[arm-allstar] Script to ban IP

[Doug Crompton]

Rachid,

 If you do not need port 80 from the outside it should be blocked at the
router by NOT port forwarding it. If it is not port forwarded it could not
get to your Pi or anywhere else.  Ports can only be forwarded to one
internal IP address. You also have the option of changing the http port in
your Pi server. This is done in /etc/httpd/config/config/httpd.conf  - look
for the listen statement. You can change it to some high port. Remember
when you do this you will need to specify the port in the url like -
192.168.1.100:15000/supermon  You also need to restart httpd -  systemctl
restart httpd


*73 Doug*

*WA3DSP*

*http://www.crompton.com/hamradio <http://www.crompton.com/hamradio>*

On Sun, Jun 30, 2019 at 10:23 PM Rachid Karroo <rkarroo at gmail.com> wrote:

> Doug, thank you for replying. The Port is 80 (http). I have Supermon
> running but not towards the outside world since no public IP or Dyndns
> defined. Obviously he was scanning and saw the Port 80 open. I am sure he
> will come back again.
> He tried a few times and using different approach. According to the IP
> lookup , it is from Hong Kong. Below is an extract of the access log.
> I will look whether it is possible to block at router level. I will also
> have a look from the Linux command provided by K1bdx in a separate reply.
>
> 73s
> Rachid
> 3B8FP
>
>
> 119.247.137.168 - - [30/Jun/2019:08:35:46 +0400] "GET
> /phpmyadmin2011/index.php?lang=en HTTP/1.1" 404 989
> 119.247.137.168 - - [30/Jun/2019:08:35:46 +0400] "GET
> /phpmyadmin2012/index.php?lang=en HTTP/1.1" 404 989
> 119.247.137.168 - - [30/Jun/2019:08:35:47 +0400] "GET
> /phpmyadmin2013/index.php?lang=en HTTP/1.1" 404 989
> 119.247.137.168 - - [30/Jun/2019:08:35:47 +0400] "GET
> /phpmyadmin2014/index.php?lang=en HTTP/1.1" 404 989
> 119.247.137.168 - - [30/Jun/2019:08:35:48 +0400] "GET
> /phpmyadmin2015/index.php?lang=en HTTP/1.1" 404 989
> 119.247.137.168 - - [30/Jun/2019:08:35:49 +0400] "GET
> /phpmyadmin2016/index.php?lang=en HTTP/1.1" 404 989
> 119.247.137.168 - - [30/Jun/2019:08:35:49 +0400] "GET
> /phpmyadmin2017/index.php?lang=en HTTP/1.1" 404 989
> 119.247.137.168 - - [30/Jun/2019:08:35:50 +0400] "GET
> /phpmyadmin2018/index.php?lang=en HTTP/1.1" 404 989
> 119.247.137.168 - - [30/Jun/2019:08:35:50 +0400] "GET
> /phpmyadmin2019/index.php?lang=en HTTP/1.1" 404 989
>
>
> On Sun, Jun 30, 2019 at 11:49 PM "Doug Crompton via ARM-allstar" <
> arm-allstar at hamvoip.org> wrote:
>
>> Rahcid,
>>
>> What is the IP address accessing? What port? Are you using a router ahead
>> of your LAN? The best place to block an IP is in your router if it has a
>> way to do that, most do. A router would normally block most all incoming
>> ports unless you port froward them. Is the IP on a port you allow through?
>>
>> If it is a specific Allstar node you can block that in Supermon using the
>> restrict button. You can block an IP address in your hamvoip server using
>> this method -
>>
>> https://www.cyberciti.biz/faq/how-do-i-block-an-ip-on-my-linux-server/
>>
>>
>> *73 Doug*
>>
>> *WA3DSP*
>>
>> *http://www.crompton.com/hamradio <http://www.crompton.com/hamradio>*
>>
>>
>> On Sun, Jun 30, 2019 at 2:52 PM "Rachid Karroo via ARM-allstar" <
>> arm-allstar at hamvoip.org> wrote:
>>
>> > Dear all
>> >
>> > Is there a script that I could insert into my Hamvoip/Supermon on my PI
>> to
>> > block an IP access?
>> > Checking my web access log, I saw an IP (reported as abuse) trying to
>> get
>> > into here.
>> >
>> > Thanks
>> > 73s
>> > Rachid
>> > 3B8FP
>> > _______________________________________________
>> >
>> > ARM-allstar mailing list
>> > ARM-allstar at hamvoip.org
>> > http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>> >
>> > Visit the BBB and RPi2/3 web page - http://hamvoip.org
>> >
>> _______________________________________________
>>
>> ARM-allstar mailing list
>> ARM-allstar at hamvoip.org
>> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>>
>> Visit the BBB and RPi2/3 web page - http://hamvoip.org
>>
>