Thread: Tech Web Hosts, Server Admins, ISP Owners
View Single Post
Old 12-03-2018, 06:15 PM  
HairyChick
Slowly dying
 
Industry Role:
Join Date: Sep 2012
Location: Padanaram
Posts: 3,091
Quote:
Originally Posted by VRPdommy View Post
I see plenty of good suggestions here...
But it all depends on your config.
Learn how to track all of your log files daily so you can see what is going on.
A Pain it is but it's the only way.
You will be hit from IP's from compromised servers, so doing IP blocks above your firewall can be hard to execute depending on who your intended audience is. You don't want to limit or prevent the folks you are catering to.
You will have to use a all of the above type approach to what fits your circumstance.

If you are using popular software like a WordPress engine, it makes a double layer of hack potential, but stick with it as it's easier and faster to find/fix holes in the software.

If your targets are in one country, a firewall IP whitelist for it is a good start.
You can further follow that up in .htaccess
And keep FTP access off if you don't need it. Change all ports to non-standard ports.
Don't make it easy for some kid following a how-to on the web.

Watch your logs like a hawk.

edit...
I was getting 24 hits a minute at certain times of the day.
Blocking countries that do not speak the same language was the first step.
If you are looking to just bock single IP's...
There is no end to them through all the compromised systems, so good luck with that.
Most times those compromised systems do not know they have been compromised as everything works as normal. So everyone should monitor their own bandwidth usage for that sign.
I have over 1 billion ip's blocked and still get 600 hits a day on average poking at the system.
That continues to shrink everyday by monitor and action.
Thanks. I remember my first bot attack in 1994. Shut down the host’s machines and they disconnected for a while to calm things down. I was lost and my host was pissed off! He had about two dozen clients and lost six of them due to attack on the box. He learned to tighten things up and to move the attack to another box.

I can’t fathom a billion blocked IPs. I’m blocking whole hosts as in *@*.*.secureserver.net. 800 daily attempts from different countries to different IPs. I sent an address explaining why and tried to tell them these are open accounts. Third email so I think no one cares!

I’m surprised so many static addresses are open. I noticed many hosts have many open accounts and I wonder who admins these boxes. Blocking open ports isn’t rocket science yet many large hosts are inundated with them.

Fortunately none of my current or past hosts have appeared in logs.
__________________
*****************************************
Anti-Semites have Small Penis Syndrome. The only known treatment is electroshock therapy combined with cerebellum removal. Fortunately, it’s a tiny procedure.
*****************************************
HairyChick is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote