Questions tagged [ip-blocking]
The ip-blocking tag has no usage guidance.
114
questions
24
votes
4
answers
57k
views
How to automatically and temporarily block an IP address making too many hits on the server in a short timespan?
One of my LAMP servers was recently brought down by some kind of script bot looking for exploits. From the looks of it, it was making so many requests a second, that it overloaded the RAM on the ...
- 449
17
votes
2
answers
21k
views
IIS7 ban IP range [duplicate]
Possible Duplicate:
How does IPv4 Subnetting Work?
I have a list of IP ranges I would like to ban, an example being:
119.30.47.xx
Where xx is anything.
I've added the domain and IP ...
- 385
12
votes
3
answers
15k
views
Fail2ban log filled with entries saying "fail2ban.filter : WARNING Determined IP using DNS Lookup:.."
My fail2ban log at /var/log/fail2ban.log is completely filled with entries saying:
fail2ban.filter : WARNING Determined IP using DNS Lookup: [IP address]
I think this may have begun after I changed ...
- 252
11
votes
5
answers
39k
views
Finding all IP ranges belonging to a specific ISP
I'm having an issue with a certain individual who keeps scraping my site in an aggressive manner; wasting bandwidth and CPU resources. I've already implemented a system which tails my web server ...
user45795
10
votes
4
answers
57k
views
How to run node.js app on port 80? Are processes blocking my port?
I believe the port 80 on my remote instance is blocked, and I am trying to run a node.js app using port 80. I have experimented with ports 3000 and 3002, and both ports are working fine, but I get an ...
- 335
8
votes
1
answer
1k
views
Amazon S3 appears to be blocking cloudflare IP addresses. How do I fix it?
I have static content that is being served by Cloudflare. Cloudflare points to Amazon S3 to pick up the static content and serves it via a CNAME (cdn.mydomain.com). The bucket is setup properly and ...
- 181
6
votes
3
answers
2k
views
Hundreds of connections to a server, just from opening 10+ tabs in IE8?
We have private forums running vBulletin, and we've gotten complaints from a customer that has trouble accessing them when he opens a lot of tabs. The last time he called, it was determined that our ...
- 83
5
votes
2
answers
14k
views
How to block a Countries IP range with a Cisco ASA?
To be more specific I have a request from a client to block China's IP range. I know how to do this. I would use the IPs from https://www.countryipblocks.net/e_country_data/CN_netmask.txt and make a ...
- 1,384
4
votes
10
answers
2k
views
Block facebook even in the case users get their hands on tor, freegate and similar applications
I've been using, happily, opendns to block facebook on my network.
Then I started thinking about tricks to circumvent this block and, of course, I've read here on serverfault how to block the facebook ...
- 2,019
4
votes
12
answers
8k
views
Is it worth blocking hackers' IP addresses?
A Chinese IP address shows up in our logs as accessing one of our surveys but it stands out because the user tried adding a string to the end of the survey's URL (as if trying to perform a SQL ...
- 783
4
votes
2
answers
8k
views
Nginx geoipblocking & allowing LAN IPs
I'd like to block IPs with geoip except whitelisted countries AND the local area network.
The first part works flawless, the second one not.
Somwehere searching the internet I found the codes LH (...
- 41
4
votes
3
answers
871
views
Blocking facebook on company network
Our ISP forced us to use their router that doesn't have any option to block certain URL/IP like our 3Com OfficeConnect router has.
Is there any other easy way to implement this without an intelligent ...
- 513
4
votes
1
answer
4k
views
Block A City From Visiting my Website [closed]
I understand it is possible to block a country from viewing my website using apache, .htaccess.
I was wondering if it is possible to block everyone from a specific City (namely the city of Flower ...
4
votes
1
answer
3k
views
Block IPv6 addresses in my .htaccess file but I get 500 Internal Server Error?
I want to block all IP Addresses starting like this 2a01:598:xxx in my .htaccess file on my WordPress website.
But everytime I edit my .htaccess file I can't visit my website anymore. I get an ...
- 51
4
votes
1
answer
839
views
Finding google unusual traffic
We are a small Internet provider. In order to get Internet access we are using NAT (10-20 users per one public IP). And lately we've met with Google blocking services (captcha and full block) and we ...
- 231
3
votes
3
answers
888
views
What is better for an IP ban? At firewall (shorewall) level, or at IIS level?
I have a spambot that likes to spam my websites.
I mailed to abuse@isp, but he ignored me.
Attacks always come from the same ip, and i used IISIP to add the spammer IP to all of my websites.
I am ...
