simple prevent login attacks

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • simple prevent login attacks

      Hi all,

      in the last month, serveral freaks try to hack my server. But not with SSH, but via the EasySCP GUI.

      Maybe, there is a way to make this with fail2ban. My simple way now is sending a HTML-Header 404 or bounce them back to origin, if a known IP tries it to often.
      Normally this IPs came from Russia, Ukraine, Iran and so on - so, for me it makes sense to block them totally.

      Source Code

      1. $callingip =$_SERVER['REMOTE_ADDR'];
      2. $blockedip = array('5.188.62.25'); // enter here all IPs you want to block
      3. if(in_array($callingip,$blockedip)) {
      4. // If you wish to get a notice
      5. mail('enter@youremail.here','your subject',$callingip,'sender@youremail.com');
      6. // you can send back: file not found
      7. // header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found");
      8. // or
      9. // bounce the request to the blocked ip itself ;-)
      10. header("Location: http://".$callingip);
      11. exit;
      12. }
      Display All
      I've placed this little bit of code into the file direct behind the main comment

      [/var/www/]easyscp/gui/htdocs/index.php

      If I will get more attacks, I think, i'll write an automatic to fill the blocked-ip-list.

      Maybe this is helpful for others.

      Greets, Kuerbis42
    • New

      The best way is really to use Fail2Ban for it. And yes, I see this 5.188.xx.xx IP too, which probes to log in using "adminu" as user. I activated last years in my Fail2Ban a lot of rules (located everywhere in internet), so that almost all attacker are blocked (dovecot, postfix, apache incl. php errors, 403, 404, etc.), but EasySCP required a new rule, which must be written separatelly for it.
      I can post it here, if I have it ready. But give me please 2-3 weeks for it.
      MfG

      August