Saturday, December 24, 2016

Blocking the Attackers!

We are being hit by a number of different users but I do not know why. Our host "" has blocked what appears to be the primary offenders that are arriving here from an IP address that is of the form:


I just checked on one, which first I had to learn how to do, and yes it is a blacklisted site:

A new file has now been placed on our server where we can add in the addresses that we want to restrict, but that means checking the logs on a daily basis, checking where they are coming from (why would also be nice but I have no idea how to do that - Peter?) and then blocking them. They then receive a "403 response" which means "access denied".

It would seem to me that the better alternative is to only allow certain IP addresses but that is another question for another day.

For now, we will have to BLOCK anything that looks suspicious and that might mean blocking a valid member if they are in that block. If that happens you will have to send me a message so we can investigate. Of course that means that I hope that you have read this post so you know to do that! I will copy this over to the BLOG that we use to notify members of issues:

Make sure you BOOKMARK that site so you know to go there whenever there is a problem.

I must now go and check the logs (they are massive lists!) and see who has been attacking the site.

It appears this has to be done for the phpBB3 forum as well as the wiki site.


Please note that I know nothing about this so I am "learning on the fly". This could be the start of a major shift as to how we operated this forum as volunteers. These attacks cost us BIG $$ as we are billed for all the OVERAGE so this is not just a case of an inconvenience.

The daily logs have to be checked and they are HUGE as they record everyone that came to the site:

Then you have to check if they are bad, or just block them anyway if they look suspicious:

Then you have to put in the block. I am working on that aspect!

No comments:

Post a Comment