Sunward to deny access to certain IP addresses

[sunward]

The main Sunward site, and affiliated sites, will now deny access to certain IP's address (Internet Protocol). Most of these are based in China.

We did this after monitoring repeated and consistent attacks on the Sunward server. The attacks were attempts to access pages with administrator privileges.

In addition, we have also restricted the use of some email accounts that were used in other attacks. Most of these are also based in China.

We will not publish the list of the IP's and emails sites and they can change at any time.

At no time was the server or information on the server accessed. Hardware firewalls, monitoring, software firewalls, and strong passwords have been effective.
http://www.sunward1.com/content/acce...ain-ip-address

[Jwilder]

Hazaa for sunward...... Someone who understands IT security!!!!!

[sunward]

Hazaa for sunward...... Someone who understands IT security!!!!!

not easy!

Had a hard time doing it in the firewall or the root of the server with Ubuntu. Did it in plesk. Was easy to enter.

And now the hackers are getting more ingenious:
Web Hosts Are One-stop-shops for Mass Hacking

[jsargevt]

I find it a tad scary that you were not able to block IP addresses on the firewall. I assume that this is a network firewall, and not a "host firewall" on the server itself.

I know that you have blocked the IPs using the Plesk control panel and that will be effective assuming that it has hooks into the OS of the machine (I don't know Plesk all that well) but if you truly want to ensure safety I'd track down someone to help you with your network firewall as well. My concern is that the Plesk ban is just at the application level and they can still try to access vulnerabilities on the server itself.

That said, the fact that you knew some shenanigans were going on is a million miles ahead of most companies with a web presence. Additionally you took care of the issue, so I'll supersize that Huzzah below.

Just my 2 cents.

[sunward]

I find it a tad scary that you were not able to block IP addresses on the firewall. I assume that this is a network firewall, and not a "host firewall" on the server itself....

host firewall on the server itself.

It wasn't a question of not being able to doing it, but more that it was harder.

...I know that you have blocked the IPs using the Plesk control panel and that will be effective assuming that it has hooks into the OS of the machine ...

The plesk is used by me on the server I control.

When I entered an IP or a range, plesk actually provided the OS instruction for review before implementing them. So the same as going to the root of the server in ubuntu and entering commands there.

...but if you truly want to ensure safety I'd track down someone to help you with your network firewall as well....

on the list of things to do.

....That said, the fact that you knew some shenanigans were going on is a million miles ahead of most companies with a web presence. Additionally you took care of the issue, so I'll supersize that Huzzah below.

Just my 2 cents.

image attached as to the type of stuff going on. There were all kinds of attacks trying to poke the site to gain entry.

Thanks for the comment. This type of attack was one of the reasons I chose Drupal.

[jsargevt]

Angelo,

Cool - good to see that Plesk ties right into the OS. That should pretty solid.

This looks like your garden variety scan looking for the usual suspects that tend to be vulnerable. I am surprised you don't get more of these.

I agree that editing the local firewall on a server is harder than adminning a network firewall. When/if you get in touch with the network security admin you'll probably get one of 2 responses:

1. Hey thanks! I'll block those right at the border to protect everyone.
2. Leave me alone. There is no way we can keep up with these clowns.

Hopefully you get #1!

Good luck with your adventures in banning IPs today!

[Highpowerrocketyahoo]

And still we as Americans do not go out of our way to boycott communist products!!!
BOYCOTT CHINA!!! You can't eliminate everything but everyone should try to avoid as much support as possible for china.

[Highpowerrocketyahoo]

And congrats many companies and government agencies are bot as lucky

[WiK]

And still we as Americans do not go out of our way to boycott communist products!!!
BOYCOTT CHINA!!! You can't eliminate everything but everyone should try to avoid as much support as possible for china.

Erm... just because the IP addresses are Chinese doesn't mean the attack was sanctioned by, or even originated from China.

[ClayD]

Erm... just because the IP addresses are Chinese doesn't mean the attack was sanctioned by, or even originated from China.

however, if a country did wage war... hacking the people in the other country would be an easy way to bankroll your war...

(did i just say that out loud...)
(note to self.. no international banking...)

[sunward]

....I agree that editing the local firewall on a server is harder than adminning a network firewall. When/if you get in touch with the network security admin ...

uhm, that's me. Managed server was too much.

Erm... just because the IP addresses are Chinese doesn't mean the attack was sanctioned by, or even originated from China.

before banning the individual IP's, I checked their origin. When I started doing whole sections, I obtained the list of Chinese based IP's. All IP's are based in China. Even if they were being used as a proxy to attack by someone else, they were still being used and still open. So banned.

[sunward]

We have now taken further steps. With the use of ConfigServer Security & Firewall, we have now blocked all traffic from China and Seychelles (country codes CN and SC).

In addition, many IP addresses from Psychz Networks are now being blocked. Psychz Networks has not responded to repeated abuse reports coming from their servers.

These steps have resulted in less spam, fewer automated signups, and faster response time.

http://www.sunward1.com/content/addi...resses-blocked
http://www.sunwardhobbies.ca/content...resses-blocked