coming from a FreeBSD and PF background, I know there's a simple rule in PF which will dynamically add an IP address to a blacklist if it exceeds a certain threshold and then blocks them.
Using a CentOS 8.2 and firewalld, I am able to find documentation that talks about creating an 'ipset' and blocking it, I am also able to find rules to limit the rate of connection. But I can't seem to find a document that talks of putting them both dynamically.
What I want to achieve is this, if my machine gets hit by an IP address more than 3 times/minute I want to push these IPs to an ipset and block the entire set dynamically on the fly.
Some solutions provided are lengthy, some use Fail2ban etc, but is there a simpler, more direct and efficient way of doing it like PF does.
Thanks,
Related
I am migrating a website and it has many redirections. I would like to generate a list in which I can see all redirects, target and source.
I tried using Cyotek WebCopy but it seems to be unable to give the data I need. Is there a crawling method to do that? Or probably this can be accessed in Apache logs?
Of course you can do it by crawling the website, but I advise against it in this specific situation, because there is an easier solution.
You use Apache, so you are (probably) working with HTTP/HTTPS protocol. You could refer to HTTP referrer, if you use PHP, then you can reach the previous page via $_SERVER['HTTP_REFERER']. So, you will need to do the following:
figure out a way to store previous-next page pairs
at the start of each request store such a pair, knowing what the current URL is and what the previous was
maybe you will need to group your URLs and do some aggregation
load the output somewhere and analyze
I run this site and I approve access for a section of the site for people. I only want to approve static ips. If i have a bunch of IPs how do I find out if they are static or not? I can do the remaining parts but there is probably some function in the socket library or something that lets me script the part to find if the users are using static or dynamic IP.
thanks !
Php/Js would work too.
There is no way to inherently tell if an IP address is static or dynamically assigned. Based on the hostname that the IPs resolve to, you could probably make a guess as to whether they are static or not, but there is nothing definitive to facilitate this.
You could use the socket module to resolve the IPs to hostnames and flag them as "static" or "dynamic" based on some kind of "best guess" algorithm, but it would be only that: a best guess.
Here is an example using a random Verizon FiOS IP address. This assumes that any IP starting with "pool" is dynamically assigned.
>>> hostname = socket.gethostbyaddr('71.243.222.111')[0]
>>> if 'pool' in hostname:
... print hostname, 'is dynamic'
...
pool-71-243-222-111.lsanca.fios.verizon.net is dynamic
You're going to have a very tough time determining all of the various naming conventions and this would in no way be a complete solution.
You might want to ask yourself what kind of problem you're trying to solve first, and whether filtering access by IP address is providing the kind of verification you need.
I'd use a pragmatic solution: New accounts have a trial phase of a few days. After that they can only log in from the same IP used to sign up. If they still have that same IP it's most likely static.
Well, you don't have a problem, do you? If they ask for access from IP X, you give them access from IP X. If it turns out that it was dynamic and they switch, they no longer have access. In practice, no access from dynamic IPs :)
Seriously though, the authority on IP assignment type is the host from which the user is accessing. Thus, you need to ask the user what it says in his/her config.
What I'm trying to do is figure up how I can configure a mail server such that mails to a specific address will trigger certain actions- e.g. inserting the subject line into a MySQL database, etc. This is for a web app in LAMP- basically I want people to be able to add things automatically via email if they'd rather do that than use the web interface. Kind of like how e.g. with Evernote you can send a mail to your custom address to add a note that way.
I realize this is a pretty vague question, what I'm looking for is a general place to start looking and learning. I'm reasonably familiar with website tech but when it comes to mail servers I'm completely clueless. I'm not looking for any specific implementation: Rather I just want to know what are the basics I need familiarize myself to be able to attack the problem.
If you want to trigger actions "in realtime" you best work with your own mailserver and use something like procmail: Here is an example from the procmail faq how to trigger actions on incoming mails: http://porkmail.org/era/procmail/mini-faq.html#rtfm
But if you can avoid this, just let the fun stuff of mailserver work handle your provider and scan one or more mailboxes via cron-job (on linux/unix) triggered scripts. A cronjob could e.g. be a command line PHP script or a wget script that does a HTTP request on your webserver script to start the action. Your script reads the actual mails via something like http://pear.php.net/manual/en/package.networking.net-pop3.php
(Try to avoid importing the same mail twice e.g. by relying on the message id of the mail or by creating SHA1/MD5 hashes on parts or the body of the mail).
A lot of ticket systems work like this (for example OTRS: http://otrs.org/downloads).
This is traditionally handled on unix-like systems using fetchmail and/or procmail.
What I want to do is use one PC to test an application on another on the same 19.2.168.X.X
I would like to make it seem like SOAP requests are coming from a variety of different PCs, just to make the applciations log file easier to read and I have been told that virtual IP Addresses are the way to go. So, how do I defien a range and then use them one by one in VB? (I guss that this is effectively IP header spooging?)
Not exactly sure what you want to do but I'd suggest first looking at the WMI class Win32_NetworkAdapterConfiguration to see if you can do what you want with it.
If that class does not support it you might have to use INetCfg instead, where I think you can change pretty much any network settings, but it's a bit more difficult to use. Here's a codeproject article for using INetCfg from C# which might at least show you how to get started.
If you just want to create a random IP address, generate 4 random numbers from 0 to 255 and glue some dots between them.
I am using an IP location lookup to display localised prices to customers depending on whether they are visiting from the UK, US or general EU and defaulting to the US price if the location can't be determined.
I could easily force the system to believe I'm from a specific country for testing but still there is no way of knowing for sure that it's displaying correctly when a visitor from abroad accesses my site. Is the use of some proxy the only viable way of testing a site like this? If so how would I go about tracking down one that I can use to test my site from various countries of origin?
You should be able to achieve that by using proxies. http://www.proxy4free.com/page1.html has a bunch. That site just came from a Google search; I've never used proxies like this before though, so there may be better sites out there.
This is not about how to test, but rather how you identify your visitors.
Instead of using IP-lookup to determine their geographical location, you should instead grab the information about the locale they use from the useragent string.
F.instance, I'm a norwegian, and when I go to useragent.org I see that my browser sends "nb-NO" as the language my machine uses.
You can easily use that to customize currency, dates etc on your site.
If the website is indexed in Google's cache, you can visit the google with the proper URL address. ex. http://www.google.co.uk/
And see if it's displaying properly in the cache.
#Frode:
Checking system locale in iseragent string might be misleading.
I go to Canada, and set my system locale as French. So it might show the user EU prices as opposed to showing US price. Many such cases are possible where locale wont give accurate info about the end users desired "price class" in this particular application mentioned.
=AD
If you want to use geo-ip location to detect a user's language, using a proxy probably is the best way to do so.
There are a lot of lists of open proxies on the web, mostly listed with the countries. Google has quite a lot of search results on this topic. Of the top results, I have used SamAir to test some stuff before.
Searching for a working open proxy with an acceptable speed in the correct country can be a tedious task. Also keep in mind that you should not use any these proxy servers to submit any sensitive data, because you never know who runs them. This could be a kinda trustworthy ISP (ie. not from GB ;D), a honeypot to collect data, or an illegal open proxy hosted by some trojan.