Topic: Ip baning

[bpivk]

Hy

How can i ban an IP (external not local)? Can i find any RPM's to install and to do this from server-manager console?

Thanks for reply

[raem]

bpivk

> How can i ban an IP (external not local)?

Searching, searching.........
Ping !

http://forums.contribs.org/index.php?topic=33023.0

[bpivk]

Boing! Wrong answer.  

I need something to ban a specific ip from my site or all of the sites (ibay's) not from smtp server (i have spamfilters for that).

[raem]

bpivk

Boing! Wrong question !

Your question is vague & inconsistent.

First you ask:
How can i ban an IP (external not local)?
Then you say:
 I need something to ban a specific ip from my site or all of the sites (ibay's)

Doesn't from my site mean a local IP, not an external IP ?

What actually are you trying to ban this IP from doing ?
What is the IP for or of, a local workstation, a remote workstation, a remote site ???

Please explain better than you have already.

[bpivk]

Ok I'll try to explain...

Let's say that I have a site www.google.com and i want to keep you from accessing it. The way i would do it would be that i ban your ip. Now how do i do that.

Is that good enough?

[Mjohnson]

It would seem you have a couple of realistic options to explore, and  I am not sure configuring SME is a practical approach.  

Option 1 would be to explore your server appication and see if it allows or can be configured to ban an IP.  For instance, phpBB does have such a feature and is easily configured via the administrator panel.

Option 2 would be to configure your firewall appropriately, whether that is SME or some other device.  I suppose you could use IPTables to accomplish this, but since you are asking how to do this, I am doubting you would know how to proceed on that path.

Banning of specific IP's for web site access is not a great way to prevent access.  IP's are easily randomized, changed or otherwise spoofed.  Any lamely talented mildly determined person could overcome that with a quick Google search.

...and I am not a big fan of being Boing'd....lol

[bpivk]

Well the people i want to ban don't know jack s**t about computers. They only know how to turn it on so proxy servers and stuff aren't an option for them.

I read about ip tables but i wanted to know if there is any other (simpler) way (eg.: type some commands in putty "ban ip ***" or "unban ip ***").

I want to deny them access to all of sme services it would take a lot of time to ban them on all sites that i put up. Some of them don't even have ip ban function (some html sites).

[cactus]

I want to deny them access to all of sme services it would take a lot of time to ban them on all sites that i put up. Some of them don't even have ip ban function (some html sites).

If you want to ban them from accessing HTML or other web content, you may also be aple to use the appropriate keywords from apache, like allowing/denying access from certain Ip numbers, using 'allow from' and 'deny from'.

[bpivk]

And how do i do that? I read something about httpd.conf and baning ip trough that but i don't know where the file is.

But i agree that the best option would be to add them to my sme firewall rule or by baning them trough apache. That's the reason i'm posting this question.

[warren]

I read about ip tables but i wanted to know if there is any other (simpler) way (eg.: type some commands in putty "ban ip ***" or "unban ip ***").

/sbin/iptables -I INPUT -s xxx.xxx.xxx.xxx  -i eth1 -j DROP

You'd have to template this to survive reboot though.

[piran]

[make a template file]
pico /etc/e-smith/templates-custom/etc/rc.d/init.d/masq/40DenyWhomever

[edit troublesome areas]
/sbin/iptables -A INPUT -s xxx.0.0.0/32 -j DROP # isolates 1 IP - Single IP
/sbin/iptables -A INPUT -s xxx.0.0.0/24 -j DROP # isolates 256 IPs - Class C
/sbin/iptables -A INPUT -s xxx.0.0.0/16 -j DROP # isolates 65536 IPs - Class B
/sbin/iptables -A INPUT -s xxx.0.0.0/8 -j DROP # isolates 16777216 IPs - Class A

[save template]
Ctrl-X | y | <return>

[expand template]
/sbin/e-smith/expand-template /etc/rc.d/init.d/masq

[implement template]
service masq restart

[enjoy a bit of peace and quiet until the next criminal/pervert starts up]
;~)

[bpivk]

Thanks
And how do i remove someone from my template?

[piran]

...!?
Edit out what is 'now' not required.
Expand the template and restart masquerading.
If you didn't know that about templates
I should remind you to exercise great care
when dealing with masquerading/iptables;~)
Using the above will render your site 'invisible'
to web browsing and emails from designated IPs.

[Rory]

When I want to deny access for an IP or an entire subnet from viewing my website I add them to my .htaccess file.  You can find more information about .htaccess from the Apache website, or search for .htaccess in the contribs.  Once you have .htaccess running and find more people that you need to ban you can go down one line and add another deny from then add there IP address

[piran]

The use of .htaccess route is somewhat deprecated nowadays...
sound and good reasons really but inconvenient to us single user
(and thus fewer associated security concerns) site .htaccessholics;~)
My masquerading set wavers between 3 or 4 thousand line entries.
THAT many .htaccess lines (PER DIRECTORY PER SITE etc) would
prove somewhat onerous - both for the CPUs and my editing... YMMV

[bpivk]

Well i read about htaccess and i'll use that. But i read something about correct permissions. What are they? Do i need to chmod .htaccess file?

