[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] attempted slam
- Subject: Re: [cobalt-users] attempted slam
- From: flash22@xxxxxxx
- Date: Tue Feb 13 15:16:02 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
On Tue, 13 Feb 2001, Carrie Bartkowiak wrote:
> Follow-up on this;
> I've got lots of saved logs where someone from "sympatico.ca" has tried to
> get in; plenty of entries where portsentry has dropped their ip into the
> hosts.deny file. But each time they try, they're on a different IP, so
> that's not helping.
> Tonight I dropped sympatico.ca itself into the hosts.deny file. I didn't
> know I could do it like that, was just trying on the off-chance it would
> work. (I thought I had to have an entire IP.)
yeah, i good idea, i have hundreds of hits from a sympatico user also, tho
is a different city apparently (Toronto) , if it's the same one it implies
they went through severla hundred IP's in 4 days, possible, but i doubt
it, One thing to note tho, i also have a lot of lame server messages for
sympatico.ca looking up reverse, so do NOT trust the names, block by IP
number..
Lame server on '43.227.228.64.in-addr.arpa'
(in '227.228.64.in-addr.arpa'?): [204.101.251.1].53 'dns1.sympatico.ca'
[]
> this, or if there's a way to only allow ftp access from a user login that
> matches a certain IP range - that way, even if someone gets a client's
Yes, proftp can allow/deny based on client IP, tho with ip / vhost kludge
it gets a bit tricky
<Limit LOGIN>
Order Allow,Deny
Allow 195.200.31.220
Allow 212.32.17.0/26
Deny ALL
</Limit>
(this can be above virtual for server wide, or inside for IP specific
access restrictions)
You can also have a seperate one just for anonymous...