The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Please Help!

Discussion in 'General Discussion' started by thankyou, Feb 20, 2006.

  1. thankyou

    thankyou Well-Known Member

    Joined:
    Oct 7, 2003
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    Hi Friend,

    I've found many crackers from the IP range 203.251.180.0/24 and other IP ranges. To set up another layer of security and to make things simple, if my server's Host ALLOW/DENY Files Settings block all the IP range 203.251.180.0/24, will anyone from this IP range still be able to open/visit my website? I'm afraid there are still some decent IP owners/users from this IP range who will be unable to visit my website after my server blocks all the range.

    Sincerely, I hope anyone can visit my website, but I really do not want that anyone (without rights to log into the same server) can SSHd into, MySqld into, Inetd into or Other-d into my server!

    Need your advices/tips.

    Thank you very much indeed!

    David
     
    #1 thankyou, Feb 20, 2006
    Last edited: Feb 20, 2006
  2. rustelekom

    rustelekom Well-Known Member
    PartnerNOC

    Joined:
    Nov 13, 2003
    Messages:
    290
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    moscow
    you may block this and other range but for important for you ports only (sshd and etc). it is not very hard. you may use for this well known firewall APF which has a feature for realize this.
     
  3. thankyou

    thankyou Well-Known Member

    Joined:
    Oct 7, 2003
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    Hi rustelekom,

    Thank you very much for tip.

    I have already inserted some specific rules in server OS firewall to block the cracking/hacking from that IP range and some other bad IP ranges, but those crackers often still can beat it and try many guessed-passwords to log into my server---as yesterday morning from my server logs I found there was a cracker from that bad IP range trying almost two hours continually to log into my server, that looked like an intentional, targeted cracking my server. Usually, my server refuses sshd, mysqld logging connections from all not-my IPs, at first place. But that guy was able to try logging on with many guessed passwords---this is the last door to entering inside the server. Such cracking/hacking often came from that IP range. And that IP range has been infamous to many people because many hackers and crackers were from that IP range, So, I thought I had to use the clumsy and simply powerful way--Server Host Deny to block all (sshd) and some other connections from that IP range, to get a rest for a time.

    I really don't know why those crackers/hackers who seem familiar and skillful in server, computer and websites try to hack, hurt other innocent webmasters. Do they know legitimacy? Do they know morality? We webmasters are hardworking all the time. Our hard-working achievements and the way we make a living could be destroyed overnight by hackers/crackers. The Internet community must condemn this kind of Internet cracking and hacking.

    Again, thanks for your tip!

    David
     
  4. dave9000

    dave9000 Well-Known Member

    Joined:
    Apr 7, 2003
    Messages:
    891
    Likes Received:
    1
    Trophy Points:
    16
    Location:
    arkansas
    cPanel Access Level:
    Root Administrator
    If you will change the sshd port to something other than 22 most of the attacks will stop.

    We modified our port to something else and I can't remember the last time someone tried to login using guessed passwords
     
  5. rustelekom

    rustelekom Well-Known Member
    PartnerNOC

    Joined:
    Nov 13, 2003
    Messages:
    290
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    moscow
    and also, most of this attacks is just virus attack. so, no human activity here. just some stupid lamer tun brutforce scripts and try found easy password somewhere. above scripts always automated and just scan ip range for some servers where someone may live very easy password like john and etc. unfortunately in some case hacker have a success and gain control under victim servers...
     
Loading...

Share This Page