[piran]

[piran]# exit now ;~)

[raem]

bpivk

> Well i read about htaccess and i'll use that....

Perhaps you should be reading this howto (for general guidance) which also works on to sme7

http://mirror.contribs.org/smeserver/contribs/rmitchell/smeserver/howto/htaccess%20configuration%20with%20custom%20templates%20HOWTO%20for%20sme%20server.htm

[raem]

bpivk

You said earlier:
I need something to ban a specific ip from my site or all of the sites (ibay's) not from smtp server

Piran said:
Using the above will render your site 'invisible'
to web browsing and emails from designated IPs.

[bpivk]

Well i'm new at this linux server stuff but i do know that "exit now" command won't help me with my question.  

[raem]

bpivk

> How can i ban an IP (external not local)?


Searching, searching, searching...............
Ping !

http://forums.contribs.org/index.php?topic=31443.0

db configuration setprop httpd-e-smith DenyHosts 83.245.45.230
signal-event remoteaccess-update

[piran]

<Well i'm new at this linux server stuff but i do know that
"exit now" command won't help me with my question.>

= I'm politely leaving the conversation as I am uneasy leading
(what is apparently and now confirmed to be) some one
relatively new to Linux, who perhaps shouldn't be messing
with those things that can very easily lead to disaster. I'm
not an instructor nor particularly au fait with these things
but am fairly competent at the narrow range of things I do
with my own environment, for which I am solely responsible.

Messing with .htaccess can easily take your site offline.
If you REALLY want to use .htaccess this code should
refuse browser access from the IP xxx.xxx.xxx.xxx:

Code: [Select]

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{REMOTE_ADDR} xxx.xxx.xxx.xxx
RewriteRule .* - [F,L]

Anyway, I see that Ray has sorted you out;~)

I'm off now... g'night;~)

[raem]

bpivk

> How can i ban an IP (external not local)?

Although your question was specific to web access, I just wanted to add these here for completeness for future readers

sme7 has put this control (& many others too) into the config database so end users/admins have no need to get directly involved with tweaking firewall rules etc, which if you don't know what you are doing is a risky business and may well create an insecure server.

(Quoted from other posts with thanks to the posters)

For controlling email access

Note though that blocking IP's is usually only temporarily useful as spammers change IP's often, far better to rely on RBL lists, and hope they get updated quickly.

This will block the senders IP for smtp at the firewall.

db configuration setprop smtpd DenyHosts xxx.xxx.xxx.xxx
signal-event remoteaccess-update

where xxx.xxx.xxx.xxx is the ip address you want to block. You can add multiple ip addresses by comma seperating them.


For controlling ssh access

This will allow ssh access ONLY from the designated IP's & block all other sources.

/sbin/e-smith/db configuration setprop sshd TCPPort 22
/sbin/e-smith/db configuration setprop sshd AllowHosts xxx.xxx.xxx.xxx
/sbin/e-smith/signal-event remoteaccess-update

or

/sbin/e-smith/db configuration setprop sshd TCPPort 22
/sbin/e-smith/db configuration setprop sshd AllowHosts x.x.x.1,y.y.y.2
/sbin/e-smith/signal-event remoteaccess-update

To enter multiple AllowHosts IP's, comma separate the IP addresses and/or netmasks (e.g. 16.17.18.19,203.14.64.0/24), as in the above example

ssh will then only be allowed from those IP addresses. The firewall code will drop ssh connections from any other hosts.


For controlling web access

This will block access attempts to your web server from the designated IP(s).
Note also that this will be successful at blocking robots etc as their IPs are often static or a group of static IPs, but as hackers change IP's often, blocking ports to stop hackers is like chasing your own tail.

db configuration setprop httpd-e-smith DenyHosts zz.zzz.zz.zzz
signal-event remoteaccess-update

where zz.zzz.zz.zzz is the remote host IP

[bpivk]

db configuration setprop httpd-e-smith DenyHosts 83.245.45.230
signal-event remoteaccess-update

Thanks
This is just what i needed.
Now how can i unban banned ip's?

Do i do it like this
db configuration setprop httpd-e-smith AllowHosts 83.245.45.230

And yes piran....
I am new at all this stuff and that's whiy i'm asking so many questions. So i can learn as much as i can. But i apologise if i disturb or anoy you with my questions.

[piran]

bpivk----
No apology needed but it was kind of you to offer;~)
You're not disturbing me, however I was uneasy and feeling guilty leading
someone not obviously familiar with these things down IP banning paths
that would or could be dangerous in use without thought or care.

