| |
IP blocking |
| |
pnaulls (11:33 19/5/2003)
diodesign (11:36 19/5/2003)
rich (11:57 19/5/2003)
diodesign (12:04 19/5/2003)
rich (12:07 19/5/2003)
g0tai (12:10 19/5/2003)
rich (12:14 19/5/2003)
pnaulls (12:13 19/5/2003)
rich (12:16 19/5/2003)
rich (12:17 19/5/2003)
|
| |
|
Peter Naulls |
Message #42397, posted by pnaulls at 11:33, 19/5/2003 |
Member
Posts: 317
|
Ian (g0tai) and Chris tell me that various IPs from the prowl/acornsearch/etc range are now being dropped for no reason when conneting.
This sounds paranoid, but it seems like someone is watching logs/adding on a case by case basis.
I would point at that it's also pointless, since it's easy for Ian to use a proxy for this various automated processes such as AcornSearch.
I'm not blaming anyone (least of all Richard), but maybe someone can shed some light on this. |
| |
 [ Log in to reply ] |
| |
|
Chris Williams |
Message #42398, posted by diodesign at 11:36, 19/5/2003, in reply to message #42397 |
 The Opposition
Posts: 269
|
Oh, and my home IP is also banned, I'm going through a proxy atm. Would it be possible for this restriction to be lifted?
My home IP can be resolved from arabella.diodesign.co.uk
Thanks. |
| |
[ Log in to reply ] |
| |
|
Richard Goodwin |
Message #42402, posted by rich at 11:57, 19/5/2003, in reply to message #42397 |
 Dictator for life
Posts: 6828
|
Ian (g0tai) and Chris tell me that various IPs from the prowl/acornsearch/etc range are now being dropped for no reason when conneting. The only automated dropping that should affect the web server (i.e. full firewall blocking) are for IPs that have sent Very Bad Requests in some way - either certian exploits (looking for formmail CGIs to send spam), or malformed HTTP request of which I got several dozen in the space of a couple of minutes and looked like an attempt to crash the server. Maybe this is some beta software loads of people are testing? 
Of course, the web server is a bit poorly ATM and is "dropping" everyone at certain times, which I'm working on. If the web server goes down but the FTP server is still available, you haven't been blocked, the web server's gone tits up.
This sounds paranoid, but it seems like someone is watching logs/adding on a case by case basis. Yes, it's paranoid  I don't have time to read my mail, let alone watch logs all day.
________
 Cheers,
Rich.
|
| |
[ Log in to reply ] |
| |
|
Chris Williams |
Message #42407, posted by diodesign at 12:04, 19/5/2003, in reply to message #42402 |
The Opposition
Posts: 269
|
Well it appears to be working again, ta.
Chris. |
| |
[ Log in to reply ] |
| |
|
Richard Goodwin |
Message #42412, posted by rich at 12:07, 19/5/2003, in reply to message #42407 |
Dictator for life
Posts: 6828
|
Well it appears to be working again, ta. If it happens again, email me the IP in question and I'll check to see if something automated is going tits up. Um, email me at my goodwin.uk.com address just in case
________
Cheers,
Rich.
|
| |
[ Log in to reply ] |
| |
|
Ian Hawkins (g0tai) |
Message #42415, posted by g0tai at 12:10, 19/5/2003, in reply to message #42412 |
Member
Posts: 82
|
Apparently all you have to do is telnet to port 119, and you get blocked.
I can tell some (large userbase) web proxies to connect to port 119.
Be careful with exploits that can be turned against yourself (such as IP banning) as people can spoof addresses, connect via proxies, and so forth, basically making your machine's null routing table get very big, and enabling you to firewall most of the internet off!) |
| |
[ Log in to reply ] |
| |
|
Peter Naulls |
Message #42418, posted by pnaulls at 12:13, 19/5/2003, in reply to message #42402 |
Member
Posts: 317
|
This sounds paranoid, but it seems like someone is watching logs/adding on a case by case basis. Yes, it's paranoid I don't have time to read my mail, let alone watch logs all day.
You have PV. We have to dream up our own conspiracies! |
| |
[ Log in to reply ] |
| |
|
Richard Goodwin |
Message #42419, posted by rich at 12:14, 19/5/2003, in reply to message #42415 |
Dictator for life
Posts: 6828
|
Apparently all you have to do is telnet to port 119, and you get blocked.
I can tell some (large userbase) web proxies to connect to port 119. Er, 119 is Usenet news. We're not running a news server. Connecting to ports where services aren't running is blocked by default by portsentry (I'd just found evidence of the blockages in the logs there).
The block is removed after about 24 hours, but seeing as this protection has been in place since the server was installed, and you're looking to get access to the ArgoNet newsgroups, could I suggest that you don't try connecting to my server to look for news that isn't there?
________
Cheers,
Rich.
|
| |
[ Log in to reply ] |
| |
|
Richard Goodwin |
Message #42420, posted by rich at 12:16, 19/5/2003, in reply to message #42418 |
Dictator for life
Posts: 6828
|
You have PV. We have to dream up our own conspiracies! Yes, I'm *so* lucky
________
Cheers,
Rich.
|
| |
[ Log in to reply ] |
| |
|
Richard Goodwin |
Message #42421, posted by rich at 12:17, 19/5/2003, in reply to message #42420 |
Dictator for life
Posts: 6828
|
Talking of PV, I've just got him to say it's okay to read the ArgoNet groups, so email me the IP of the server you want to grab news with, and I'll post you details of how to do this.
________
Cheers,
Rich.
|
| |
[ Log in to reply ] |
| |
|
