Topic: Ip baning

[bpivk]

Well i read about htaccess and i'll use that. But i read something about correct permissions. What are they? Do i need to chmod .htaccess file?

[piran]

[piran]# exit now ;~)

[raem]

bpivk

> Well i read about htaccess and i'll use that....

Perhaps you should be reading this howto (for general guidance) which also works on to sme7

http://mirror.contribs.org/smeserver/contribs/rmitchell/smeserver/howto/htaccess%20configuration%20with%20custom%20templates%20HOWTO%20for%20sme%20server.htm

[raem]

bpivk

You said earlier:
I need something to ban a specific ip from my site or all of the sites (ibay's) not from smtp server

Piran said:
Using the above will render your site 'invisible'
to web browsing and emails from designated IPs.

[bpivk]

Well i'm new at this linux server stuff but i do know that "exit now" command won't help me with my question.  

[raem]

bpivk

> How can i ban an IP (external not local)?


Searching, searching, searching...............
Ping !

http://forums.contribs.org/index.php?topic=31443.0

db configuration setprop httpd-e-smith DenyHosts 83.245.45.230
signal-event remoteaccess-update

[piran]

<Well i'm new at this linux server stuff but i do know that
"exit now" command won't help me with my question.>

= I'm politely leaving the conversation as I am uneasy leading
(what is apparently and now confirmed to be) some one
relatively new to Linux, who perhaps shouldn't be messing
with those things that can very easily lead to disaster. I'm
not an instructor nor particularly au fait with these things
but am fairly competent at the narrow range of things I do
with my own environment, for which I am solely responsible.

Messing with .htaccess can easily take your site offline.
If you REALLY want to use .htaccess this code should
refuse browser access from the IP xxx.xxx.xxx.xxx:

Code: [Select]

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{REMOTE_ADDR} xxx.xxx.xxx.xxx
RewriteRule .* - [F,L]

Anyway, I see that Ray has sorted you out;~)

I'm off now... g'night;~)

[raem]

bpivk

> How can i ban an IP (external not local)?

Although your question was specific to web access, I just wanted to add these here for completeness for future readers

sme7 has put this control (& many others too) into the config database so end users/admins have no need to get directly involved with tweaking firewall rules etc, which if you don't know what you are doing is a risky business and may well create an insecure server.

(Quoted from other posts with thanks to the posters)

For controlling email access

Note though that blocking IP's is usually only temporarily useful as spammers change IP's often, far better to rely on RBL lists, and hope they get updated quickly.

This will block the senders IP for smtp at the firewall.

db configuration setprop smtpd DenyHosts xxx.xxx.xxx.xxx
signal-event remoteaccess-update

where xxx.xxx.xxx.xxx is the ip address you want to block. You can add multiple ip addresses by comma seperating them.


For controlling ssh access

This will allow ssh access ONLY from the designated IP's & block all other sources.

/sbin/e-smith/db configuration setprop sshd TCPPort 22
/sbin/e-smith/db configuration setprop sshd AllowHosts xxx.xxx.xxx.xxx
/sbin/e-smith/signal-event remoteaccess-update

or

/sbin/e-smith/db configuration setprop sshd TCPPort 22
/sbin/e-smith/db configuration setprop sshd AllowHosts x.x.x.1,y.y.y.2
/sbin/e-smith/signal-event remoteaccess-update

To enter multiple AllowHosts IP's, comma separate the IP addresses and/or netmasks (e.g. 16.17.18.19,203.14.64.0/24), as in the above example

ssh will then only be allowed from those IP addresses. The firewall code will drop ssh connections from any other hosts.


For controlling web access

This will block access attempts to your web server from the designated IP(s).
Note also that this will be successful at blocking robots etc as their IPs are often static or a group of static IPs, but as hackers change IP's often, blocking ports to stop hackers is like chasing your own tail.

db configuration setprop httpd-e-smith DenyHosts zz.zzz.zz.zzz
signal-event remoteaccess-update

where zz.zzz.zz.zzz is the remote host IP

[bpivk]

db configuration setprop httpd-e-smith DenyHosts 83.245.45.230
signal-event remoteaccess-update

Thanks
This is just what i needed.
Now how can i unban banned ip's?

