Results 1 to 8 of 8
-
09-02-2007, 08:41 PM #1WHT Addict
- Join Date
- Jun 2007
- Posts
- 165
pure-ftpd too many connection | david510 or any expert required
I have too many connection from 202.96.5.29 through pure-ftpd :
PHP Code:Sep 3 00:27:24 server pure-ftpd: (?@202.96.5.29) [INFO] New connection from 202.96.5.29
Sep 3 00:27:25 server pure-ftpd: (?@202.96.5.29) [WARNING] Authentication failed for user [oracle]
Sep 3 00:27:29 server pure-ftpd: (?@202.96.5.29) [WARNING] Authentication failed for user [oracle]
Sep 3 00:27:31 server pure-ftpd: (?@202.96.5.29) [WARNING] Authentication failed for user [Administrator]
Sep 3 00:27:39 server pure-ftpd: (?@202.96.5.29) [WARNING] Authentication failed for user [oracle]
Sep 3 00:27:49 server pure-ftpd: (?@202.96.5.29) [WARNING] Authentication failed for user [oracle]
Sep 3 00:27:49 server pure-ftpd: (?@202.96.5.29) [ERROR] Too many authentication failures
Sep 3 00:27:49 server pure-ftpd: (?@202.96.5.29) [INFO] New connection from 202.96.5.29
PHP Code:/sbin/iptables -I INPUT -s 202.96.5.29 -j DROP
route add 202.96.5.29 reject
but is not blocked always I have same too many connection ?
how can I force block this Ip ??
-
09-02-2007, 09:20 PM #2Predatory Poster
- Join Date
- Jul 2003
- Location
- Goleta, CA
- Posts
- 5,566
/sbin/iptables -A INPUT -s 202.96.5.29 -j DROP
try append instead of insert.Patron: I'd like my free lunch please.
Cafe Manager: Free lunch? Did you read the fine print stating it was an April Fool's joke.
Patron: I read the same way I listen, I ignore the parts I don't agree with. I'm suing you for false advertising.
Cafe Owner: Is our lawyer still working pro bono?
-
09-02-2007, 09:42 PM #3WHT Addict
- Join Date
- Jun 2007
- Posts
- 165
same problem
PHP Code:Sep 3 01:41:02 server pure-ftpd: (?@202.96.5.29) [WARNING] Authentication failed for user [oracle]
Sep 3 01:41:07 server pure-ftpd: (?@202.96.5.29) [ERROR] Too many authentication failures
Sep 3 01:41:08 server pure-ftpd: (?@202.96.5.29) [INFO] New connection from 202.96.5.29
Sep 3 01:41:09 server pure-ftpd: (?@202.96.5.29) [WARNING] Authentication failed for user [Administrator]
Sep 3 01:41:13 server pure-ftpd: (?@202.96.5.29) [WARNING] Authentication failed for user [Administrator]
Sep 3 01:41:18 server pure-ftpd: (?@202.96.5.29) [ERROR] Too many authentication failures
Sep 3 01:41:19 server pure-ftpd: (?@202.96.5.29) [INFO] New connection from 202.96.5.29
Sep 3 01:41:20 server pure-ftpd: (?@202.96.5.29) [WARNING] Authentication failed for user [oracle]
Sep 3 01:41:20 server pure-ftpd: (?@202.96.5.29) [WARNING] Authentication failed for user [Administrator]
Sep 3 01:41:24 server pure-ftpd: (?@202.96.5.29) [WARNING] Authentication failed for user [oracle]
Sep 3 01:41:31 server pure-ftpd: (?@202.96.5.29) [WARNING] Authentication failed for user [Administrator]
Sep 3 01:41:31 server pure-ftpd: (?@202.96.5.29) [WARNING] Authentication failed for user [oracle]
Sep 3 01:41:42 server pure-ftpd: (?@202.96.5.29) [WARNING] Authentication failed for user [oracle]
Sep 3 01:41:45 server pure-ftpd: (?@202.96.5.29) [WARNING] Authentication failed for user [Administrator]
-
09-02-2007, 09:57 PM #4WHT Addict
- Join Date
- Feb 2006
- Location
- Melbourne, Australia
- Posts
- 141
xserverx, Instead of using iptables directly may I suggest something like APF or even CSF, use CSF if you're using cPanel as it's got a great GUI that intergates with WHM.
http://rfxnetworks.com/apf.php and http://www.configserver.com/cp/csf.htmlDymestry Interactive | Australian Co-Location - Dymestry.com
Fully Managed Dedicated Servers And Co-Location (Sydney & Melbourne)
-
09-02-2007, 11:16 PM #5Web Hosting Master
- Join Date
- Oct 2004
- Location
- Kerala, India
- Posts
- 4,771
Installing APF and adding the IP to the deny list will help. You can block the IP using tcp wrappers. Add the IP to the file /etc/hosts.deny as follows.
ALL : 202.96.5.29David | www.cliffsupport.com
Affordable Server Management Solutions sales AT cliffsupport DOT com
CliffWebManager | Access WHM from iPhone and Android
-
09-03-2007, 09:05 AM #6WHT Addict
- Join Date
- Jun 2007
- Posts
- 165
david510 and Dexqt thank you very much
but I am using APF + BFD and I configure it for block any login failures with :
/sbin/iptables -I INPUT -s 62.68.36.70 -j DROP;route add 62.68.36.70
reject;apf -d 62.68.36.70;/sbin/iptables -A INPUT -s 62.68.36.70 -j DROP
for example but the Ip isn't blocked
also I have my /etc/hosts.deny is empty
can I configuer this command in my BFD for add any failuers IP to /etc/hosts.deny for example:
PHP Code:ALL:$ATT_HOST >> /etc/hosts.deny
-
09-03-2007, 09:11 AM #7Web Hosting Master
- Join Date
- Oct 2004
- Location
- Kerala, India
- Posts
- 4,771
Yes, you can configure that. As a safety measure add your ISP ip or any proxy server IP to the file /etc/hosts.allow.
To block that IP, you may try this. First stop the ftp service and after that add the IP to the apf deny file (/etc/apf/deny_hosts.rules) and restart apf.David | www.cliffsupport.com
Affordable Server Management Solutions sales AT cliffsupport DOT com
CliffWebManager | Access WHM from iPhone and Android
-
09-03-2007, 10:02 AM #8WHT Addict
- Join Date
- Jun 2007
- Posts
- 165
very nice david really you are the hard attitude man (f)<br>