Ray----
I'm interested too in the maintenance angle of the new 'db' way;~)
Please would you gently amplify or clarify how to:
* look/view the accumulated volume of entries or intelligence?
* save, back up or otherwise transport that accumulated intelligence?
* activate/deactivate the whole of that IP banning functionality?
* find the manual? Is there a Wiki entry (for non-programmers/developers)?

[bpivk]

bpivk----
Please would you gently amplify or clarify how to:
* look/view the accumulated volume of entries or intelligence?
* save, back up or otherwise transport that accumulated intelligence?
* activate/deactivate the whole of that IP banning functionality?
* find the manual? Is there a Wiki entry (for non-programmers/developers)?

Same questions.
And about dangerous banning....
If i screw something up i can always reformat my disks.

[piran]

bpivk----

Deducing from elsewhere your remove command looks like:

Code: [Select]

[ban]
db configuration setprop httpd-e-smith DenyHosts 83.245.45.230
signal-event remoteaccess-update

[unban]
db configuration delprop httpd-e-smith DenyHosts 83.245.45.230
signal-event remoteaccess-update

...you reverse the setprop/delprop (not the DenyHosts/AllowHosts).

[bpivk]

Thanks piran. That was the last info i needed. Now i know enough to work with SME.

As i said. SME is a great package and i love it but it's based on linux (i love buttons so i like win because of simplicity) so i have to learn from scratch now because win can't compare to linux.

Thanks for all your patience and great help.
And cheers for now.

[raem]

bpivk

> Now i know enough to work with SME.

A little more will be useful.
Certainly there is no need to jump to the "reformat the disk" conclusion if something doesn't work.
Just reverse the changes in most cases.

The db command will show you the syntax
at command prompt just type
db

usage:
    /sbin/e-smith/db dbfile keys
    /sbin/e-smith/db dbfile print [key]
    /sbin/e-smith/db dbfile show [key]
    /sbin/e-smith/db dbfile get key
    /sbin/e-smith/db dbfile set key type [prop1 val1] [prop2 val2] ...
    /sbin/e-smith/db dbfile setdefault key type [prop1 val1] [prop2 val2] ...
    /sbin/e-smith/db dbfile delete key
    /sbin/e-smith/db dbfile printtype [key]
    /sbin/e-smith/db dbfile gettype key
    /sbin/e-smith/db dbfile settype key type
    /sbin/e-smith/db dbfile printprop key [prop1] [prop2] [prop3] ...
    /sbin/e-smith/db dbfile getprop key prop
    /sbin/e-smith/db dbfile setprop key prop1 val1 [prop2 val2] [prop3 val3] ...
    /sbin/e-smith/db dbfile delprop key prop1 [prop2] [prop3] ...


Look at some of the howtos and forum posts for examples of usage.

To review current settings and to check settings after you make a change use
config show xxxx
eg
config show |more
(press Enter to scroll)
will list all configuration db entries

to see specific service entries do something like

config show squid
or
config show smtpd
or
config show httpd-e-smith

you get the service names from the config show command

you could also do this for other dbs like so

cd /home/e-smith/db
ls -al
to see all databases

eg
db spamassassin show
db accounts show |more
db mailpatterns show |more
db yum_repositories show |more


When you make changes you will usually (not always) need to expand templates and restart services. If you are unsure which to do, then you can always rely on the master command to reset all configuration settings

signal-event post-upgrade
reboot

A commonly used event is
signal-event email-update
to make changes to email related config and restart appropriate services,
and there are many others (to be learnt)

Find and read the Dev Guide

[bpivk]

Well i do read all the texts i can get and i print all the usefull stuff i find on this forum, but when i mess something up i mess it up
. When i tryed to upgrade php and mysql i ended up reformating my drives because linux wouldn't even boot.

But it doesn't matter. I make backups and i learn as i go. So i think that i'll get a hang of it eventually. And untill then... thanks for your help and all your great tips.

[lovag]

Great info...
thanks 4 this thread
 

[crzy_dmd]

Is there a way to block all IP addresses except one?

how do i can do this?

[TrevorB]

Is there a way to block all IP addresses except one?

how do i can do this?

From one of Ray's earlier posts

Code: [Select]

/sbin/e-smith/db configuration setprop sshd AllowHosts xxx.xxx.xxx.xxx
signal-event remoteaccess-updateThe AllowHosts property is the opposite of DenyHosts (ie. allow ONLY these hosts vs deny ONLY these hosts) and applies to all the services stated in that post. The second statement will do all the required changes and expand the appropriate template and restart all the services.

Trevor B

[crzy_dmd]

Thx Trevor,

So the idea is if i use AllowHosts, no one can access except that host? is that easy? i put DenyHosts=all, i have to remove this?

[raem]

crzy_dmd

This thread will probably also be of interest, and may actually give you some configuration clues.
http://forums.contribs.org/index.php?topic=38202.new;topicseen#new