- 1,036
3
votes
2
answers
8k
views
Apache deny from CIDR range but allow from IP within that range
I am using a long CIDR blacklist to block several countries from a site, but I need to allow specific IP addresses within the blocked CIDR ranges. Here's an excerpt of my conf file (this is the order ...
- 33
3
votes
2
answers
5k
views
How to unblock my IP after failed sftp login attempts to google cloud compute instance
We just started using google cloud compute engine, and to connect to the server using sftp a couple of colleagues did a number of failed login attempts. Now we cannot access our google cloud engine vm ...
google-compute-engine
3
votes
3
answers
135
views
Banning people from accessing my sites
I was looking at my apache logs and saw this:
[Wed Feb 02 00:56:54 2011] [error] [client 93.190.64.23] File does not exist: /srv/www/dogself.com/public_html/db
[Wed Feb 02 00:56:54 2011] [error] [...
- 171
3
votes
1
answer
2k
views
Fail2ban settings after changing ssh port
I switched my ssh port to 22000 and I changed the port settings in /etc/fail2ban/jail.local to specify to ban on both 22 and 22000 but when I tried failing to login 6 times, my connection was cutoff ...
- 252
3
votes
1
answer
7k
views
How to block website for all countries except US and Canada
I have a website which is only for US and Canada visitors. I don't want to make it visible to other visitors.
I want to use Geo targeting solution but I have a amazon hosting it did return current ...
- 31
3
votes
4
answers
5k
views
/etc/hosts.deny ignored in Ubuntu 14.04
I have Apache2 running on Ubuntu 14.04LTS. To begin securing network access to the machine, I want to start by blocking everything, then make specific allow statements for specific subnets to browse ...
- 31
3
votes
3
answers
5k
views
Windows Server 2008 firewall rules order problem
I have one rule that opens FTP port for all connections.
I have second rule that blocks ALL connections on ALL protocols for some IP's.
However, connections from those IP's that are blocked can ...
- 506
3
votes
1
answer
514
views
iptables block IP for x hours not working?
On my Linux server, I want to ban IPs that access certain ports for 24 hours using IPtables. For this, I use the following IPtables rules:
# Check if IP is on banlist, if yes then drop
-A INPUT -m ...
- 131
2
votes
2
answers
794
views
If I block users with a blank IP address, will that affect innocent, non-technical users?
I run a website with an anonymous commenting feature. Users can flag each other for abuse; flags are tied to an IP address (grabbed via PHP from $_SERVER['REMOTE_ADDR']).
I've noticed that 99% of the ...
- 449
2
votes
3
answers
13k
views
How to create a group policy to block facebook or any website in windows server 2008 r2 domain
How do I create a Group Policy that will prevent my users from accessing specific web-sites? I am at the 2008r2 functional level.
- 21
2
votes
2
answers
6k
views
UFW (firewall) not blocking UDP right away
I have a PBX (phone system called Astersik) that works with udp and tcp. Sometimes I get invalid request from some IP addresses that I will like to block. I cannot block those requests until I reboot ...
- 322
2
votes
2
answers
957
views
Blocking all RIPE Addresses in Server 2008?
Our datacenter has recommended we block all RIPE IP Addresses on one of our machines. It is constantly being DDoS Attacked everytime the null routes are lifted, so I am not sure how this would help, ...
- 650
2
votes
2
answers
2k
views
deny from .htaccess with banned IP list from stopforumspam.com not working?
so i'm trying to use .htaccess to ban a large list (50,000) of suspicious spam IP addresses that i got from this site.
the list is almost 1M in size when i add the deny from directive for each ...
- 35
2
votes
4
answers
4k
views
Block IPs that try to exploit common webapp vulnerabilities
Is there an application that goes through the nginx logs and blocks IPs that made requests for common webapp vulnerabilities?
I have an nginx web server that serves only static content. I routinely ...
- 194
2
votes
4
answers
284
views
Blocking attacker's IPs: What options do I have?
A website of mine is being attacked by some IPs. I don't even know if it was a ddos yet, I only know that it has been filling my application's logs for longer than a day, and then the server crashed ...
- 325
2
votes
2
answers
3k
views
Block bots by their Java referrer or User-Agent string?
I have been getting a lot of web hits in my logs that crawl most top level pages of my site and show a referrer as a Java version.
I see different variants of the Java versions in the referrer, i.e. ...
- 529
2
votes
2
answers
240
views
Blocking suspicious IPs on firewalls - still relevant?
In interest of improving security, does it make sense to block suspicious IPs on internet facing firewalls?
Does anyone know of any reliable block lists?
