How do I ban the IP that is trying to hack my server?

ntloc · - Joined: 26 Feb 2004 Posts: 35 Location: UT

Can anyone please tell me how can I ban - block the IP Address that is trying to hack into my server. I always see hacking activities on my server. Please help. :(
Thank you.

Anonymoose · - Joined: 09 Sep 2003 Posts: 2192

I will guarantee that 99% of the traffic you are seeing, if not 100% is just from the various server based worms that spread by infecting other servers. There are no worms in existance that spread over Abyss, so you really have no need to worry. However, if you're set on trying to ban every single machine that scans you, have a look at this...

http://www.aprelium.com/forum/viewtopic.php?t=2799

TRUSTAbyss · - Joined: 29 Oct 2003 Posts: 3752 Location: USA, GA

iNaNimAtE · Posted: Tue Mar 02, 2004 11:32 pm Post subject:

However if you want to ban the IP, may I say first that most of the traffic you receive are from dynamic IPs; meaning that they change.

Otherwise, if you still want to ban them, you will need to use a 3rd party client such as Norton Internet Security or Kerio Personal Firewall.

Once you have obtained either of these programs, I can give you a tutorial on how to ban IPs.
_________________
Bienvenidos!

ntloc · - Joined: 26 Feb 2004 Posts: 35 Location: UT

yeah I have a Norton Internet Security 2004 + Norton System Work 2004 installed on my server. Oh and here is some of my log file:

67.166.21.223 - - [02/Mar/2004:16:42:37 -0700] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 357 "" ""
67.166.21.223 - - [02/Mar/2004:16:42:37 -0700] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 357 "" ""
67.166.21.223 - - [02/Mar/2004:16:42:38 -0700] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 357 "" ""
67.166.21.223 - - [02/Mar/2004:16:42:38 -0700] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 357 "" ""
67.166.21.223 - - [02/Mar/2004:16:42:38 -0700] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 426 "" ""
67.166.21.223 - - [02/Mar/2004:16:42:42 -0700] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 426 "" ""
67.166.21.223 - - [02/Mar/2004:16:42:43 -0700] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 426 "" ""
67.166.21.223 - - [02/Mar/2004:16:42:43 -0700] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 357 "" ""
67.166.21.223 - - [02/Mar/2004:16:42:44 -0700] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 357 "" ""
67.166.21.223 - - [02/Mar/2004:16:42:44 -0700] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 357 "" ""
67.166.21.223 - - [02/Mar/2004:16:42:45 -0700] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 357 "" ""
67.166.21.223 - - [02/Mar/2004:16:42:50 -0700] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 426 "" ""

Can iNaNimAtE show me tutorial on how to ban IPs.
Thank you.

iNaNimAtE · Posted: Wed Mar 03, 2004 2:10 am Post subject:

Ok. I have version 2003, so I'm guessing it won't be that different. Open up the main security window, and click on "Personal Firewall," and click "Configure." Under the "Home Networking" tab, click on "Restricted." Then you can add the IP(s) you want to restrict from your computer.

May I note that from the log sample you gave, there is a worm trying to exploit an IIS vulnerability. It is harmless to you, since you are running Abyss Web Server.
_________________
Bienvenidos!

ntloc · - Joined: 26 Feb 2004 Posts: 35 Location: UT

Thank you everyone of you for helping me out.
Thank you!

iNaNimAtE · Posted: Wed Mar 03, 2004 5:46 am Post subject:

Sure. No problem.
_________________
Bienvenidos!

mtbiking · - Joined: 18 Mar 2004 Posts: 66

hey mate nice site but it takes a while to find where every thing is with is being all directory i'd like to say insead of asking people to apply in your forum use mail form like

<FORM METHOD="POST" ACTION="MAILTO:youremail">
<INPUT TYPE="text" NAME="name" SIZE=50 MAXLENGTH="50">
<INPUT TYPE="reset" VALUE="Clear All">
<INPUT TYPE="submit" VALUE="Send!!!">
</FORM>

well thats a simple form but if you had sendmail you could use formmail downloadable from http://www.scriptarchive.com/

iNaNimAtE · Posted: Thu Apr 08, 2004 10:26 pm Post subject:

If your talking about free email addresses, then I haven't put a formmail script because I am still configuring the web-based email script. I have a working POP3 server, but I still need to redesign the interface for the webmail.

If you go to the "contact" section, you can see that I am using a formmail script. By the way; my website isn't that hard to navigate, mainly because everything that is on the left menu is everything I have.
_________________
Bienvenidos!

demonhunter · - Joined: 14 Jun 2003 Posts: 79

or u can setup ur own mail server

iNaNimAtE · Posted: Sun Apr 18, 2004 3:51 am Post subject:

Yes, I use an Email Server (notice my email address is iNaNimAtE@cfxnetworks.com).
_________________
Bienvenidos!

Foxified · - Joined: 13 Apr 2004 Posts: 487 Location: Canada

once beta of the new aprelium abyss comes out it has anti hacking, bannign ip addresses built in :D something for you to look forward to