Banned IP users get info page - its possible?

nabuhonodozor
Junior Member
Posts: 48
Joined: 29 Oct 2007, 07:01

Banned IP users get info page - its possible?

Post by nabuhonodozor »

Hi,
It is possible to change CSF in such a way that users from banned IP can see info page?
I mean lastly I had few clients complaining about server non working, but it turn out they IP was blocked because of their fault (wrong cpanel/ftp/pop3 password) :rolleyes: .
In this case customers are pointless and dont know what to do. I would like to give them some option/ info about it.

Its possible?

Best,
Piotr
chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Post by chirpy »

I doubt it as I'm not aware of any such facility in iptables or how you'd even approach it for differing protocols.
MattsHosting
Junior Member
Posts: 9
Joined: 04 May 2008, 15:54

this would be possible

Post by MattsHosting »

this would be possible if you was using htaccess nstead of iptable firewall , somthing chirpy could look in to ,

using the deny parameters in htaccess and redirects but this would involve writting the file to each users area if you was a shared hosting host


i did make somthing similar but dint get it fully done as i didnt no how to intergrate in to cpanel :P my bad
SoftDux
Junior Member
Posts: 71
Joined: 11 Dec 2006, 14:03
Contact:

Post by SoftDux »

this sounds like a good option to have. I've had a few instances where a users had repeated failed logins, and then his IP got banned. Then he thought he's site was broken, so the support overhead in this case was more than expected.
chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Post by chirpy »

I'm looking into a possible solution for this, but it will likely be some time in development.
wolf
Junior Member
Posts: 51
Joined: 13 Jul 2007, 14:19
Contact:

Post by wolf »

perhaps you could use more than one dns server , the 2nd, alternate dns address pair pointing to a different box with a special page for banned users. might want to make the alt, address dns entry with a very low TTL/refresh setting as so users dont cache the entry too long. I haven't tried this, It was just an idea off the top of my head dns name pairs would be set at the registrar of course.

Does anyone know if this would or wouldn't work? I haven't played with dns much. Might try some experimenting if I get some free time :)
deadeye
Junior Member
Posts: 61
Joined: 05 Jan 2007, 04:35
Contact:

Post by deadeye »

Maybe Im just paranoid, but it seems to me that giving a banned IP any sort of response means allowing an active connection to the server which an attacker could possible exploit. I think I'd rather deal with the support overhead and rest assured that anyone blocked by the firewall is really blocked.
JDStallings
Junior Member
Posts: 56
Joined: 10 Dec 2006, 10:04

Post by JDStallings »

This would be a way to do it if anyone has written such a script or volunteers.. LOL..

I have some PHP and could part of it, but would have problems when IP TABLES show a block on a segment. Take something like 156.0.0.0/9 and trying to figure out if 156.21.31.22 is part of that in a script is beyond me right now.

But was wondering if anyone has written a PHP or CGI that would look at the IP tables and report back to someone what ports are being blocked for their IP address.

So when they go to a URL, it checks the IP TABLES for their IP address and reports all the blocks and why they are blocked... ie.. spammer, hacker, or temp block.

This would work for everything except a port 80 or total block unless two things....

You have another URL on a backup server they can check and that server gets an FTP or transmit of the IP TABLES from the main server every x minutes. This would actually allow them to see total blocks as well as port 80,443 blocks.

With the new CSF 4.0, the information being presented to the blocked party ... might be able to give them the URL to check their blocks or even forward them to it.

Comments?
chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Post by chirpy »

deadeye wrote:Maybe Im just paranoid, but it seems to me that giving a banned IP any sort of response means allowing an active connection to the server which an attacker could possible exploit. I think I'd rather deal with the support overhead and rest assured that anyone blocked by the firewall is really blocked.
I agree.

However, the request has been made and for some it may make sense from a support POV, which is why I've added the new Messenger functionality that appears in the v4 beta.

Anything beyond what the Messenger service provides could be fraught with security implications, especially revealing to the person blocked the reason for the block, etc.
nabuhonodozor
Junior Member
Posts: 48
Joined: 29 Oct 2007, 07:01

Post by nabuhonodozor »

Hi Chirpy,
I saw new CSF 4b description and found You R working on that feature.
Thats great news!
I wonder If I can use it - I am on VPS, CENTOS Enterprise 4.6 i686 on virtuozzo (thats what my WHM tells..)
Best regards,
piotr
Post Reply