a buch that are rejected because of them using your IP, I would suggest you add the Exim ACL that blocks fake HELO and EHLO. Those fakes may be triggering the antidos. Also, do you have your own IP in the allow_hosts.rules file?



    A good ACL is here:

    http://www.rvskin.com/index.php?page=public/antispam#4.3
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #7 lloyd_tennison, Jul 13, 2005
    Last edited: Jul 13, 2005
  8. radical

    radical Well-Known Member

    Joined:
    Nov 4, 2003
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    156
    i am sort of a newbie in linux, the apf and other install was done by a third party. what do i have to exactly look for in exim log. and the ACL to be configured, should i have my server ip/hostname/domainname in place of the existing

    !hosts = @[]
    !hosts = +rv_relay_hosts
    !authenticated = *

    Regarding your other question, no i do not have my server IP in the allow_hosts.rules file?

    I have chirpys mailscanner and Dictionary attack protection acl enabled, will this conflict with the above ACL to be configured?

    thanks
    Sunny
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice