The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

how do i stop apf antidos

Discussion in 'cPanel Developers' started by radical, Jul 13, 2005.

  1. radical

    radical Well-Known Member

    Joined:
    Nov 4, 2003
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    6
    hello

    after a recent install of apf/bfd and antidos of apf, i have noticed that a lot of ip's of a many popular ISP's out here get listed in ad.rules, due to which majority of my customers who are dial-up and broadband customers of these isp's are not able to connect to their mailboxes or open their websites on my server. i want to stop the antidos to prevent this, and since anyway my DC has a pretty good anti-ddos firewall, maybe i can skip antidos

    thanks
    Sunny
     
  2. nickb

    nickb Well-Known Member

    Joined:
    Feb 25, 2005
    Messages:
    347
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    India
    edit your conf.apf....and set USE_AD="0"
     
  3. radical

    radical Well-Known Member

    Joined:
    Nov 4, 2003
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    6
    thanks, do i need to restart apf or any other service to stop the antidos cron from starting?
     
  4. lloyd_tennison

    lloyd_tennison Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    698
    Likes Received:
    1
    Trophy Points:
    18
    I would check because you have another problem because the majority of users are dial-up or broadband (Is there any other type of connection for a individual?). Your setup is corrupt in some other way.

    Exactly what is causing the IP to be listed? The log will tell. /var/log/apfados_log
     
    #4 lloyd_tennison, Jul 13, 2005
    Last edited: Jul 13, 2005
  5. radical

    radical Well-Known Member

    Joined:
    Nov 4, 2003
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    6
    as on today, majority of the ips blocked show this...

    Jul 13 04:09:32 server antidos(27604):XX.XX.XXX.XX -> My server IP (DROPPED)
    Jul 13 00:23:22 server antidos(1069):

    Yesterdays logs show as .. antidos(31519)

    If i just disable the antidos would i still be having a problem...

    Sunny
     
  6. dropby23

    dropby23 Well-Known Member

    Joined:
    Jan 16, 2005
    Messages:
    155
    Likes Received:
    0
    Trophy Points:
    16
    just delete the crontab entry for apf
     
  7. lloyd_tennison

    lloyd_tennison Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    698
    Likes Received:
    1
    Trophy Points:
    18
    I am going to suggest you check your exim log. I am getting flooding of people saying they are my IP and trying to hack/relay in. I get about 1100 a day by IP and a couple of thousand more by domain name spoofing. If you see a buch that are rejected because of them using your IP, I would suggest you add the Exim ACL that blocks fake HELO and EHLO. Those fakes may be triggering the antidos. Also, do you have your own IP in the allow_hosts.rules file?



    A good ACL is here:

    http://www.rvskin.com/index.php?page=public/antispam#4.3
     
    #7 lloyd_tennison, Jul 13, 2005
    Last edited: Jul 13, 2005
  8. radical

    radical Well-Known Member

    Joined:
    Nov 4, 2003
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    6
    i am sort of a newbie in linux, the apf and other install was done by a third party. what do i have to exactly look for in exim log. and the ACL to be configured, should i have my server ip/hostname/domainname in place of the existing

    !hosts = @[]
    !hosts = +rv_relay_hosts
    !authenticated = *

    Regarding your other question, no i do not have my server IP in the allow_hosts.rules file?

    I have chirpys mailscanner and Dictionary attack protection acl enabled, will this conflict with the above ACL to be configured?

    thanks
    Sunny
     
Loading...

Share This Page