Do i do it like this
db configuration setprop httpd-e-smith AllowHosts 83.245.45.230

And yes piran....
I am new at all this stuff and that's whiy i'm asking so many questions. So i can learn as much as i can. But i apologise if i disturb or anoy you with my questions.

[piran]

bpivk----
No apology needed but it was kind of you to offer;~)
You're not disturbing me, however I was uneasy and feeling guilty leading
someone not obviously familiar with these things down IP banning paths
that would or could be dangerous in use without thought or care.

Ray----
I'm interested too in the maintenance angle of the new 'db' way;~)
Please would you gently amplify or clarify how to:
* look/view the accumulated volume of entries or intelligence?
* save, back up or otherwise transport that accumulated intelligence?
* activate/deactivate the whole of that IP banning functionality?
* find the manual? Is there a Wiki entry (for non-programmers/developers)?

[bpivk]

bpivk----
Please would you gently amplify or clarify how to:
* look/view the accumulated volume of entries or intelligence?
* save, back up or otherwise transport that accumulated intelligence?
* activate/deactivate the whole of that IP banning functionality?
* find the manual? Is there a Wiki entry (for non-programmers/developers)?

Same questions.
And about dangerous banning....
If i screw something up i can always reformat my disks.

[piran]

bpivk----

Deducing from elsewhere your remove command looks like:

Code: [Select]

[ban]
db configuration setprop httpd-e-smith DenyHosts 83.245.45.230
signal-event remoteaccess-update

[unban]
db configuration delprop httpd-e-smith DenyHosts 83.245.45.230
signal-event remoteaccess-update

...you reverse the setprop/delprop (not the DenyHosts/AllowHosts).

[bpivk]

Thanks piran. That was the last info i needed. Now i know enough to work with SME.

As i said. SME is a great package and i love it but it's based on linux (i love buttons so i like win because of simplicity) so i have to learn from scratch now because win can't compare to linux.

Thanks for all your patience and great help.
And cheers for now.

[raem]

bpivk

> Now i know enough to work with SME.

A little more will be useful.
Certainly there is no need to jump to the "reformat the disk" conclusion if something doesn't work.
Just reverse the changes in most cases.

The db command will show you the syntax
at command prompt just type
db

usage:
    /sbin/e-smith/db dbfile keys
    /sbin/e-smith/db dbfile print [key]
    /sbin/e-smith/db dbfile show [key]
    /sbin/e-smith/db dbfile get key
    /sbin/e-smith/db dbfile set key type [prop1 val1] [prop2 val2] ...
    /sbin/e-smith/db dbfile setdefault key type [prop1 val1] [prop2 val2] ...
    /sbin/e-smith/db dbfile delete key
    /sbin/e-smith/db dbfile printtype [key]
    /sbin/e-smith/db dbfile gettype key
    /sbin/e-smith/db dbfile settype key type
    /sbin/e-smith/db dbfile printprop key [prop1] [prop2] [prop3] ...
    /sbin/e-smith/db dbfile getprop key prop
    /sbin/e-smith/db dbfile setprop key prop1 val1 [prop2 val2] [prop3 val3] ...
    /sbin/e-smith/db dbfile delprop key prop1 [prop2] [prop3] ...


Look at some of the howtos and forum posts for examples of usage.

To review current settings and to check settings after you make a change use
config show xxxx
eg
config show |more
(press Enter to scroll)
will list all configuration db entries

to see specific service entries do something like

config show squid
or
config show smtpd
or
config show httpd-e-smith

you get the service names from the config show command

you could also do this for other dbs like so

cd /home/e-smith/db
ls -al
to see all databases

eg
db spamassassin show
db accounts show |more
db mailpatterns show |more
db yum_repositories show |more


When you make changes you will usually (not always) need to expand templates and restart services. If you are unsure which to do, then you can always rely on the master command to reset all configuration settings

signal-event post-upgrade
reboot

A commonly used event is
signal-event email-update
to make changes to email related config and restart appropriate services,
and there are many others (to be learnt)

Find and read the Dev Guide

[bpivk]

Well i do read all the texts i can get and i print all the usefull stuff i find on this forum, but when i mess something up i mess it up
. When i tryed to upgrade php and mysql i ended up reformating my drives because linux wouldn't even boot.

But it doesn't matter. I make backups and i learn as i go. So i think that i'll get a hang of it eventually. And untill then... thanks for your help and all your great tips.