View previous topic :: View next topic |
Author |
Message |
Anonymoose -
Joined: 09 Sep 2003 Posts: 2192
|
Posted: Tue Nov 18, 2003 2:09 am Post subject: Banning IPs from Accessing the Server |
|
|
For this you'll need a copy of Kerio Personal Firewall. It's free for personal use, for business use you need a license.
http://www.kerio.com/kpf_download.html
If you have other personal firewall software installed you're going to need to uninstall it to avoid conflicts. I'm going to install you have some knowledge of how to operate a personal firewall in terms of setting the rest of it up - this is just for banning IP's using Kerio. If you don't, there's a fairly complete help system installed with it to get you started.
1 ) Right click the system tray icon and choose configuration
2 ) Go to the Network Security Tab
3 ) Click Packet Filter
4 ) Click Add
(The Important Bit)
IP Groups are a way of combining all banned IP's into one easy to manage group - you will be able to say Block Banned IP's rather than setting up the whole set of rules individually for however many users you want to ban.
Remember that some users on dialup and DSL/cable may have non static IPs, so blocking a whole group of IP's may be the only way to get rid of them. This means banning the whole subnet of IP's the user might connect from.
For example, if their IP is 10.0.0.3 you would ban 10.0.0.1-10.0.0.254. Do this by selecting Address Range instead of Host in the steps explained below and entering the first and last IP in the range. Only use the range option if you are sure no other users from that range need to connect.
e.g. If you are serving on a LAN and want all LAN users except one IP to be able to access the server, you would use an IP ban, not a range ban. If you are serving over the internet and want to ban one user and don't have logs of any other users from the same range who you still want to allow access to, block the whole range.
5 ) Click IP Groups.
6 ) Click Add and enter a group name such as "Banned Abyss Users". You can leave the description blank or enter extra details here if you want.
7 ) Leave the Type option set to Host and enter the first IP you want to ban here. Click OK.
8 ) For each additional IP you want to ban, click Add, then select the group Banned Users and enter the IP to ban as above. Make sure you select the group banned users or the final steps will not work correctly.
Now you have all the users to ban set up, you are ready to create a banning rule.
9 ) Click Filter Rules, then Add.
10 ) Enter a description for the rule - something appropriate
e.g. Ban Users from Abyss Webserver
11 ) Click Browse and browse to the .exe file for Abyss
e,g C:\Program Files\Abyss Web Server\abyssws.exe on my system.
12 ) Leave the group name as Default, or enter something like Abyss Webserver Rules. All the Group does is group similar rules together, it doesn't affect how the ban will work.
13 ) For protocol, click Add and select TCP, the default.
14 ) If you want to ban the user from your machine completely, not just Abyss, skip this step. Otherwise, in the Local section, click Add and enter the port number your server is running on.
15 ) In the Remote section, click Add, then select IP Group and the group you used to enter the banned users in.
16 ) Select Incoming and Deny from the checkboxes at the bottom of the dialogue.
17 ) If you want a box to pop up when they try to connect, click the "Show Alert to User" box.
18 ) Click OK.
Bingo! You've just blocked all the bad guys from your server
To add further banned users in future, follow steps 1-5 and 7. Skip 6.
Hope this helps! I can add screenshots if someone has somewhere to put them. |
|
Back to top |
|
|
demonhunter -
Joined: 14 Jun 2003 Posts: 79
|
Posted: Wed Dec 10, 2003 10:13 am Post subject: |
|
|
or you can just get an ip ban php script and add it on to the site you want to ban them from i could extract it from a php script i have hmm if i can find it |
|
Back to top |
|
|
Anonymoose -
Joined: 09 Sep 2003 Posts: 2192
|
Posted: Thu Dec 11, 2003 1:39 pm Post subject: |
|
|
PHP ban scripts only work if users access the whole site via PHP. Won't stop any scans by worms etc etc, also uses up your bandwidth feeding them pages telling them they've been banned, whereas dropping all traffic from their IP uses none. This is particularly important in the case of scans from worms / viruses where you don't want to waste your bandwidth sending back thousands of "You have been banned" pages per day. |
|
Back to top |
|
|
masa -
Joined: 05 Apr 2004 Posts: 182 Location: Hong Kong
|
|
Back to top |
|
|
olly86 -
Joined: 25 Apr 2003 Posts: 993 Location: Wiltshire, UK
|
Posted: Thu Jun 10, 2004 4:15 pm Post subject: |
|
|
I think there's a bug in the current beta meaning that the ip banning system doesn't work correctly. _________________ Olly |
|
Back to top |
|
|
TRUSTAbyss -
Joined: 29 Oct 2003 Posts: 3752 Location: USA, GA
|
Posted: Thu Jun 10, 2004 4:35 pm Post subject: |
|
|
I already posted that their was a bug with IP Banning , If
you want to check out more features , my website is up.
