Welcome to WebmasterWorld Guest from 54.227.110.209

Forum Moderators: bakedjake

Message Too Old, No Replies

how to block an ip

     

adwhite

11:21 am on Oct 2, 2007 (gmt 0)

10+ Year Member



Hi,

I have an ip address trying to hack my sendmail. I have blocked him with host.deny but now in my secure log I'm getting :-
Oct 2 12:03:09 ns in.qpopper[7798]: refused connect from 111.111.111.111
every second which is screwing up other peoples access to the smtp server.

Is there anything else I can do to remove this "person"

Cheers

Andy

[edited by: engine at 11:32 am (utc) on Oct. 2, 2007]
[edit reason] ip obfuscated [/edit]

wheel

11:26 am on Oct 2, 2007 (gmt 0)

WebmasterWorld Senior Member wheel is a WebmasterWorld Top Contributor of All Time 10+ Year Member



iptables -A INPUT --source 123.123.123.123 --jump DROP

That should drop them via firewall, SMTP won't even see them anymore.

adwhite

11:36 am on Oct 2, 2007 (gmt 0)

10+ Year Member



Hi,

Thanks for your quick response, but this is an ancient raq4 which doesn't run iptables.

Achernar

12:18 pm on Oct 2, 2007 (gmt 0)

5+ Year Member



ipchains -I input 1 -s 123.123.123.123 -j DENY

adwhite

12:44 pm on Oct 2, 2007 (gmt 0)

10+ Year Member



Okay...

I tried this command, but it appears ipchains isn't running, ipchains is on this raq4 so if you could guide me on how to configure and start it, I think this would be the answer.

Cheers

A

Matt Probert

1:30 pm on Oct 2, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



ipchains is an external program you can download for free (try searching for ipchains-1.3.10.tar.gz for example). If you're not familiar with server maintenance, ask the company you rent your server from to install it (mine did, for me).

Matt

Matt Probert

1:34 pm on Oct 2, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Sorry, I'm a clot. You said you *have* ipchains. Okay, make a directory under your root account, untar the archive into there and then read the file entitled README. It should explain how to get going.

The README file accompanying my copy also recommends

"See the HOWTO (available from the web page at
[rustcorp.com...]

Matt

Achernar

1:47 pm on Oct 2, 2007 (gmt 0)

5+ Year Member



I tried this command, but it appears ipchains isn't running, ipchains is on this raq4 so if you could guide me on how to configure and start it, I think this would be the answer.

What error message do you have?

adwhite

2:06 pm on Oct 2, 2007 (gmt 0)

10+ Year Member



Hi

Sorted!

I ran a status command and found it was running, then when I ran the deny command I had to run it from /sbin but it's now worked

Thank you all very much.

Regards

Andy