Jump to content

Why have I spent 3/7 days unable to log in?


NPTim
 Share

Recommended Posts

  • Administrators

I have a security feature in use that blocks access to the server from all but a few select countries. This prevents the overwhelming majority of hack attempts, but the system is apparently causing problems. I think the system is intermittently throwing false-positives for allowed ip blocks. I've disabled it. There shouldn't be any more trouble with connectivity. Sorry for the trouble.

  • Like 3
  • Thanks 1
Link to comment
Share on other sites

I’m on duck duck go primarily, but it also does it on safari. I hate to think we are now susceptible to hacking now. Was I the only one? If so, what can I do so I don’t screw it up for the rest of y’all?

Link to comment
Share on other sites

13 minutes ago, NPTim said:

I’m on duck duck go primarily, but it also does it on safari. I hate to think we are now susceptible to hacking now. Was I the only one? If so, what can I do so I don’t screw it up for the rest of y’all?

There were occasions when duck duck go would not work for me but chrome did. Not just on this site either.

  • Thanks 1
Link to comment
Share on other sites

  • Administrators
9 minutes ago, NPTim said:

I’m on duck duck go primarily, but it also does it on safari. I hate to think we are now susceptible to hacking now. Was I the only one? If so, what can I do so I don’t screw it up for the rest of y’all?

I didn't open the front door to the hackers, or anything. Being able to block other countries was just icing on the cake. I can still block select countries, without causing the false-positives. I just can't block them all, in one stroke. The number of ip blocks is truly enormous and they are always changing.

  • Like 2
  • Confused 1
Link to comment
Share on other sites

1 hour ago, Eric said:

I have a security feature in use that blocks access to the server from all but a few select countries. This prevents the overwhelming majority of hack attempts, but the system is apparently causing problems. I think the system is intermittently throwing false-positives for allowed ip blocks. I've disabled it. There shouldn't be any more trouble with connectivity. Sorry for the trouble.

Laugh.  I guessed right.  :)

Eric you have a wide verity of skills, sir.

Well...done.

  • Like 1
Link to comment
Share on other sites

  • Administrators

OK, I've blocked the 75 countries where the most hack/phishing/malware/etc attempts come from. I don't think this will put an undue strain on the server or block anyone unduly.

If any of you have any more trouble getting blocked from accessing the site, please email me. My personal address is eric d powell at Earthlink dot net . If I put the actual email adress it, spiders will harvest it. If you have to email me, please replace the 'at' and the 'dot' with the appropriate punctuation and remove any spaces. Thanks.

  • Like 2
Link to comment
Share on other sites

1 minute ago, Eric said:

OK, I've blocked the 75 countries where the most hack/phishing/malware/etc attempts come from. I don't think this will put an undue strain on the server or block anyone unduly.

 

Eric, your down time as a percentage is nonexistent compared to your up time.

  • Like 3
Link to comment
Share on other sites

  • Administrators
Just now, Historian said:

Eric, your down time as a percentage is nonexistent compared to your up time.

I hate catching a legitimate member in a security net though. I wish there was a more precise, reliable tool to block access to foreign countries. The vast majority has no need or desire to access anything on my server. It irritates me to have it sitting there, open to their attempts to exploit it. It is a big enough job dealing with the scumbags in this country(Or who operate through proxies here).

  • Like 1
Link to comment
Share on other sites

Just now, Eric said:

I hate catching a legitimate member in a security net though. I wish there was a more precise, reliable tool to block access to foreign countries. The vast majority has no need or desire to access anything on my server. It irritates me to have it sitting there, open to their attempts to exploit it. It is a big enough job dealing with the scumbags in this country(Or who operate through proxies here).

Totally understandable.  We block the same way where i work.  Sometimes we catch the wrong people  One streaming video company we use constantly changes IP addresses and as a result we're always catching up with the changes. 

But blocking regions is honestly the only way you're going to keep from being heavily hacked.   No one but you should access your server.

Link to comment
Share on other sites

  • Administrators
3 minutes ago, Historian said:

Totally understandable.  We block the same way where i work.  Sometimes we catch the wrong people  One streaming video company we use constantly changes IP addresses and as a result we're always catching up with the changes. 

But blocking regions is honestly the only way you're going to keep from being heavily hacked.   No one but you should access your server.

It isn't ideal to just block the nations I just blocked, but they do account for the lion's share of Internet threats and there will be a greatly reduced liklihood of blocking the wrong people this way. I've thought about building a landing page  that those that get blocked would be directed to, to give them a path to contact me. I don't know. It might be more trouble than it's worth. Maybe it's worth a try though. I could always whitelist people, under special circumstances.

Link to comment
Share on other sites

  • Administrators

Anyone who has had a problem with this, please make a note of the email address I mentioned above. If you end up needing it, you won't be able to access the site to get it. I would appreciate the heads-up, if any of you get blocked again. Thanks.

Link to comment
Share on other sites

Most of those hackers try to log in via FTP, POP or SSH. Look into fail2ban, it throws every IP into the drop section of iptables after an x amount of failed logins. My servers are configured to ban indefinitely right after the first fail. The banned IPs stack up quickly. Over 3,000 within the first day, thanks to the shithole called China.

Those geo IP range databases are not accurate. RIPE changes ranges all the time.

