1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ip blocking

Discussion in 'Cisco/Linksys Wireless Routers' started by MontanaBighorn, Jan 1, 2007.

  1. MontanaBighorn

    MontanaBighorn LI Guru Member

    i run several websites out of my home on a commercial cable backbone. my windows 2000 server webserver sits behind a linksys WRT54G router with port 80 forwarded to my webserver. everything has been smooth until recently when someone from china has launched a 24/7 automated attack, trying to log into my webserver as administrator via port 80 (2 to 3 attempts per second). here is a small sample of what my logs look like:

    #Software: Microsoft Internet Information Services 5.0
    #Version: 1.0
    #Date: 2006-10-10 01:49:08
    #Fields: time c-ip cs-method cs-uri-stem sc-status
    01:49:08 211.93.134.228 [9]USER Administrator 331
    01:49:08 211.93.134.228 [9]PASS - 530
    01:49:08 211.93.134.228 [9]USER Administrator 331
    01:49:10 211.93.134.228 [9]PASS - 530
    01:49:10 211.93.134.228 [9]USER Administrator 331
    01:49:10 211.93.134.228 [9]PASS - 530
    01:49:11 211.93.134.228 [9]USER Administrator 331
    01:49:11 211.93.134.228 [9]PASS - 530
    01:49:11 211.93.134.228 [9]USER Administrator 331
    01:49:13 211.93.134.228 [9]PASS - 530
    01:49:13 211.93.134.228 [9]USER Administrator 331
    01:49:13 211.93.134.228 [9]PASS - 530
    01:49:14 211.93.134.228 [9]USER Administrator 331
    01:49:14 211.93.134.228 [9]PASS - 530
    01:49:14 211.93.134.228 [9]USER Administrator 331
    01:49:16 211.93.134.228 [9]PASS - 530
    01:49:16 211.93.134.228 [9]USER Administrator 331
    01:49:16 211.93.134.228 [9]PASS - 530
    01:49:17 211.93.134.228 [9]USER Administrator 331
    01:49:17 211.93.134.228 [9]PASS - 530
    01:49:17 211.93.134.228 [9]USER Administrator 331
    01:49:18 211.93.134.228 [9]PASS - 530
    01:49:18 211.93.134.228 [9]USER Administrator 331
    01:49:18 211.93.134.228 [9]PASS - 530
    01:49:20 211.93.134.228 [9]USER Administrator 331
    01:49:20 211.93.134.228 [9]PASS - 530
    01:49:20 211.93.134.228 [9]USER Administrator 331
    01:49:21 211.93.134.228 [9]PASS - 530
    01:49:21 211.93.134.228 [9]USER Administrator 331
    01:49:21 211.93.134.228 [9]PASS - 530
    01:49:22 211.93.134.228 [9]USER Administrator 331
    01:49:22 211.93.134.228 [9]PASS - 530
    01:49:22 211.93.134.228 [9]USER Administrator 331
    01:49:23 211.93.134.228 [9]PASS - 530
    01:49:23 211.93.134.228 [9]USER Administrator 331
    01:49:23 211.93.134.228 [9]PASS - 530
    01:49:25 211.93.134.228 [9]USER Administrator 331
    01:49:25 211.93.134.228 [9]PASS - 530

    this goes on and on 24/7 without stopping and its making a considerable impact on my server performance that hosts multiple DB driven forums. my ISP cant do anything, i cant even get them to block requests from that IP.

    id like to be able to put this IP into my router and have my router simply block all requests that originate from it. the original firmware doesnt have this capability, but im told that open source firmware upgrades do. id like to upgrade my firmware (preferably with an auto-updater) with a version that will do everything the original firmware does, and also will let me block requests by IP address. any help in solving this would be much appreciated.
    thanks,
     
  2. sufrano63

    sufrano63 Network Guru Member

  3. MontanaBighorn

    MontanaBighorn LI Guru Member

    thank you. where would you recommend that i download dd-wrt, and is there any documentation to teach me how to use it?
     
  4. sufrano63

    sufrano63 Network Guru Member

  5. MontanaBighorn

    MontanaBighorn LI Guru Member

    all i need is the IP block capability. is there any reason i should download one version over another? any auto-updaters available?

    once again, thank you very much for helping me solve this issue.
     
  6. sufrano63

    sufrano63 Network Guru Member

    Read the first few sections of the FAQ http://www.dd-wrt.com/wiki/index.php/Index:FAQ
    Once you've read the first few sections of the wiki FAQ, then I recommend upgrading to the v23 sp2 final version http://www.dd-wrt.com/dd-wrtv2/downloads.php
    upgrading FW is very easy via web GUI

    Good Luck
     
  7. MontanaBighorn

    MontanaBighorn LI Guru Member

    i did a successful firmware upgrade. now when i log onto my router page i get the default page. when i attempt to go into the setup tab (or any other tab) it prompts me for a password. im using the default username "root" and the default password "admin" but its not accepting it. im digging through documents looking for a solution. any ideas?
    thanks,
     
  8. MontanaBighorn

    MontanaBighorn LI Guru Member

    nevermind, a reset did the trick.
     

Share This Page