Hi,
a couple of days ago The_29 suggested a solution which can be found here: http://www.wl500g.info/showthread.php?t=16105
Hi,
I have the last version from olegs firmware on my asus wl500gP.
I set connection limit to "2" and I cannot connect to my FTP because connection limit is reached.
It seems that there is somebody connected because I have in my sys logs the folowing lines...
Is there anybody that knows how I can stop/block this "211.48.190.67" IP?
Is there anything as spam blocker beside firewall...?
Code:vsftpd[17532]: CONNECT: Client "211.48.190.67" Sep 23 22:43:41 vsftpd[17531]: [Administrator] FAIL LOGIN: Client "211.48.190.67" Sep 23 22:43:43 vsftpd[17531]: [Administrator] FAIL LOGIN: Client "211.48.190.67" Sep 23 22:43:45 vsftpd[17531]: [Administrator] FAIL LOGIN: Client "211.48.190.67" Sep 23 22:43:46 vsftpd[17534]: CONNECT: Client "211.48.190.67" Sep 23 22:43:47 vsftpd[17533]: [Administrator] FAIL LOGIN: Client "211.48.190.67" Sep 23 22:43:49 vsftpd[17533]: [Administrator] FAIL LOGIN: Client "211.48.190.67" Sep 23 22:43:50 vsftpd[17533]: [Administrator] FAIL LOGIN: Client "211.48.190.67" Sep 23 22:43:52 vsftpd[17536]: CONNECT: Client "211.48.190.67" Sep 23 22:43:53 vsftpd[17535]: [Administrator] FAIL LOGIN: Client "211.48.190.67" Sep 23 22:43:54 vsftpd[17535]: [Administrator] FAIL LOGIN: Client "211.48.190.67" .......................... ......................... .......................... vsftpd[18443]: CONNECT: Client "211.48.190.67" Sep 23 23:03:40 vsftpd[18442]: [Administrator] FAIL LOGIN: Client "211.48.190.67" Sep 23 23:03:42 vsftpd[18442]: [Administrator] FAIL LOGIN: Client "211.48.190.67" Sep 23 23:03:44 vsftpd[18442]: [Administrator] FAIL LOGIN: Client "211.48.190.67" Sep 23 23:03:45 vsftpd[18445]: CONNECT: Client "211.48.190.67" Sep 23 23:03:46 vsftpd[18444]: [Administrator] FAIL LOGIN: Client "211.48.190.67" Sep 23 23:03:48 vsftpd[18444]: [Administrator] FAIL LOGIN: Client "211.48.190.67" Sep 23 23:03:49 vsftpd[18444]: [Administrator] FAIL LOGIN: Client "211.48.190.67" Sep 23 23:03:51 vsftpd[18447]: CONNECT: Client "211.48.190.67" Sep 23 23:03:52 vsftpd[18446]: [Administrator] FAIL LOGIN: Client "211.48.190.67" Sep 23 23:03:53 vsftpd[18446]: [Administrator] FAIL LOGIN: Client "211.48.190.67" Sep 23 23:03:55 vsftpd[18446]: [Administrator] FAIL LOGIN: Client "211.48.190.67"
Hi,
a couple of days ago The_29 suggested a solution which can be found here: http://www.wl500g.info/showthread.php?t=16105
WL500g Premium v1 Oleg 1.9.2.7-10 500gb hdd [storage-disk] - 250gb hdd [download-disk]
Transmission HellaNZB mysql php lighttpd myphpadmin samba AIOCP CMSimple AmpJuke ADOS
HeadStart
How to measure Energy consumption
i'm encoutering the same type of problem but through dropbear
any help is appreciatedCode:Sep 24 11:06:04 dropbear[11737]: login attempt for nonexistent user from ::ffff:210.207.177.231:51565 Sep 24 11:06:05 dropbear[11737]: exit before auth: Disconnect received Sep 24 11:06:08 dropbear[11744]: login attempt for nonexistent user from ::ffff:210.207.177.231:51718 Sep 24 11:06:10 dropbear[11744]: exit before auth: Disconnect received Sep 24 11:06:13 dropbear[11745]: login attempt for nonexistent user from ::ffff:210.207.177.231:51877 Sep 24 11:06:15 dropbear[11745]: exit before auth: Disconnect received Sep 24 11:06:18 dropbear[11746]: login attempt for nonexistent user from ::ffff:210.207.177.231:52035 Sep 24 11:06:19 dropbear[11746]: exit before auth: Disconnect received Sep 24 11:06:23 dropbear[11747]: login attempt for nonexistent user from ::ffff:210.207.177.231:52194 Sep 24 11:06:24 dropbear[11747]: exit before auth: Disconnect received Sep 24 11:06:28 dropbear[11748]: login attempt for nonexistent user from ::ffff:210.207.177.231:52354 Sep 24 11:06:30 dropbear[11748]: exit before auth: Disconnect received Sep 24 11:06:34 dropbear[11749]: login attempt for nonexistent user from ::ffff:210.207.177.231:52513 Sep 24 11:06:35 dropbear[11749]: exit before auth: Disconnect received
Kenny,
the solution in post #2 should also work for you.
further you have port 22/23 open to the internet.
If you don't really need it, (putty access from somewhere else (the internet) than your house), close it.
WL500g Premium v1 Oleg 1.9.2.7-10 500gb hdd [storage-disk] - 250gb hdd [download-disk]
Transmission HellaNZB mysql php lighttpd myphpadmin samba AIOCP CMSimple AmpJuke ADOS
HeadStart
How to measure Energy consumption
These problems can be solved also using ipt_recent module of the iptables
iprecent never worked for me...
you can also try portforwarding on different ports
most hackers are stupid and just scan for obvious ports, so if you change them to some random ports, it's not likely to be noticed.
every program does send it's signature tho, so with an advanced scanner you can see wheather its ftp or dropbear.
However, for me it works pretty well At least for ssh.
Here I described my experience (in Russian, and in German )
http://wl500g.info/showpost.php?p=69964&postcount=63
http://wl500g.info/showpost.php?p=86141&postcount=7
finally i used the "dropbear-s" solution, is it the most secure of all?
Im using another port of dropbear with best results no attacks on SSH from the internet:
do not forgot change the port in putty / or create forwarding and deny SSH from webCode:dropbear -p 123
Code:iptables -t nat -A PREROUTING -i $1 -p tcp --dport 123 -j DNAT --to-destination $4:22
Last edited by gouryella; 12-10-2008 at 16:25.
RT-N13u dd-wrt | Toshiba 2.5" 160GB | pxe boot server