Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact us.

Post New Thread Reply

Register GFY Rules Calendar Mark Forums Read
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >
New Webmasters ask "How-To" questions here. This is where other fucking Webmasters help.

 
Thread Tools
Old 12-07-2017, 12:28 AM   #201
Barry-xlovecam
It's 42
 
Barry-xlovecam's Avatar
 
Industry Role:
Join Date: Jun 2010
Location: Global
Posts: 18,091
as root

Code:
$ ./ufw_deny_all.sh
Code:
#!/bin/bash 
#-vx
file=server-ban-ufw-list.csv
for line in $(cat $file)  ; do

ufw deny from $line to any
sleep 1

done < ${file}
This script will stop after 30 entries sonetimes ^s ^q will restart it
you can try
Code:
$ ./ufw_deny_all.sh || true
that may help
bash error checking is
Code:
#!/bin/bash -vx
There a lot of setup tutorials on UFW

I added allow to ssh (22) only my static ips
I DID NOT allow ftp (I only use sftp and scp on 22)
I allow ftp when necessary I have a worpress on one server that needs it to update, After up dating I block ftp
You need to allow http and https

--------

Code:
[email protected]:~$ host 51.15.40.0
0.40.15.51.in-addr.arpa domain name pointer 0-40-15-51.rev.cloud.scaleway.com.
[email protected]:~$ host 37.9.114.0
Host 0.114.9.37.in-addr.arpa. not found: 3(NXDOMAIN)
[email protected]:~$ whois 37.9.114.0
Quote:

inetnum: 37.9.64.0 - 37.9.127.255
netname: RU-YANDEX-20111214

country: RU
org: ORG-YA1-RIPE
You want to block the *right* ips or CIDR /24 /20 etc.
I only block single IPs for abusive ISP users and not servers -- I will cut off whole datacenters on some servers -- without looking back. However I know i may lose some VPN users that are legit buyer (collateral damage).

On mail servers you need to only block some single IPs of spam servers (etc).

you need to allow the ports your mail server needs (<incoming)

Code:
#!/bin/bash 
#-vx
file=server-ban-ufw-list.csv
for line in $(cat $file)  ; do

echo host $line
sleep 1

done < ${file}
WHO THE IPs that resolve ARE!
https://pastebin.com/28QEjW6B

Ahrefs and Semrush are spybots -- SEO for simpletons.

What bots look like IRL


The ones that do not resolve are servers in datacenters probably with no hostname entry.
If you don't want to do business with them -- block them -- that is up to you. Most legit (not all) ISP users (people) IP's resolve to hostnames.

$resolveip [ip] [hostname]

$man resolveip
__________________
Vive la résistance -- Carpe diem

"If you only knew the power of the dark side." ...Darth Vader
Sk.why.pe: barry_555_5 -- ICQ: three1896three617
Barry-xlovecam is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 12-07-2017, 02:54 PM   #202
porn-update
Confirmed User
 
porn-update's Avatar
 
Industry Role:
Join Date: Apr 2014
Posts: 352
This s**t doesn't work...

Yesterday I set all the rules in Iptables, today the bastard who clones My sites is back, its IP enters and exits without problems in my server, although in my iptables there is this rule that blocks its IP.
Code:
iptables -A INPUT -s 93.105.187.11 -j DROP
It's not working, just as it didn't work in UFW doesn't even work iptables.

I reset everything again and entered a single rule in iptables and now the IP of the bastard is properly locked...

I believe that in Digitalocean there is a limit on the number of rules that can be entered in UFW or iptables, those beyond the limit are ignored.

Even Nixstat, who needs HTTPS, after adding all the rules did not work anymore, removing the rules back to work. Perhaps the rules that allow HTTPS traffic is beyond the limit.

Now my firewall only blocks the IP of the bastard., but I want to be able to block at least the traffic from China

In Digitalocean There is something called "Cloud Firewall" https://www.digitalocean.com/communi...loud-firewalls, with this inscription: Limits: Total incoming and outgoing rules for Firewall: 50.

The Digitalocean firewall limit may also be applied to UFW and Iptables?
porn-update is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Post New Thread Reply
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >

Bookmarks

Tags
vps, centos, cwp, thinking, line, free, command, software, advice, direction, cpanel, memcache, guides, correct, reverse, varnish, tool, litespeed, proxy, initial, acpu, opcache, apache, web, past
Thread Tools




©2000-, AVN Media Network Inc



Powered by vBulletin
Copyright © 2000- Jelsoft Enterprises Limited.