Announcement

Collapse
No announcement yet.

External address getting blocked after a few page views

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • External address getting blocked after a few page views

    I just downloaded and installed the last trial software and got some basics up and running (Insteon, Elk, RCS Thermo). Then i set up the webserver and was able to access HS from within my firewall from a different computer (laptop). Then i tried to access it with my AT&T Blackberry 8800. No problems for a few page views. But then got an error on the BB (502: Bad Gateway). I looked in the HS log and it is giving me an error:

    "IP Address xxx.xxx.xxx.xxx has been blocked from further access to the system" (xxx's are obvisouly a real IP)

    I can still access it from my laptop within the firewall.
    After restarting HS I am able to access it from my BB again for a few more page visits then get blocked again.

    Any ideas?

    Thanks in advance,
    Mark

  • #2
    This is being caused by new port probing blocking software built into HomeSeer.
    These settings can be adjusted using these 3 items added to your settings.ini file found in the config directory.
    [IPBlock]
    FailCount=3
    FailInterval=10
    BlockTime=2
    I can't remember the exact meanings of each of these but you should be able to adjust these to prevent this error.
    Last edited by Rupp; January 8th, 2009, 07:53 AM.
    -Rupp
    sigpic

    Comment


    • #3
      Originally posted by Rupp View Post
      This is being caused by new port probing blocking software built into HomeSeer.
      These settings can be adjusted using these 3 items added to your settings.ini file found in the config directly.
      [IPBlock]
      FailCount=3
      FailInterval=10
      BlockTime=2
      I can't remember the exact meanings of each of these but you should be able to adjust these to prevent this error.
      These don't seem to exist in 2.3.0.19. I've been having failed login attempts every few minutes all night and I wanted to adjust these settings.
      Real courage is not securing your Wi-Fi network.

      Comment


      • #4
        These are built in parameters in HomeSeer. If you add them it will override theses.
        -Rupp
        sigpic

        Comment


        • #5
          Didn't see anything in the release notes about this, my log gets full up with this.

