Results 1 to 5 of 5
  1. #1
    Join Date
    May 2007
    Posts
    438

    Blocking IPs at Server Level

    I've been carrying some weird hours lately, so I'm able to see activity on my sites that I normally don't see.

    Certain IPs are trying to diddle their things into my server and need the boot. It's not consistent (ie not happening every 5, 10 mins)... it's periodically throughout the months. I'll see an IP I blocked 2 months ago just randomly show up at 4:30am and try accessing the same files it was probing during it's last visit. Assuming this is just some sort of bot, can I block it permanently?

    I know APF has a collection system that purges an IP list to keep it from bloating, and I had PSM do some hardening so I'm not entirely sure about the workings of APF firewall. So far my IP blocks are blank (which is a good sign!), but I'd like to add some nuisances to it, to keep their crap from appearing in my error logs anymore as "Denied by Server Configuration"

    My question is: Can I block people at server level permanently? I do not want their IP being taken out with the purge list that comes by every so often.

  2. #2
    Join Date
    Aug 2007
    Location
    Greece
    Posts
    390
    I believe you can add the ips at /etc/apf/deny_hosts.rules and it will not be flushed.
    NOT a webhost!helping here just for the fun of it!
    G(r)eek inside.

  3. #3
    Join Date
    May 2007
    Posts
    438
    Thanks! (adding 1 IP per line for anybody I want to block is all that's needed, correct?) Do I need to reboot anything after modifying this file?

    So I suppose there is another log somewhere that contains possible crackers (that is purged periodically), any idea where that would be?

  4. #4
    Join Date
    Aug 2007
    Location
    Greece
    Posts
    390
    I suppose you have BFD also installed so /var/log/ and in there bfd_log bfd_log.1.
    NOT a webhost!helping here just for the fun of it!
    G(r)eek inside.

  5. #5
    Join Date
    Oct 2004
    Location
    Kerala, India
    Posts
    4,750
    Quote Originally Posted by gpl24 View Post
    Thanks! (adding 1 IP per line for anybody I want to block is all that's needed, correct?) Do I need to reboot anything after modifying this file?

    So I suppose there is another log somewhere that contains possible crackers (that is purged periodically), any idea where that would be?
    You can use command to add the IP to deny list.

    apf -d IP

    You need to restart apf if you add IP manually to the deny file.

    APF log lies at /var/log/apf_log
    David | www.cliffsupport.com
    Affordable Server Management Solutions sales AT cliffsupport DOT com
    CliffWebManager | Access WHM from iPhone and Android

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •