Block IP Rule

**davialbuquerque** · 09-13-2011, 11:53 PM

Hi ...

I have the host business plan.
In my town has a 3G service called "Embratel".
This 3G service "Embratel" shares the same IP for all customers.
Last month one guy called "h4cky", type the wrong password in the FTP purposely, because he knows about the security rule.
When you type the FTP password 10 times, this IP stay blocked permanently for http, ftp, everything.
When someone else with this IP, try to access my site, not receive any message, nothing. The site appears down.
I contact the support, and they removed the ip from the blacklist list, ok.
I have a adsl service called "Velox" with Dynamic IP based.
Today i try to access my site, and site appears down.
I contact the support, and the attendant told me that this IP that i take today (with luck), was blocked last month.
The attendant called "Stars G." told me that all IP are blocked permanently.
And more, told me to take a VPS service to control this.
Its not sounds absurd?
Can u create a similar of 404.html for that? When a person get a blocked IP, receives a personalized message to contact me.
And ... Why u block a Dynamic IP permanently? Can you create a time like 5 days?
I keep thinking. How many other IP are blocked now. Sometimes people say my site is down, and when i check, his on.

**Tony** · 09-13-2011, 11:59 PM

I'm sorry I can't understand any of that. Can you phrase that as a specific question? Don't forget to include links to your site of you want us to look at it.

**davialbuquerque** · 09-14-2011, 12:31 AM

Ok, im nervous. I redid the post.

Add Info:

If you have a reseller account, and people type the FTP password wrong, this (dynamic) IP will be blocked permanently for your reseller client site, for all your clients, for your reseller site, and for all accounts and his clients who shared the same server in webhostingbuzz. This not sounds well.

Im 4 years client of webhostingbuzz, i like the service, the ping is good for my country, the support is good too, but i think its time to fix it.

**Maxim M.** · 09-14-2011, 09:29 AM

Hi,

I'm afraid we won't be able to remove this rule since we have to protect the servers from brute force attacks and other hacking attempts. There are no special rules for dynamic or static IPs. Any IP gets permanently blocked for multiple failed login attempts. There's no way to setup a redirect to an 'Ip blocked' page since we have to block access to the server via all ports and protocols.

These measures were taken by our senior technical administrators based on their long-term experience in the industry. We are very sorry it's causing you inconveniences, but that's really something improtant we have applied to protect the servers from more serious consequences.

At the same time you can always contact us in order to have your local IP unblocked and get everything back online.

**davialbuquerque** · 09-14-2011, 04:42 PM

This rule protects servers against attacks or brute force attacks.
But allow other type of attack.
For example.
i have a job site finder, just for my city.
The 3g service uses the same IP, and adsl service like 1000 different IP.
The rival site knows the way to keep people without seeing my site.
Just connecting and disconnecting and taking another IP and type wrong ftp password.
All IP will be blocked permanently?
Its not a failure of security too?
Webhostingbuzz is a big host house ... u cant find a way to protect of this attack type?

**Maxim M.** · 09-14-2011, 04:47 PM

I don't see a security failure as long as unauthorized user can't access the server and modify your content. That's exactly what this is all about.

And why would everyone be trying to ftp your account?

**davialbuquerque** · 09-14-2011, 05:24 PM

is your answer? "And why would everyone be trying to ftp your account?"

why people create virus? why people try to hack? why people hit people? why? why u have to block a dynamic IP permanently for ftp wrong password tries? and is not 10 times to block, is just 3.
i cant understand it. 5 or 10 days is not enough?

god...

just say, "we cant protect our clients of this type attack".

is better.

i have a host "business" account, i think i deserve a better answer.

**Maxim M.** · 09-15-2011, 06:10 AM

What is your server? I have checked our Business hosting servers and the limit is 20 failed login attempts before an IP gets blocked.

It's a normal practice and a standard security measure to block IPs for multiple failed login attempts. This way we can protect the server from brute force attacks. As far as I know, there's no way a Firewall can determine whether an IP is dynamic or static. It just gets blocked to protect your or anyone else's account from a potential hacker.

So I'm afraid there's not much we can do in your situation. We are a responsible host and need to protect our servers. When multiple users from the same dynamic IP subnetwork are making failed login attempts, we'll be forced to block their IPs out one by one. That would be more like a mini DDoS attack with the login attempts traffic flood. I don't see a better way out of such situation.

Once again we're very sorry it's causing you inconvenience but we have to keep these restrictions to provide the highest level server security.

**davialbuquerque** · 09-15-2011, 09:11 AM

again ... permanently ... lol

**Tony** · 09-15-2011, 11:58 AM

Originally Posted by davialbuquerque

again ... permanently ... lol

He didn't exactly say 'permanently'. He just said you'll have to contact tech support to unblock specific IPs - presumably after you've verified it's safe to do so.

The good news is that this is a pretty rare event. I've never seen it happen on my own site. Spammers/hackers generally don't use common pool IPs.

**davialbuquerque** · 09-15-2011, 12:52 PM

Originally Posted by Tony

He didn't exactly say 'permanently'. He just said you'll have to contact tech support to unblock specific IPs - presumably after you've verified it's safe to do so.

The good news is that this is a pretty rare event. I've never seen it happen on my own site. Spammers/hackers generally don't use common pool IPs.

Ok, say me your site address, i will block some IPs, i promisse, my city will never view. good huh?

**Colin** · 09-26-2011, 01:58 PM

I think I see what he's talking about, the block is happening against the proxy IP for the service he, (and many others), are using to access the internet because the proxy doesn't pass along the internal IP address being used by all the customer's of the service.

**Tony** · 09-26-2011, 02:13 PM

Of course, the whole point of a proxy is to block that info. So what would be a solution? If you just unblock the proxy then whoever was screwing up before would have free rein.

**teddybeaver** · 09-28-2011, 12:31 AM

Is there any problem if we choose the networks with sharing. What are the chances of being hacked by some one if using the shared network.

**Colin** · 09-30-2011, 11:44 AM

About the same as being hacked by any other means.

What would worry me is an improperly configured proxy server serving a few hundred people behind it is the possibility of exposure of all connected clients to someone on the inside because it was setup as an internal network share.

**Alan B** · 09-30-2011, 01:00 PM

I think the OP is saying that he thinks his competitor might try to login to his (the OP's) site several times, solely to get access to the OP's site blocked for everyone in that town on that network. Has it actually happened, or is this just paranoia?

Thread: Block IP Rule

LinkBack

Thread Tools

Display

Block IP Rule

Posting Permissions