          1/7/2009 11:07:57 PM - Web Server - IP Address 67.215.12.146 has been blocked from further access to the system.
          1/7/2009 11:37:31 PM - Web Server - IP Address 89.163.145.92 has been blocked from further access to the system.
          1/7/2009 11:37:57 PM - Web Server - IP Address 67.215.12.146 has been re-enabled for access to the system.
          1/7/2009 11:52:42 PM - Web Server - IP Address 209.160.64.190 has been blocked from further access to the system.
          1/7/2009 11:56:35 PM - Web Server - IP Address 193.93.173.88 has been blocked from further access to the system.
          1/8/2009 12:01:00 AM - Web Server - IP Address 91.196.169.226 has been blocked from further access to the system.
          1/8/2009 12:04:59 AM - Web Server - IP Address 213.251.156.148 has been blocked from further access to the system.
          1/8/2009 12:07:32 AM - Web Server - IP Address 89.163.145.92 has been re-enabled for access to the system.
          1/8/2009 12:08:59 AM - Web Server - IP Address 78.131.152.140 has been blocked from further access to the system.
          1/8/2009 12:22:42 AM - Web Server - IP Address 209.160.64.190 has been re-enabled for access to the system.
          1/8/2009 12:26:35 AM - Web Server - IP Address 193.93.173.88 has been re-enabled for access to the system.
          1/8/2009 12:31:00 AM - Web Server - IP Address 91.196.169.226 has been re-enabled for access to the system.
          1/8/2009 12:32:44 AM - Web Server - IP Address 87.233.70.79 has been blocked from further access to the system.
          1/8/2009 12:34:59 AM - Web Server - IP Address 213.251.156.148 has been re-enabled for access to the system.
          1/8/2009 12:38:17 AM - Web Server - IP Address 194.19.240.41 has been blocked from further access to the system.
          1/8/2009 12:38:59 AM - Web Server - IP Address 78.131.152.140 has been re-enabled for access to the system.
          1/8/2009 1:01:48 AM - Web Server - IP Address 87.253.144.150 has been blocked from further access to the system.
          1/8/2009 1:02:44 AM - Web Server - IP Address 87.233.70.79 has been re-enabled for access to the system.
          1/8/2009 1:02:53 AM - Web Server - IP Address 210.83.85.100 has been blocked from further access to the system.
          1/8/2009 1:08:17 AM - Web Server - IP Address 194.19.240.41 has been re-enabled for access to the system.
          1/8/2009 1:18:25 AM - Web Server - IP Address 78.129.146.34 has been blocked from further access to the system.
          1/8/2009 1:31:48 AM - Web Server - IP Address 87.253.144.150 has been re-enabled for access to the system.
          1/8/2009 1:32:53 AM - Web Server - IP Address 210.83.85.100 has been re-enabled for access to the system.
          1/8/2009 1:37:35 AM - Web Server - IP Address 152.118.24.110 has been blocked from further access to the system.
          1/8/2009 1:48:25 AM - Web Server - IP Address 78.129.146.34 has been re-enabled for access to the system.
          1/8/2009 2:07:35 AM - Web Server - IP Address 152.118.24.110 has been re-enabled for access to the system.
          1/8/2009 2:22:38 AM - Web Server - IP Address 66.79.162.235 has been blocked from further access to the system.
          1/8/2009 2:50:14 AM - Web Server - IP Address 91.121.142.145 has been blocked from further access to the system.
          1/8/2009 2:52:38 AM - Web Server - IP Address 66.79.162.235 has been re-enabled for access to the system.
          1/8/2009 3:20:14 AM - Web Server - IP Address 91.121.142.145 has been re-enabled for access to the system.
          1/8/2009 4:07:35 AM - Web Server - IP Address 78.41.207.181 has been blocked from further access to the system.
          1/8/2009 4:27:06 AM - Web Server - IP Address 72.9.158.240 has been blocked from further access to the system.
          1/8/2009 4:28:41 AM - Web Server - IP Address 211.94.188.100 has been blocked from further access to the system.
          1/8/2009 4:37:35 AM - Web Server - IP Address 78.41.207.181 has been re-enabled for access to the system.
          1/8/2009 4:57:06 AM - Web Server - IP Address 72.9.158.240 has been re-enabled for access to the system.
          1/8/2009 4:58:41 AM - Web Server - IP Address 211.94.188.100 has been re-enabled for access to the system.
          1/8/2009 5:41:58 AM - Web Server - IP Address 66.79.162.197 has been blocked from further access to the system.
          1/8/2009 6:00:52 AM - Web Server - IP Address 89.149.244.134 has been blocked from further access to the system.
          1/8/2009 6:11:58 AM - Web Server - IP Address 66.79.162.197 has been re-enabled for access to the system.
          1/8/2009 6:15:28 AM - Web Server - IP Address 216.245.210.89 has been blocked from further access to the system.
          1/8/2009 6:30:52 AM - Web Server - IP Address 89.149.244.134 has been re-enabled for access to the system.
          1/8/2009 6:44:30 AM - Web Server - IP Address 212.95.32.171 has been blocked from further access to the system.
          1/8/2009 6:45:28 AM - Web Server - IP Address 216.245.210.89 has been re-enabled for access to the system.
          1/8/2009 7:14:30 AM - Web Server - IP Address 212.95.32.171 has been re-enabled for access to the system.
          1/8/2009 8:59:14 AM - Web Server - IP Address 67.215.231.250 has been blocked from further access to the system.
          -Mike-

          -Home automation powered by the wind and sun-
          Zotac 9300g-Q9400s-4gb ram-Intel 120 SSD-MS XP
          HS 2.5.0.20, BLlan,BLweather,MCSXap,Jon00 graphing,Jon00 Whois,Snevl/Ten WeatherAlerts
          W2c,Ztroller,z-wave+18,Q100D's,Silex 3000gb
          Zoneminder 1.24.2 - Ubuntu 11.04 x64 on top of Xenserve
          Zoneminder 1.24.2 - Ubuntu 11.04 x64 Zotac D525 atom

          Comment


          • #6
            It's listed on this page.
            http://homeseer.com/updates2/notices.htm
            -Rupp
            sigpic

            Comment


            • #7
              Here's a better explanation of this new functionality.
              http://board.homeseer.com/showpost.p...25&postcount=1
              -Rupp
              sigpic

              Comment


              • #8
                That would explain why I couldn't find them.
                The attacks continued today, every few minutes, all day; each time from a different IP. I've disabled forwarding port 80 in my router for the time being until this stops.
                Real courage is not securing your Wi-Fi network.

                Comment


                • #9
                  Yea, port 80 is not a good one to use. I use 81, 88, 8080, 8000, and 8181 for my web servers.
                  -Rupp
                  sigpic

                  Comment


                  • #10
                    Good feature and I'm glad it's configurable. However, I never see failed login in attempts prior to the new blocking messages in the log. Why are the failed attempts not logged as the were in the past?

                    Comment


                    • #11
                      Originally posted by michael.davis View Post
                      Good feature and I'm glad it's configurable. However, I never see failed login in attempts prior to the new blocking messages in the log. Why are the failed attempts not logged as the were in the past?
                      I agree. That was the first thing I noticed. How can you be blocked if you didn't fail to log in? If your log-in did fail, why wasn't it logged? If someone succeeds in logging in, is that still logged? "Log remote logins" is still set to "YES" but I don't see the failures....

                      Steve

                      Comment


                      • #12
                        Hmm, I was running Jon00's whois plug in, It did not show any failed login in attempts with the IP's that are showing up in my HS log as being blocked from further access to the system, but yet I can log on from a remote location, Whois logs it, HS logs it.

                        1/8/2009 11:51:05 PM - Info - Web Server authorized login successful from: xx.xxx.xxx.xx User: zap
                        1/8/2009 11:51:32 PM - Info - Web Server authorized local login successful from: 127.0.0.1 User: zap

                        I put in a wrong password or user name
                        1/8/2009 11:53:53 PM - Info - Web Server login failed from: xx.xxx.xxx.xx User: zap

                        I'm not blocked in the logs from further access.

                        Weird.
                        -Mike-

                        -Home automation powered by the wind and sun-
                        Zotac 9300g-Q9400s-4gb ram-Intel 120 SSD-MS XP
                        HS 2.5.0.20, BLlan,BLweather,MCSXap,Jon00 graphing,Jon00 Whois,Snevl/Ten WeatherAlerts
                        W2c,Ztroller,z-wave+18,Q100D's,Silex 3000gb
                        Zoneminder 1.24.2 - Ubuntu 11.04 x64 on top of Xenserve
                        Zoneminder 1.24.2 - Ubuntu 11.04 x64 Zotac D525 atom

                        Comment


                        • #13
                          Originally posted by zap View Post
                          Hmm, I was running Jon00's whois plug in, It did not show any failed login in attempts with the IP's that are showing up in my HS log as being blocked from further access to the system, but yet I can log on from a remote location, Whois logs it, HS logs it.

                          1/8/2009 11:51:05 PM - Info - Web Server authorized login successful from: xx.xxx.xxx.xx User: zap
                          1/8/2009 11:51:32 PM - Info - Web Server authorized local login successful from: 127.0.0.1 User: zap

                          I put in a wrong password or user name
                          1/8/2009 11:53:53 PM - Info - Web Server login failed from: xx.xxx.xxx.xx User: zap

                          I'm not blocked in the logs from further access.

                          Weird.
                          See, that's the thing. Jon's script uses the HS log of logins (failed and successful) to work. Anything that doesn't specifically log as a failed or successful login won't show up in whois. It is either that some failed logins are not now being logged (your test indacates that isn't the problem) or these new "blocked" entries in the log are bogus. I tend to believe it is the latter, and it certainly doesn't seem helpful. Anyway want to put in a help desk ticket?

                          Steve

                          Comment


                          • #14
                            I Don't think the blocked IP are bogus, I can match them up to IP's being blocked by my firewall, Jon00's Whois is not picking them up from the HS log.

                            What I can't understand is how HS is picking them up when its being blocked at the firewall level.

                            Also with HS running this will fill up my firewall log.
                            protocol:UDP srcIP: 192.168.xx.37 dstIP:255.255.255.255 srcPort:32769 dstPort: 3639 permitted

                            Shut down HS and it goes away.
                            -Mike-

                            -Home automation powered by the wind and sun-
                            Zotac 9300g-Q9400s-4gb ram-Intel 120 SSD-MS XP
                            HS 2.5.0.20, BLlan,BLweather,MCSXap,Jon00 graphing,Jon00 Whois,Snevl/Ten WeatherAlerts
                            W2c,Ztroller,z-wave+18,Q100D's,Silex 3000gb
                            Zoneminder 1.24.2 - Ubuntu 11.04 x64 on top of Xenserve
                            Zoneminder 1.24.2 - Ubuntu 11.04 x64 Zotac D525 atom

                            Comment


                            • #15
                              Has there been anything further on this? Zap: Did you put in a help desk request?

                              I don't know wheather to believe my WhoIs log any more, and I don't know wheather to believe these "blocked" messages in my HS log. Something ain't right.

                              Does anyone else who sees these run Jon00's WhoIs package?

                              Steve

                              Comment

                              Working...
                              X