Edited by crockett
Link to comment
Share on other sites

  • Administrators
Just now, crockett said:

Most of those hackers try to log in via FTP, POP or SSH. Loom into fail2ban, it throws every IP into the drop section of iptables after an x amount of failed logins. Mine are servers are configured to ban indefinitely right after the first fail. The banned IPs stack up quickly. Over 3,000 within the first day, thanks to the ****hole called China.

Those geo IP range databases are not accurate. RIPE changes ranges all the time.

I've got very little that is listening and accessible outside the firewall.

The thing with geo IP blocking, I've had the system in use for years and have had no troublecwith it, until a couple of months ago. Something changed somewhere and all of a sudden I've got random members getting blocked intermittently, from a variety of locations. My cellular ip got blocked once, but it hasn't repeated. There doesn't seem to be a pattern to who is getting blocked and when.

Link to comment
Share on other sites

1 minute ago, Eric said:

I've got very little that is listening and accessible outside the firewall.

The thing with geo IP blocking, I've had the system in use for years and have had no troublecwith it, until a couple of months ago. Something changed somewhere and all of a sudden I've got random members getting blocked intermittently, from a variety of locations. My cellular ip got blocked once, but it hasn't repeated. There doesn't seem to be a pattern to who is getting blocked and when.

How frequently does that geo IP list get updated and downloaded? Maybe they stopped maintaining that list?

Link to comment
Share on other sites

  • Administrators
Just now, crockett said:

How frequently does that geo IP list get updated and downloaded? Maybe they stopped maintaining that list?

I don't know. I'm not even sure that the IP list is the problem. A component of the system that downloads, parses the list and builds the local database could be screwing up. There is too much of it that I have no control over to know what exactly is occurring.

Link to comment
Share on other sites

1 minute ago, Eric said:

I don't know. I'm not even sure that the IP list is the problem. A component of the system that downloads, parses the list and builds the local database could be screwing up. There is too much of it that I have no control over to know what exactly is occurring.

I used a free geo IP database solution once a few years ago and blocked everything from Asia, South America, Africa and east of Europe. Soon I had customers not being able to place orders. I tried to fix it for a couple days but found out that too many US ranges ended up in the block list. Paid for versions may be better...

  • Like 1
Link to comment
Share on other sites

51 minutes ago, Eric said:

It isn't ideal to just block the nations I just blocked, but they do account for the lion's share of Internet threats and there will be a greatly reduced liklihood of blocking the wrong people this way. I've thought about building a landing page  that those that get blocked would be directed to, to give them a path to contact me. I don't know. It might be more trouble than it's worth. Maybe it's worth a try though. I could always whitelist people, under special circumstances.

Edge security. Most of the problems are coming from outside the US...but not entirely.   It's hard to provide access at the same time deal with security. 

Not sure there are that many people from Russia, China, North Korea that want to visit TBS.

  • Like 1
Link to comment
Share on other sites

The hackers don't target sites by content, but as one of a large list of IP addresses with a port that  they can poke a hole in.

It is like telemarketers dialing consecutive phone numbers until they get an answer.

But, you already know that.  :biggrin:

 

Just a note to you young'uns.  Using WiFi is like having a glass front  door with no lock and stacks of money on the coffee table just inside.  The bad people don't even have to work that hard to get to you.

Link to comment
Share on other sites

2 hours ago, tous said:

Just a note to you young'uns.  Using WiFi is like having a glass front  door with no lock and stacks of money on the coffee table just inside.  The bad people don't even have to work that hard to get to you.

Our local coffee shop has good WiFi and it is amazing the number of people of all age using it with no security.  I have the Fling App installed on my phone and once in a while I use it just to see how many people are using their WiFi.  It tells me their IP address, MAC address, device name, model, vendor.  I don't think people really have a clue, sometime it will even reveal the owners name like "Susan's Apple Pro". 

  • Like 1
Link to comment
Share on other sites

5 hours ago, NPTim said:

In the past 7 days, I have been unable to open the website 3 of those days. 

Are you talking about logging in to the website, or just opening it? If the problem is logging in, ther is an option to stay logged in. If it's opening teh website, I have teh same problem. Thew first time it happened, nothing happened when I clicked on my bookmark, and nothing happened when I googled The Bore Site and I tried it with three different browsers.

After about 5 days, I had to re-boot my computer, shutting it down completely. Then a couple of days after that I tried clicking my bookmark for TBS and it worked! Then another week went by and I couldn't open this website agai. so I re-booted an dstill couldn't open the website. But then the next day, it worked and now it's been OK for another week or so.

Edit: I don't use wifi and I have a desktop computer that's connected to cable by a local provider

Edited by Borg warner
Link to comment
Share on other sites

Just now, Borg warner said:

Are you talking about logging in to the website, or just opening it? If the problem is logging in, ther is an option to stay logged in. If it's opening teh website, I have teh same problem. Thew first time it happened, othin ghappened when I clicked on my bookmark, and nothing happened when I googled The Bore Site and I tried it with three different browsers.

After about 5 days, I had to re-boot my computer, shutting it down completely. Then a couple of days after that I tried clicking my bookmark for TBS and it worked! Then another week went by and I couldn't open this website agai. so I re-booted an dstill couldn't open the website. But then the next day, it worked and now it's been OK for another week or so.

Opening

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Please Donate To TBS

    Please donate to TBS.
    Your support is needed and it is greatly appreciated.
×
×
  • Create New...