ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

Best program for filtering access to website by IP address

<< < (2/3) > >>

Stoic Joker:
Um...

Tghis is a small website that is only up for the people who work here to use.-questorfla (February 26, 2015, 02:30 PM)
--- End quote ---

So now we go from singular...

That seems like kind of an odd thing to need for a web server ... How much unwanted traffic are you getting??

Chances are if it's that high, there is a reason for it that needs to be solved...not filtered.
-Stoic Joker (February 26, 2015, 06:15 PM)
--- End quote ---

not so much but it is annoying to see malwarebytes blocking a single ip as Malicious when it hits the sites over and over.
there are 100 sites total on one server-questorfla (February 27, 2015, 10:31 PM)
--- End quote ---

...To incredibly not singular.

Which compels me to re-stress the initial question ... What problem are we trying to solve??

I can't fathom that you have 100 sites for employee use only. So I'm guessing that you have a single site on a shared host for the staff to use. And under the as described circumstances...that's very (very...) bad...for your companies domain name.

Here's why: Some Email black lists - most actually - work off the IP address given in the MX records only. However others - and by that I mean just enough to really screw you royally - work off of the IP address of the root domain name. So, if MBAM - a strictly client side filter - is flagging your employee site domain name, then Your Mail Server IS Black Listed by those filters that block based on the reputation of the root domain name.

I'm currently going through this with one of our clients. Their Email - which is hosted by MS Exchange Online (e.g. Microsoft itself) - has a completely flawless reputation. Yet they consistently get blacklist rejections from certain domains that use the root domain based filtering, because their website is currently hosted on a shared host that has a hacked website that got the IP address they are all behind blacklisted. You don't need an IP filter...you need a new host.

questorfla:
I'm sorry I guess i am not being clear on this yet.
The websites are more like Private FTP sites.  They are each reached by a different name in the web-link.  Going to the main IP gets you nowhere as it is blocked.  You have to enbter the sdite through a specifric ip/site name/sub-site/sub-site folder.
It is true that all these ARE served by the Same IP.

Malwarebytes alerts me when that IP is pinged or in other ways hit by an IP it considered "malicious"  I have no idea how it determines that but I trust the program.
There would be hundreds maybe thousands of legit IPS that give me no problem but i get an alert flag every time an IP considered as Malicious attempts to connect.
Whether it is trying to use the main ip, a subset of the domain entry points or whsatever, malware bytes it telling me i dont eant that IP connecting at all forany reason

I have seen these same warnings on a regular system doing nothing unusual.

I just wanted to see if "I" could block the IP address myself without depending on MBAM to do it.
on OUR web server we used to have a program called IP-BAN that would let you specific whole groups of IP's to simply deny access to to avoid DOS attacks

We are not having issues it just annoys me to see the MBAM waring popup

Stoic Joker:
I just wanted to see if "I" could block the IP address myself without depending on MBAM to do it.
on OUR web server we used to have a program called IP-BAN that would let you specific whole groups of IP's to simply deny access to to avoid DOS attacks

We are not having issues it just annoys me to see the MBAM waring popup
-questorfla (March 02, 2015, 02:22 AM)
--- End quote ---

Okay... O_o How is MBAM responding to activity that is happening on the web (which is now sort of an FTP) server?? Are you running MBAM on the server itself? Because it's really not for that - unless you're talking about an entirely different MBAM than I'm thinking of.

questorfla:
https://www.malwarebytes.org/business/antimalware/

I guess this is a new product maybe?  Anyway it said it was to be used as I am using it.
This is not a big deal, just an annoyance as MBAM plainly told me it blocked the malicious IP so I guess I could just ignore that even though the warning appears maybe 40 times in 5 minutes or less.  My plan was to do the same thing we did on the mail server with IPBAN.   But I am not sure they even have a current product.  2013 was the last year I see anything about them.

Stoic Joker:
https://www.malwarebytes.org/business/antimalware/

I guess this is a new product maybe?  Anyway it said it was to be used as I am using it.-questorfla (March 02, 2015, 10:58 AM)
--- End quote ---

That's still a strictly client side filter. It is not designed to be filtering traffic that is going to a server. It has a server component...yes ... But that is only for the centralized management of the client machines, and their client side traffic. If anything it may be getting confused by site requests flipping between internal and external IP addresses...causing it to FP.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version