| Author |
blocking hackers - revisited
|
|
| Nathan In Montana 2007-04-14, 6:18 pm |
| currently running a dozen or so websites out of my home on a commercial
cable backbone, dedicated win2k server server IIS 5.0. some time back i
asked how to block IPs on the router level to block scripts attempting to
log into my server. it was suggested that i upgrade my linksys router to
dd-wrt and use iptables. this works GREAT (thanks much to whomever
recommended that upgrade as it has served me very well both at home and in
commercial applications) but this hacker/script appears to have an unlimited
supply of IPs. as soon as i block one IP, i get the same attack from
another. roughly 3 times per second it attempts to log into my server 24/7.
it stopped using "administrator" and is now selecting random names. the
security breech isnt a huge concern (my password is solid), but the waste of
my server resources is.
is there any way in which to automatically block an IP after 3 tries? i
dont know what method is being used but its coming in on port 80 im sure. i
dont mind having to buy equipment if i have to, i just need a reasonable
solution.
thanks.
--
Nathan in Montana
http://ConcealedCarryForum.com
http://1911Talk.com
http://GlockCarry.com
| |
| Jerry Stuckle 2007-04-21, 10:16 pm |
| Nathan In Montana wrote:
> currently running a dozen or so websites out of my home on a commercial
> cable backbone, dedicated win2k server server IIS 5.0. some time back i
> asked how to block IPs on the router level to block scripts attempting to
> log into my server. it was suggested that i upgrade my linksys router to
> dd-wrt and use iptables. this works GREAT (thanks much to whomever
> recommended that upgrade as it has served me very well both at home and in
> commercial applications) but this hacker/script appears to have an unlimited
> supply of IPs. as soon as i block one IP, i get the same attack from
> another. roughly 3 times per second it attempts to log into my server 24/7.
> it stopped using "administrator" and is now selecting random names. the
> security breech isnt a huge concern (my password is solid), but the waste of
> my server resources is.
>
> is there any way in which to automatically block an IP after 3 tries? i
> dont know what method is being used but its coming in on port 80 im sure. i
> dont mind having to buy equipment if i have to, i just need a reasonable
> solution.
> thanks.
>
Nathan,
I don't know if this helps you as I'm not familiar with your router.
But on my Linux VPS's I have the login script tied into IP tables.
After X unsuccessful logins that IP address is barred for Y time
automatically.
It's worked well. I still get a few people trying to hack my sites, but
it makes things a lot harder for them as the server just stops
responding to that IP address.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
| |
| Nathan In Montana 2007-04-24, 6:19 pm |
| "Jerry Stuckle" <jstucklex@attglobal.net> wrote in message
news:UsqdneF02Z0v7LfbnZ2dnUVZ_qrinZ2d@comcast.com...
> I don't know if this helps you as I'm not familiar with your router. But
> on my Linux VPS's I have the login script tied into IP tables. After X
> unsuccessful logins that IP address is barred for Y time automatically.
>
> It's worked well. I still get a few people trying to hack my sites, but
> it makes things a lot harder for them as the server just stops responding
> to that IP address.
hi jerry,
that would be PERFECT. im running a linksys wrt54g router using dd-wrt
(linux) firmware. if youve any information on how i could use this in my
setup it would certainly be appreciated.
--
Nathan in Montana
http://ConcealedCarryForum.com
http://1911Talk.com
http://GlockCarry.com
| |
| Jerry Stuckle 2007-04-24, 6:19 pm |
| Nathan In Montana wrote:
> "Jerry Stuckle" <jstucklex@attglobal.net> wrote in message
> news:UsqdneF02Z0v7LfbnZ2dnUVZ_qrinZ2d@comcast.com...
>
> hi jerry,
> that would be PERFECT. im running a linksys wrt54g router using dd-wrt
> (linux) firmware. if youve any information on how i could use this in my
> setup it would certainly be appreciated.
>
Nathan,
As I said - I'm not at all familiar with your router, so I have no idea
of it would work or not. This requires the ipt_recent mod; if that's on
your router it should work.
Check out
<http://www.ducea.com/2006/06/28/usi...-force-attacks/>
for some help on how to use ipt_recent to block these attacks.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
| |
|
|
| Jerry Stuckle 2007-04-24, 10:17 pm |
| Nathan In Montana wrote:
> "Jerry Stuckle" <jstucklex@attglobal.net> wrote in message
> news:kqSdnW_yTfpvx7PbnZ2dnUVZ_umlnZ2d@comcast.com...
>
> many thanks. i hope its what im looking for, these attacks go on 24/7.
>
Good luck. I'd be interested in knowing if it works.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
|
|
|
|
| Copyright 2003 - 2008 forum4designers.com Software forum Computer Hardware reviews |