log in | register | forums
Show:
Go:
Forums
Username:

Password:

User accounts
Register new account
Forgot password
Forum stats
List of members
Search the forums

Advanced search
Recent discussions
- RISC OS 'Advent' Calendar 2024 - David Pitt (News:)
- Elsear brings super-fast Networking to Risc PC/A7000/A7000+ (News:)
- November 2024 News Summary (News:1)
- Latest hardware upgrade from RISCOSbits (News:)
- WROCC November 2024 talk o...ay - Andrew Rawnsley (ROD) (News:3)
- Accessing old floppy disks (Gen:3)
- November developer 'fireside' chat on saturday night (News:)
- RISCOSbits releases a new laptop solution (News:4)
- Announcing the TIB 2024 Advent Calendar (News:2)
- RISC OS London Show Report 2024 (News:1)
Latest postings RSS Feeds
RSS 2.0 | 1.0 | 0.9
Atom 0.3
Misc RDF | CDF
 
View on Mastodon
@www.iconbar.com@rss-parrot.net
Site Search
 
Article archives
The Icon Bar: Site Comments: IP blocking
 
  IP blocking
  pnaulls (11:33 19/5/2003)
  diodesign (11:36 19/5/2003)
  rich (11:57 19/5/2003)
    diodesign (12:04 19/5/2003)
      rich (12:07 19/5/2003)
        g0tai (12:10 19/5/2003)
          rich (12:14 19/5/2003)
    pnaulls (12:13 19/5/2003)
      rich (12:16 19/5/2003)
        rich (12:17 19/5/2003)
 
Peter Naulls Message #42397, posted by pnaulls at 11:33, 19/5/2003
Member
Posts: 317
Ian (g0tai) and Chris tell me that various IPs from the prowl/acornsearch/etc range are now being dropped for no reason when conneting.

This sounds paranoid, but it seems like someone is watching logs/adding on a case by case basis.

I would point at that it's also pointless, since it's easy for Ian to use a proxy for this various automated processes such as AcornSearch.

I'm not blaming anyone (least of all Richard), but maybe someone can shed some light on this.
  ^[ Log in to reply ]
 
Chris Williams Message #42398, posted by diodesign at 11:36, 19/5/2003, in reply to message #42397
diodesign
The Opposition

Posts: 269
Oh, and my home IP is also banned, I'm going through a proxy atm. Would it be possible for this restriction to be lifted?

My home IP can be resolved from arabella.diodesign.co.uk

Thanks.
  ^[ Log in to reply ]
 
Richard Goodwin Message #42402, posted by rich at 11:57, 19/5/2003, in reply to message #42397
Rich
Dictator for life
Posts: 6828
Ian (g0tai) and Chris tell me that various IPs from the prowl/acornsearch/etc range are now being dropped for no reason when conneting.
The only automated dropping that should affect the web server (i.e. full firewall blocking) are for IPs that have sent Very Bad Requests in some way - either certian exploits (looking for formmail CGIs to send spam), or malformed HTTP request of which I got several dozen in the space of a couple of minutes and looked like an attempt to crash the server. Maybe this is some beta software loads of people are testing? :)

Of course, the web server is a bit poorly ATM and is "dropping" everyone at certain times, which I'm working on. If the web server goes down but the FTP server is still available, you haven't been blocked, the web server's gone tits up.

This sounds paranoid, but it seems like someone is watching logs/adding on a case by case basis.
Yes, it's paranoid ;) I don't have time to read my mail, let alone watch logs all day.
________
RichGCheers,
Rich.
  ^[ Log in to reply ]
 
Chris Williams Message #42407, posted by diodesign at 12:04, 19/5/2003, in reply to message #42402
diodesign
The Opposition

Posts: 269
Well it appears to be working again, ta.

Chris.
  ^[ Log in to reply ]
 
Richard Goodwin Message #42412, posted by rich at 12:07, 19/5/2003, in reply to message #42407
Rich
Dictator for life
Posts: 6828
Well it appears to be working again, ta.
If it happens again, email me the IP in question and I'll check to see if something automated is going tits up. Um, email me at my goodwin.uk.com address just in case ;)
________
RichGCheers,
Rich.
  ^[ Log in to reply ]
 
Ian Hawkins (g0tai) Message #42415, posted by g0tai at 12:10, 19/5/2003, in reply to message #42412
Member
Posts: 82
Apparently all you have to do is telnet to port 119, and you get blocked.

I can tell some (large userbase) web proxies to connect to port 119.

Be careful with exploits that can be turned against yourself (such as IP banning) as people can spoof addresses, connect via proxies, and so forth, basically making your machine's null routing table get very big, and enabling you to firewall most of the internet off!)
  ^[ Log in to reply ]
 
Peter Naulls Message #42418, posted by pnaulls at 12:13, 19/5/2003, in reply to message #42402
Member
Posts: 317

This sounds paranoid, but it seems like someone is watching logs/adding on a case by case basis.
Yes, it's paranoid ;) I don't have time to read my mail, let alone watch logs all day.
You have PV. We have to dream up our own conspiracies!
  ^[ Log in to reply ]
 
Richard Goodwin Message #42419, posted by rich at 12:14, 19/5/2003, in reply to message #42415
Rich
Dictator for life
Posts: 6828
Apparently all you have to do is telnet to port 119, and you get blocked.

I can tell some (large userbase) web proxies to connect to port 119.
Er, 119 is Usenet news. We're not running a news server. Connecting to ports where services aren't running is blocked by default by portsentry (I'd just found evidence of the blockages in the logs there).

The block is removed after about 24 hours, but seeing as this protection has been in place since the server was installed, and you're looking to get access to the ArgoNet newsgroups, could I suggest that you don't try connecting to my server to look for news that isn't there? :)
________
RichGCheers,
Rich.
  ^[ Log in to reply ]
 
Richard Goodwin Message #42420, posted by rich at 12:16, 19/5/2003, in reply to message #42418
Rich
Dictator for life
Posts: 6828
You have PV. We have to dream up our own conspiracies!
Yes, I'm *so* lucky ;)
________
RichGCheers,
Rich.
  ^[ Log in to reply ]
 
Richard Goodwin Message #42421, posted by rich at 12:17, 19/5/2003, in reply to message #42420
Rich
Dictator for life
Posts: 6828
Talking of PV, I've just got him to say it's okay to read the ArgoNet groups, so email me the IP of the server you want to grab news with, and I'll post you details of how to do this.
________
RichGCheers,
Rich.
  ^[ Log in to reply ]
 

The Icon Bar: Site Comments: IP blocking