FaunaClassifieds
Page 1 of 3 1 23 >
Show 40 post(s) from this thread on one page

FaunaClassifieds (https://www.faunaclassifieds.com/forums/index.php)
-   FaunaClassifieds Site HELP & Feedback Forum (https://www.faunaclassifieds.com/forums/forumdisplay.php?f=44)
-   -   Lots of guests today... (https://www.faunaclassifieds.com/forums/showthread.php?t=707990)

WebSlave 11-01-2019 01:21 PM
Lots of guests today...
 
Quote:
Currently Active Users: 15406 (256 members and 15150 guests)

Most users ever online at the same time was 16,625, 11-01-2019 at 12:03 PM.

:shrug01:

bcr229 11-01-2019 01:35 PM
Any indication that this is an attack of some sort, e.g. DNS?

WebSlave 11-01-2019 02:08 PM
I'm not really sure. Hasn't impacted the server stats much at all. The guys taking care of my server are top notch at hardening servers against intrusions, so I don't worry much about that any more.

Looks like most of the guests were trying to view the profiles of all the members. But of course, they are blocked from doing that by the way I have the permissions set up.

So likely maybe some "google wannabe" new site hasn't fine tuned their spider searching algorithm yet.

But it sure does screw up the statistics trying to figure out what the TRUE number of visiting guests is to this site on any given day.

WebSlave 11-02-2019 07:29 PM
But wait! There's more!

Quote:
Currently Active Users: 20783 (247 members and 20536 guests)
View Who's Online
Most users ever online at the same time was 22,344, 11-02-2019 at 12:30 AM.

WebSlave 11-02-2019 07:46 PM
Just did a spot check of the IP addresses of some "guests" and nearly all of them are originating out of China.

Nice that the folks in China have taken such an interest in the membership here. :hehe:

Several loading stats are rather modest, so this doesn't seem to be having any notable effect on the server's functioning. But if it does get to that, I found a site a while back (hopefully I can find it again if need be) that gave a list of ALL IP addresses in China in a format to plug into the server's WHM panel to ban them all at the door.

IslandLizards 11-04-2019 01:51 PM
Quote:
Originally Posted by WebSlave (Post 2174223)
Just did a spot check of the IP addresses of some "guests" and nearly all of them are originating out of China.

Nice that the folks in China have taken such an interest in the membership here. :hehe:

Several loading stats are rather modest, so this doesn't seem to be having any notable effect on the server's functioning. But if it does get to that, I found a site a while back (hopefully I can find it again if need be) that gave a list of ALL IP addresses in China in a format to plug into the server's WHM panel to ban them all at the door.
I have/manage multiple dedicated servers in different data centers around the US. Some of them are running WHM.

In WHM:
1. On left under Plugins > ConfigServer Security & Firewall
2. Under the "csf - ConfigServer Firewall" section > Firewall Configuration
Look for the section called "Country Code Lists and Settings"
In teh "CC_DENY =" field place the country code. Multiple can be separated by comma. China is CN. Here is a list of all codes for reference: https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2

3. Scroll to the bottom of the Firewall Configuration page and click on the Change
4. When the page refreshes, click Restart csf+lfd button to restart CSF with new settings.

Let me know if you have any questions.

WebSlave 11-04-2019 11:17 PM
Quote:
Originally Posted by IslandLizards (Post 2174523)
I have/manage multiple dedicated servers in different data centers around the US. Some of them are running WHM.

In WHM:
1. On left under Plugins > ConfigServer Security & Firewall
2. Under the "csf - ConfigServer Firewall" section > Firewall Configuration
Look for the section called "Country Code Lists and Settings"
In teh "CC_DENY =" field place the country code. Multiple can be separated by comma. China is CN. Here is a list of all codes for reference: https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2

3. Scroll to the bottom of the Firewall Configuration page and click on the Change
4. When the page refreshes, click Restart csf+lfd button to restart CSF with new settings.

Let me know if you have any questions.
Thank you! That tip is pretty handy to have available. Never noticed it in WHM before, as the last time I looked into something like that I had to key in every IP address related to the country to be blocked.

IslandLizards 11-05-2019 12:06 AM
Quote:
Originally Posted by WebSlave (Post 2174617)
Thank you! That tip is pretty handy to have available. Never noticed it in WHM before, as the last time I looked into something like that I had to key in every IP address related to the country to be blocked.
Ha. Yeah manual IP entry gets old super quick.

WebSlave 01-20-2020 03:09 PM
1 Attachment(s)
Looks like we are getting a flood again...

WebSlave 01-20-2020 03:16 PM
BTW, I did look into the WHM option to deny IP addresses based on country codes, and I noticed this warning:
Quote:
WARNING: Some of the CIDR lists are huge and each one requires a rule within
the incoming iptables chain. This can result in significant performance
overheads and could render the server inaccessible in some circumstances. For
this reason (amongst others) we do not recommend using these options.
Based on the huge number of IP addresses likely involved, this does not appear to be a feasible plan to implement, unfortunately. Unless I am being overly cautious, of course.


All times are GMT -4. The time now is 07:36 PM.
Page 1 of 3 1 23 >
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.

Page generated in 0.05960798 seconds with 9 queries

Content copyrighted ©2002-2022, FaunaClassifieds, LLC