No Im Not Changing The Design !
http://beta.os17fan.cjb.net/
Note: I reported the bug and it should be fixed
within the next release of Abyss 2.0 Beta. Later! |
|
Back to top |
|
|
Anonymoose -
Joined: 09 Sep 2003 Posts: 2192
|
Posted: Thu Jun 10, 2004 5:12 pm Post subject: |
|
|
On a side note re Bandwidth Throttling and the console - your documentation is wrong - your example for bandwidth throttling states you have 256KB upload, and you set it to 150KB. KB is kilobytes, Kb is kilobits. I'd assume you actually have a 256Kb upload rather than 256KB.
1Kb = 128 Bytes = 0.125KB.
150KB = 1200Kb/sec... I'm assuming you don't have a 1.2mbit upstream? |
|
Back to top |
|
|
TRUSTAbyss -
Joined: 29 Oct 2003 Posts: 3752 Location: USA, GA
|
Posted: Thu Jun 10, 2004 6:32 pm Post subject: |
|
|
I have a download of 1.3 MB and an Upload of 256 KB
The deocumentation is not wrong , if it is then im stupid.
The Console is Kilobtyes so I used
150 Kilobytes , the same as 1/2 of
my internet upload speed.
KB = Kilobtyes isn't it ? |
|
Back to top |
|
|
Anonymoose -
Joined: 09 Sep 2003 Posts: 2192
|
Posted: Thu Jun 10, 2004 9:56 pm Post subject: |
|
|
Are you sure you don't mean download of 1.2Mbit and upload of 256kbit ? 256KB upload is not what you'd get from a consumer cable/DSL line! Your upload speed with 256kbit would be about 30KB/sec max - is that what people normally get when downloading from you ? |
|
Back to top |
|
|
TRUSTAbyss -
Joined: 29 Oct 2003 Posts: 3752 Location: USA, GA
|
Posted: Fri Jun 11, 2004 12:58 am Post subject: |
|
|
Yes , But I thought my upload would be faster , that explains alot lol
So are you saying that my total upload speed is only 30 KB , If thats
the case , I have a slow upload rate , please explain ?
Note: I cannot change the tutorial
untill a week from now , im away from
home and can't change it. |
|
Back to top |
|
|
iNaNimAtE -
Joined: 05 Nov 2003 Posts: 2381 Location: Everywhere you're not.
|
Posted: Fri Jun 11, 2004 1:15 am Post subject: |
|
|
1KB = 8Kb.
So, 32KB = 256Kb. _________________ Bienvenidos! |
|
Back to top |
|
|
TRUSTAbyss -
Joined: 29 Oct 2003 Posts: 3752 Location: USA, GA
|
Posted: Fri Jun 11, 2004 3:31 am Post subject: |
|
|
Man that sucks , ISP's should give us more upload bandwidth.
I have a question to ask , what is your upload bandwidth ? |
|
Back to top |
|
|
iNaNimAtE -
Joined: 05 Nov 2003 Posts: 2381 Location: Everywhere you're not.
|
Posted: Fri Jun 11, 2004 3:44 am Post subject: |
|
|
Me?
128Kbps = A salivating speed of 8 KBps (although it can go faster than that).
I will eventually be getting a 768Kbps line. _________________ Bienvenidos! |
|
Back to top |
|
|
TRUSTAbyss -
Joined: 29 Oct 2003 Posts: 3752 Location: USA, GA
|
Posted: Fri Jun 11, 2004 4:02 am Post subject: |
|
|
Ok your website goes pretty fast and its lower
than what I have , I should be happy I have at
least 30 KB to share , well this topic is over. |
|
Back to top |
|
|
|