1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice

access log control and ban ip

Discussion in 'Plesk for Linux - 8.x and Older' started by secretman, Aug 4, 2005.

  1. secretman

    secretman Guest

    0
     
    Hello,
    when insert on plesk on the admin server a page with log including ip, cpu load and site visited on admin general?
    On plesk is impossible ban ip for single domain access.
    Some users spam or illegal reload sites and server go on crash. With the ban ip this problem is resolved.
     
  2. Blackbit

    Blackbit Guest

    0
     
    IP Bans

    On my Servers i block several IP's with IP-Tables. But you should always pay attention when doing this, because Spammers and Hackers use Dial-Up connections. So you might block "normal" Users someday. ;) I recommend blocking those IP's for shure. The Vendor Group is a community of very aggressive spammers:

    # Black list of spammers/hackers
    # These guys are pests! Let's stop them at the firewall
    # May cause issues if these ip addresses get assign to someone
    # else in the future
    iptables -A INPUT -i eth0 -s 61.141.203.0/24 -j BL # bnd56.com & other chinese spammers
    iptables -A INPUT -i eth0 -s 64.70.22.96/28 -j DROP # Vendare Group (Jackpot.com, jpmailer.com)
    iptables -A INPUT -i eth0 -s 209.132.245.64/27 -j BL # Vendare Group (Jackpot.com, jpmailer.com)
    iptables -A INPUT -i eth0 -s 216.34.211.16/28 -j BL # Vendare Group (Jackpot.com, jpmailer.com)
    iptables -A INPUT -i eth0 -s 216.34.216.140/27 -j BL # Vendare Group (Jackpot.com, jpmailer.com)
    iptables -A INPUT -i eth0 -s 216.52.237.0/27 -j BL # secureprivatepay*.{com,org,net}
    iptables -A INPUT -i eth0 -s 216.52.244.0/27 -j BL # secureprivatepay*.{com,org,net}
    iptables -A INPUT -i eth0 -s 216.52.248.32/27 -j BL # secureprivatepay*.{com,org,net}
    iptables -A INPUT -i eth0 -s 216.131.94.43 -j BL # reliablehosting.com
    iptables -A INPUT -i eth0 -s 81.23.243.8 -j BL # search.msn.com
    iptables -A INPUT -i eth0 -s 207.115.56.39 -j BL # prodigy.net
    iptables -A INPUT -i eth0 -s 221.5.2.2 -j BL # Spammer Messagecastle.com
    iptables -A INPUT -i eth0 -s 217.81.60.27 -j BL

    I recommend to limit access to your SSH to always one (your) IP! I did it with a dynamic host like dyndns.org, wich can be updated automatically in a cron job. You can take the preview of the Plesk-Firewall script and modify it. Then paste the whole script in a bash-file. Add your rules and let it be runned by a cron-job. If your ISP changes the IP's regularly you can fit the cron-job for it. If your IP is not actual and bans yourself , you can still switch it with your Plesk-Firewall-Module.

    If you would like to see my script(s) tell me. I'll help you out ;)
     
Loading...