Thanks,
Mark
- 21
2
votes
1
answer
5k
views
Block all public IP addresses except those whitelisted
We have a 2008 R2 server hosted in a data centre where we have no physical access but connect to it using RDP.
We plan to run SQL Server and some other services which should only be accessible to a ...
- 218
2
votes
0
answers
176
views
Stop a user from circumventing IP block?
A user is somehow avoiding an IP block in apache 2.2/2.4, and I can not figure out how. The company I work for hosts hundreds of sites in different datacenters; this user is attacking several of the ...
- 21
2
votes
0
answers
2k
views
Blocking IP range using iptables
What would the command be to block a range of IPs to port 80?
The block of IP I want to block is 123.56.x.x and 123.57.x.x.
What would the correct command be?
iptables -I FORWARD -p tcp --dport 80 -...
- 145
2
votes
1
answer
3k
views
Nginx "allow 127.0.0.1" in location block letting in all users
Problem
I have the following block in my nginx config.
The idea is to let the server access the file but noone else. If anyone else accesses i it should throw a 403. If I comment out the allow line ...
- 169
1
vote
2
answers
80
views
Does ip blocking occur anywhere other than at the endpoints?
My localhost's IP address/port is being blocked from accessing a certain site. The blocking is occurring, but I don't know where.
The question is : does IP blocking possibly occur not only at the ...
- 121
1
vote
3
answers
1k
views
How to ban potential hacker IP Addresses from Port 80?
I am hosting a bunch of PHP web sites on a web server. While I have taken all precautionary mesaures to protect all ports, Port 80 specific attacks continue. I want to ban any IP Address that taken an ...
- 695
1
vote
4
answers
10k
views
CentOS 7 - Blocking certain countries (Phillipines,Russia,China)
I run a site that only deals with customers in certain locations.
Lately my load balancer is being hammered by requests from Phillipines/Russia/China. Mail bots, brute force attacks etc.
Is there a ...
- 81
1
vote
2
answers
1k
views
Adding sleep / delay between iptables blocks in shell script
On one server, we're trying to block any access for the country China.
We wish to implement this with iptables rather than via .htaccess.
The problem we're experiencing though, is that when adding ...
- 1,453
1
vote
1
answer
453
views
Does an ip catch all exist?
I'm trying to block specific ip address traffic using this:
sudo iptables -A INPUT -s 192.148.10.209 -j DROP
Does an ip address catch all exist where I could block all addresses on 192.148.10.* ...
- 31
1
vote
3
answers
1k
views
Is it possible to automatically block too frequently accessing IP addresses?
One IP address was accessing my site too frequently to be a real user, it was accessing so much that it caused site to slow down. Is there any application that can automatically block IP, if it is ...
- 355
1
vote
3
answers
854
views
Blocking an IP range without using .htaccess
I have a WordPress blog that I am hosting using NearlyFreeSpeech.net. Recently, Russians found it and have been comment spamming me. I don't want to have to trash 30+ Cyrillic comments/day, and I don'...
- 347
1
vote
1
answer
79
views
What things should I consider when identifying and rate limiting bots?
// Not sure if this question is best fit for serverfault or webmasters stack exchange...
I am thinking to rate limit access to my sites because identifying and blocking bad bots take most of my time.
...
- 1,139
1
vote
1
answer
16k
views
How can I block traffic FROM Amazon Technologies Inc. (possible DDOS attack) [closed]
I've a small website (portfolio) and I usually notice traffic of about 10-20MB per day.
But for few recent days I've noticed about 10-15GB (1000 times more) each day for 4 days now (and it continue ...
- 193
1
vote
2
answers
5k
views
Prevent DNS responses for specific domain completely
Situation:
Server (Win 2008R2) is being used in a DNS (amplification) DDoS attack. Amplification factor is already down to 1: Set the DNS server to non-recursive and removed all root hints -> DNS ...
- 268
1
vote
2
answers
279
views
Block an IP-address which tries to download entire website
I need to block an IP-address which tries to download my entire website. Currently I've blocked it using iptables.
Is there any way to block an IP automatically if it's trying to request to many ...
- 313
1
vote
3
answers
19k
views
check if a domain is blacklisted / blocked
Some clients report to us that our site is not accessible through their internet connection. We suspect our site is wrongfully blocked by some security software/firewall/public blacklist.
How can ...
- 262
1
vote
1
answer
4k
views
Block all RDP connection except one IP
I want to block all connection to Hyper-V machine except from one IP.
I can explain my scenario.
User can access RDP when they are in our company network.We are using 128.x.x.x range internally and ...
- 21