Welcome to RWG - Fine watches, great people

Register now to gain access to all of our features. Once registered and logged in, you will be able to contribute to this site by submitting your own content or replying to existing content. You'll be able to customize your profile, receive reputation points as a reward for submitting content, while also communicating with other members via your own private inbox, plus much more!

This message will be removed once you have signed in.


freddy333

RWG Crew
  • Content count

    15,102
  • Joined

  • Last visited

  • Days Won

    57

freddy333 last won the day on January 31

freddy333 had the most liked content!

Community Reputation

965 Excellent

About freddy333

  • Rank
    POWERMAX!!!
  • Birthday

Previous Fields

  • Country
    United States

Contact Methods

  • ICQ
    0

Profile Information

  • Gender
    Male

Recent Profile Visitors

5,511 profile views
  1. The $64,000 question remains - How do I block them on a freeBSD server, when /.htaccess & pf.conf failed?
  2. Thanks & that may be useful in the future once I figure out how to block these 2 single IPs.
  3. Does this tell you if I need to reconfigure that line in pc.conf -
  4. Unfortunately, service does not appear to be installed on our server either. I may be grabbing at straws, but I wonder if the bolded line from post 14 in your original web link refers to a port number? # External ext_if = "em1" set loginterface $ext_if set block-policy drop The reason I ask is because pf.conf seems to be running, but it has no affect on these IPs. & I am not sure what "em1" is? If it is a port, how do I know it is the correct port for our server?
  5. I followed the instructions in post 14 from that 'how to block ip in freebsd' (creating a new pf.conf) & got it running, but it has no affect on these IPs. They continue processing some type of mail program. Any other suggestions? Or, do you know any BSD admins who would be willing to take a look? At this point, whatever it is that these miscreants are running on our server, it is slowing the server to a crawl.
  6. I do not know if this will be relevant for your experience, but the server's firewall is /etc/ipf.rules. The guy who setup the server configured the ipf.rules to block all logins except my local IP. So whenever I change my IP (roughly monthy), I have to edit ipf.rules to reflect this, so I can login for maintenance. Up until a few days ago, for the 20 years the server has been online, I have never seen anyone able to do what these guys are doing. Anyway, is there anything similar to your iptables command that will work for ipf.rules? I think you are on to something.... I did find a pf.conf, but the commands listed on that web page are a bit too advanced for me since it has been so long since I dabbled. Question - In post 14 on that page, I am confused when the author says ' Paste this into a new copy of your '/etc/pf.conf''. Do you think he means to replace the original pf.conf or just copy/paste his code into the existing pf.conf?
  7. Thank you for your time & please let me know if you can think of any other options.
  8. Without sudo, I got: iptables: Command not found
  9. While that IP is active on the server, I issued the sudo command 3 times to be sure I was not mistyping it, but it returned: sudo: not found I also tried it as root, but got: sudo: Command not found
  10. docthor - Will this permanently block the IP? Also, while that IP is nearly constant, there are a handful of others that appear once every few hours, so can I use the same command for them, too. In the meantime, thank you!
  11. I am fairly certain it is & I do think it is something more complex than that, but the guy who has been administering our servers retired & it has been many years since I have maintained a Unix box. If you can direct me, I will check SMTP authentication.
  12. This has nothing to do with RWG... This is a mail server unrelated to RWG. If you know what a DOS attack is, then you can see that this is not that. Based on the screenshot, I think they are using our server to send email to or through AOL. But, more than that, I do not know. Finding out what that error in the screenshot means is why I posted here. Anyone with Unix admin experience see this error before & know how to permanently block these 2 IPs (the .htaccess in / is not affecting them).
  13. For the past several days, I have been seeing a significant rise in activity on our FreeBSD mail server. So, today, I began running netstat -an | more to see who is doing what. I found 2 IPs (64.12.88.131 & 64.12.88.163 - both AOL IPs... though I suspect it is the same person) logging in every few minutes. When I see them on, I disconnect them with tcpdrop. I have also added 64.12.88 to the .htaccess in the root... but they continue to reappear. Just a few minutes ago, I noticed that when I tcpdrop'd them, the following message would appear (I'm logged in as root at the console & the root account is disabled on the network side) & it looks like this person was attempting to either send or generate email through our server (even though I am the only user logged on). Can anyone recommend a more permanent way to block these IPs or how to prohibit them from generating AOL email through our server?
  14. Looks to be of recent (Asian) vintage........ $130, without knowing what is inside, would be a more accurate value.
  15. Ditto ceejay's comments. I don't see any obvious issues with the hairspring.