hey all,
my admin just reminded me about the site that was stealing my trafic.
(im not shure about the tech speek for this so...)
one site was from japan www.163.com
other site was from brazil with a IP of 200.163.*.*
he just blocked all trafic from there.

dont know the how or the why but here is the who at lest
if anyone could help clearfy what im trying to relay here that would be grate.
thanks
James

Originally posted by jamenjaw
hey all,
my admin just reminded me about the site that was stealing my trafic.
(im not shure about the tech speek for this so...)
one site was from japan www.163.com
other site was from brazil with a IP of 200.163.*.*
he just blocked all trafic from there.

dont know the how or the why but here is the who at lest
if anyone could help clearfy what im trying to relay here that would be grate.
thanks
James

163.com is from China....:eek:

stealing traffic, can you clarify that more. You mean stealing images from your server?

I think what im trying to say is that they hacked my dns (from what my admin told me) and redirected my trafic to there site. its late and i should be sleeping insted of working
ohh well

you choose the biz.... What happens after you change it back. After your server been hacked, you should really reformat, you never know whats left...

Your registar name server or your dns on your server

Originally posted by kktsang
163.com is from China....:eek:

Beijing

163.com went to Beijing from Japan? Now start making changes to your site.

all ready did them. but found out a cupple of news ones ill post more info here once im able to compile all the info tonight.

found out someone is trying to hack in using an old bind explot that my admin all ready upgraded the bind with the patch.

woops that was my bad on the domain being from japan.
ment to say china.
:D

James

Hmmm, thanks for informing me. Somebody recently signed up for a hosting account on my server using that domain. Me thinks me will be suspending that account immediatly...

Just checked the account and it doesn't seem to be in use yet. Their probaby keeping it as a backup account for when their current hosts dumps them, pitty it won't be there when they need it.

how can i ban an IP address from accessing websites hosted on my server?

If you have a firewall installed, you can use that to ban it.

Put the IP in here:-

/etc/hosts.deny

i do not have a firewall installed, also i understand hosts.deny would only restrict access to inetd services such as ftp, pop, telnet, etc. but does not block the ip from accessing http.

163.com is bigger than yahoo in china. You are not dealing with 163.com my friend.

Originally posted by hostchamp
i do not have a firewall installed, also i understand hosts.deny would only restrict access to inetd services such as ftp, pop, telnet, etc. but does not block the ip from accessing http.

Blocking the IP in hosts.deny will just deny the IP to certain services (login, etc.). If you want to block web access, you can use .htaccess deny directives, but what good would blocking the IP for the web server do? What are they doing? You mentioned the DNS service was attempted to be compromised? That has no bearing on them accessing the web server or not. What type of system are you on now? You don't have any ipchains, iptables or ipfw, etc.? If you block them with firewall rules, it'll block them from every port (if you want).

2host.com believe you were confused with mine and jamenjaw's post, but i have posted reply to your response in another thread which i have opened, pls chk.