|
as root
Code:
$ ./ufw_deny_all.shCode:
#!/bin/bash you can try Code:
$ ./ufw_deny_all.sh || truebash error checking is Code:
#!/bin/bash -vxI added allow to ssh (22) only my static ips I DID NOT allow ftp (I only use sftp and scp on 22) I allow ftp when necessary I have a worpress on one server that needs it to update, After up dating I block ftp You need to allow http and https -------- Code:
barry@paragon-DS-7:~$ host 51.15.40.0Quote:
I only block single IPs for abusive ISP users and not servers -- I will cut off whole datacenters on some servers -- without looking back. However I know i may lose some VPN users that are legit buyer (collateral damage). On mail servers you need to only block some single IPs of spam servers (etc). you need to allow the ports your mail server needs (<incoming) Code:
#!/bin/bash https://pastebin.com/28QEjW6B Ahrefs and Semrush are spybots -- SEO for simpletons. What bots look like IRL https://s18.postimg.org/hlukvehe1/ca...an-hamster.gif The ones that do not resolve are servers in datacenters probably with no hostname entry. If you don't want to do business with them -- block them -- that is up to you. Most legit (not all) ISP users (people) IP's resolve to hostnames. $resolveip [ip] [hostname] $man resolveip |
This s**t doesn't work...:mad:
Yesterday I set all the rules in Iptables, today the bastard who clones My sites is back, its IP enters and exits without problems in my server, although in my iptables there is this rule that blocks its IP. Code:
iptables -A INPUT -s 93.105.187.11 -j DROPI reset everything again and entered a single rule in iptables and now the IP of the bastard is properly locked... I believe that in Digitalocean there is a limit on the number of rules that can be entered in UFW or iptables, those beyond the limit are ignored. Even Nixstat, who needs HTTPS, after adding all the rules did not work anymore, removing the rules back to work. Perhaps the rules that allow HTTPS traffic is beyond the limit. Now my firewall only blocks the IP of the bastard., but I want to be able to block at least the traffic from China In Digitalocean There is something called "Cloud Firewall" https://www.digitalocean.com/communi...loud-firewalls, with this inscription: Limits: Total incoming and outgoing rules for Firewall: 50. The Digitalocean firewall limit may also be applied to UFW and Iptables? |
So, after countless tutorial guides, iptable templates, etc etc etc etc etc etc etc etc and so on UFW and iptables etc., nothing ever works... as soon as the rules increase they begin to be ignored.
Now my rules.v4 is this: http://porn-update.com/temp/rules.v4, as simple as possible, only blocks the IP of the bastard and Baidu. The server works well, the sites are online, everything looks wonderful, until I go to see the visits... http://porn-update.com/temp/Schermat...2023-18-22.png I'm losing about half of my normal visits. It is true that the cloned sites were closed, and removed from the DMCA results in Google that probably created confusion even in statistics. And maybe even in Webmaster tools. http://porn-update.com/temp/Schermat...2023-21-06.png But perhaps the most important thing is that the clicks that arrive at the pop-unders and the affiliate services have not diminished much :eek7:eek7:eek7 http://porn-update.com/temp/Schermat...2023-23-58.png http://porn-update.com/temp/Schermat...2023-23-49.png I noticed that most of the visits I lost in the server 14.04 (which contains my sites with more turnout), more or less 50% on 14.04 and about 30% on 16.04. At this point the doubt comes, something is wrong with my iptables? Is it blocking something that shouldn't? How can I understand/verify if the firewalls are doing more than necessary? (I wouldn't even know exactly what I should look over HTTP, https, and SSH...) Summary: Applied new simple Rules. V4 in Iptables. Closing clone sites and removing results (DMCA). Loss about 50% visits (especially in 14.04). Click to pop-unders and affiliations, almost constant. The Doubts: What the f*** is going on? How can I check if the firewalls in my server are working properly or are blocking too much? |
Did you keep track anywhere of referrals? Meaning do you know where the traffic was coming from before so that you can compare it to where it is coming from now?
That might tell you a lot. You say you pretty much killed the clones. Is it possible that some of the clones included links to you that you have now killed? Just some ideas to look at that have nothing to do with whether your set up is right or now. . |
It is difficult to understand who are the referal, because that moron who copied my sites has left my code anlytics, my code Yandex metrica, my Google Webmaster Tools verification Code, my advertising codes etc.
Also one of the cloned sites is this: Adult Hashtag, which sends visits to all my sites. Of all this mess, what remains are just a lot of doubts...:( |
|
I turned on the iptables logs (I didn't even know existed)
But how do I read them? Code:
Dec 14 00:00:45 ubuntu-1gb-nyc3-01 kernel: [519730.097997] IN=eth0 OUT= MAC=36:1a:36:97:ff:ba:84:b5:9c:f9:18:30:08:00 SRC=163.172.12.194 DST=104.236.230.48 LEN=437 TOS=0x00 PREC=0x00 TTL=56 ID=37739 DF PROTO=UDP SPT=5084 DPT=5060 LEN=417 According to "my theory" I should only block the IP of Baidu and the bastard who clones me sites, but I did the whois of some IP in the logs and they seem to arrive from England, Australia, Ireland, Japan etc. I did not understand how to read the logs or my iptables is blocking half the world? Something else, Ipset. Trying to figure out how the iptables logs work I saw ipset that is often used along with iptables, but almost all the tutorials I find are for Ubuntu 10.04 or 12.04, is it old and outdated or still works the same way? |
better buy managed vps
|
I've had it for years, never have been able to understand what was going on, the only solution was to buy a more expensive service...
|
So...
In recent days the situation has not improved (indeed), so I thought of another drastic change, move everything on Linode or Vultr. I asked for advice to those who have already used them here https://gfy.com/webmaster-q-and-fucki...tr-linode.html, to understand "where to go". Digitalocean has something strange, cronjob in PHP that do not work, firewall rules and IP tables that are ignored, and many other strange behaviors that I have seen in recent months. I chose Digitalocean because I had already tried it and I had that feeling To know him a little and for the guides that make everything seem simple, but in practice I do not think changes much in the procedure to install and configure a LAMP server and also Linode and Vultr offer more resources at the same price. Even this big loss of visits perhaps is due to a misconfiguration or interpretation of firewalls or iptables, but I can not understand what there is that does not work, maybe it's just something Digitalocean, with a new server, or visits come back to grow, or anyway I know I have to look somewhere else. So I was thinking about a complete shift. Are there any problems with Linode or vultr that I should know before I start creating a new server? Ubuntu 17? Can you use it for servers? |
So...
I moved one of my servers in vultr and finally UFW seems to work properly, I'm blocking a few hundred IP of cloners, bad-bots, Chinese IP etc. and for now no problem.. In the next few days I would also like to move the sites of my second server. Since I have to move the second server I came a new idea (just to complicate life more and more) And if I try Nginx? I could add all the other sites to the Apache server I've already created, but since you have to do the job maybe it's worth a try. Of Nginx I do not know anything, except that they do not work the htaccess and that url_rewriter should be moved to the servers blocks (I think are the virtual hosts), deflate there should be, mod_headers and mod_expires and everything else I have no idea. Url_rewriter I hate it in Apache, and it hate even more in Nginx, but my url_rewriter is simple and I saw that there are converters from Apache to Nginx (but they are deprecated) For everything else my sites are basically PHP and MySQL, it should work pretty much everything. But it remains a question, is it worth using nginx instead of Apache?
Does it make sense to use Nginx instead of Apache? |
| All times are GMT -7. The time now is 02:52 PM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc