<HTML>
<HEAD>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META content="OPENWEBMAIL" name=GENERATOR>
</HEAD>
<BODY bgColor=#ffffff>
The manual add is easy.
<br />
<br />At the command line as root, use:
<br />iptables -I acctin 1 -s x.x.x.x -j DROP (replacing the x.x.x.x with the originating/offending IP)
<br />
<br />If you see connections coming from more than one IP in the same network, add a /24 to the back of the IP to block that entire 24-bit network.
<br />
<br />But remember, this is in memory only. As soon as your BX server is rebooted, you add a site, delete a site, or change a IP - that manual firewall addition is gone. Its a good method to temporarily block a IP or group of IPs that is hacking on you. Because as soon as they can't get through any more - they'll move on. But this isn't permanent.
<br />
<br />
<br />
<br />Chuck
<br /><font size="2">
<br />
<br /><b>---------- Original Message
-----------</b>
<br />
From: "Richard Morgan" <richard@morgan-web.co.uk>
<br />
To: "BlueOnyx General Mailing List" <blueonyx@blueonyx.it>
<br />
Sent: Mon, 5 Nov 2012 21:51:01 -0000
<br />
Subject: [BlueOnyx:11661] Blocking connections by IP address
<br />
<br />> Our server is being sent loads of POP3 login requests. They're
slow
(about 6s apart) and not really causing a problem, but I was under the
impression the server would block these once the volume go to above 60 failed
log in's within one
hour.
<br />>
<br />> Nov 5 15:28:21 vps1 dovecot: pop3-login: Aborted login (auth
failed,
1 attempts): user=<lexus>, method=PLAIN, rip=95.211.132.81,
lip=[xx.our.ip.xx]
<br />>
<br />> So, two
questions...
<br />>
<br />> Is there anyway to tweak the configuration so these are blocked
automatically? The GUI says the IP is blocked, but new connections are
still appearing in the
log.
<br />>
<br />> Alternatively, is there any way I can add the offending IP address to a
blacklist
manually?
<br />>
<br />> Many thanks
indeed.
<br /><b>------- End of Original Message
-------</b>
<br />
</font>
</BODY>
</HTML>