Simplest way to deny access to a class C
Patrick Gibson
gibblertron at gmail.com
Sat Mar 5 00:14:45 UTC 2011
fail2ban by default only bans an IP for 10 minutes, and that's
configurable. It can also email you anytime it imposes a ban, so one
can keep an eye on things at least in the beginning to see if it's
causing a problem for legitimate users.
On Thu, Mar 3, 2011 at 4:02 PM, Gary Gatten <Ggatten at waddell.com> wrote:
> Be careful of automated responses. What if someone spoofs IP's of legit users / customers / whatever and your automated response blocks them? Not good.
>
> I thought about blocking....well, never mind - might pi$$ someone off and attract unwanted attention...
>
> -----Original Message-----
> From: owner-freebsd-questions at freebsd.org [mailto:owner-freebsd-questions at freebsd.org] On Behalf Of Patrick Gibson
> Sent: Thursday, March 03, 2011 5:58 PM
> To: Jorge Biquez
> Cc: freebsd-questions at freebsd.org
> Subject: Re: Simplest way to deny access to a class C
>
> You might consider mod_security (/usr/ports/www/mod_security) which
> can be set up to ban hosts based on behaviour or characteristics.
>
> Or fail2ban (/usr/ports/security/py-fail2ban) is really great, too, in
> that it scans whatever logs you want, and can trigger a block in your
> firewall if enough violating log entries are found within a particular
> period of time. Everything is totally configurable, and there are
> plenty of examples that come with it.
>
> Patrick
>
>
> On Thu, Mar 3, 2011 at 8:59 AM, Jorge Biquez <jbiquez at intranet.com.mx> wrote:
>> Hello all.
>>
>> I am sorry in advance if this question sounds too stupid.
>>
>> I have a small server for personal use of webpages running:
>>
>> 7.3-PRERELEASE FreeBSD 7.3-PRERELEASE #0
>>
>> it is working fine , no problem very stable.
>>
>> I just need to block some IP class C address that are always trying to
>> "discover" directories or applications under the web server. They do not do
>> and can not do anything since this server has nothing installed but i am
>> tired of seeing in the logs all the intents they do every 2-3 seconds.
>>
>> I have not installed any kind of firewall yet.
>> What do you think is the best way to accomplish this task? If possible the
>> easiest one. I do not want to do anything else but just bloc IP's, at this
>> moment at least.
>>
>> Thanks in advance.
>>
>> Jorge Biquez
>>
>> _______________________________________________
>> freebsd-questions at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
>
>
>
>
> <font size="1">
> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
> </div>
> "This email is intended to be reviewed by only the intended recipient
> and may contain information that is privileged and/or confidential.
> If you are not the intended recipient, you are hereby notified that
> any review, use, dissemination, disclosure or copying of this email
> and its attachments, if any, is strictly prohibited. If you have
> received this email in error, please immediately notify the sender by
> return email and delete this email from your system."
> </font>
>
>
More information about the freebsd-questions
mailing list