The attacks on my web site got intense enough that I just blocked non-North American internet traffic. I got it down to about 40 top level IP addresses. The content of my site was not of interest outside the states and I wasn't blocking any legitimate traffic anyway.

Recently my site had a lot more visitors than usual, and I got several requests to open up to the world, and so I did. What I noticed this time around from a couple of years ago is that there is a concerted effort to login repeatedly, presumedly with a dictionary style attack, or working down a list of common passwords, etc. That I cannot tolerate because the bot networks will try forever.

So I am reimposing bans for my friendly bots from around the world at an ISP level, but for those few who want to be on the internet and will get nothing from overseas except grief, the 40 some top level IP address ranges I ended up banning is highly efficient and highly effective at stopping the bulk of attacks. However the bot network owners do resort to using American slave bots when they can't get through from elsewhere, so you still have to keep an eye out for them by checking your web log for a sustained crack attempt and ban those individual addresses as well.

Other than that, perfectly safe to be on the internet. :)

rd


Jim Franz wrote:
For my Netopia dsl router I had to open port 80 for web traffic and forward it to the iSeries address.
Your router is defaulting some firewall block for what originates from the outside. It may even block all that originates from outside.
There are security concerns if you open this up.
My i5 is running a simple site, and takes a few hundred script kiddie type hacks a day - never causes a problem.
If you open ftp and they guess/hack your pwd and your not running exit pgms then they will have cmd auth to your system.
I do run my own exit pgms plus turn ftp off when not needed.
I don't open the port for http admin from outside. Maintain from inside.
Jim Franz

----- Original Message ----- From: "Rich Dotson" <richleedotson@xxxxxxxxx>
To: "Web Enabling the AS400 / iSeries" <web400@xxxxxxxxxxxx>
Sent: Tuesday, August 12, 2008 8:46 PM
Subject: Re: [WEB400] Connecting i5 Express to Internet


FTP, telnet and web browser cgidev http

I am trying to setup my own web instance now but I am missing a PTF
group so the admin screen won't come up. I'm pulling the ptf group
from IBM now and hope to have it installed later tonight.

On 8/12/08, Jim Franz <franz400@xxxxxxxxxxxx> wrote:
...get to the iSeries from the outside...
How do you want to get to the iSeries?
web browser run cgidev http
ftp
telnet (iseries access or other)
other?
jim

----- Original Message -----
From: "Rich Dotson" <richleedotson@xxxxxxxxx>
To: "Web Enabling the AS400 / iSeries" <web400@xxxxxxxxxxxx>
Sent: Tuesday, August 12, 2008 7:05 PM
Subject: Re: [WEB400] Connecting i5 Express to Internet


Hi everyone. Sorry I haven't replied for a while. My 10 year old
son and I have spent the last couple of weeks riding ATVs and dirt
bikes in the beautiful mountain trails of West Virginia. Now, back
to the real world. Here's where I am at now:

After speaking with IBM, I ordered and applied some PTFs that I was
missing. I also installed the following Java programs that were
missing:

5722JV1 *COMPATIBLE IBM Developer Kit for Java
5722JV1 *COMPATIBLE Java Developer Kit 1.3
5722JV1 *COMPATIBLE Java Developer Kit 1.4
5722JV1 *COMPATIBLE Java Developer Kit 5.0
5722JV1 *COMPATIBLE J2SE 5.0 32 bit

I purchased a D-Link router. The internet IP address for the router
is 74.219.167.174 (static IP assigned by ISP) and a network IP address
of 192.168.0.1 and a subnet mask of 255.255.255.0.

On my iSeries, the TCP/IP interface (OPT 1) is now setup as:

Internet Subnet Line Line
Address Mask Description Type
192.168.0.2 255.255.255.0 ETHLIN *ELAN

The TCP/IP routes (OPT 2) is now:

Route Subnet Next Preferred
Destination Mask Hop Interface
*DFTROUTE *NONE 192.168.0.1 *NONE

The TCP/IP host table entries are:

Internet Host
Address Name
127.0.0.1 LOOPBACK
LOCALHOST
198.168.0.2 DDMSONLINE.COM
DDMSPROD.DDMSONLINE.COM

The TCP/IP domain information (12) is:

Host Name: DDMSPROD
Domain Name: DDMSONLINE.COM
Domain name server: 65.24.0.168
65.24.0.169

I am able to ping out (WWW.GOOGLE.COM) successfully but I cannot get
to the iSeries from the "outside".

I installed CGIDEV2 and am able to successfully execute the "test your
http server functionality" CGI
(http://192.168.0.2:8014/cgidev2o/hello.mbr).

On the router admin screen there is a place to setup a "Virtual Server
List' where I believe I have to setup the iSeries so that it can be
accessed from the outside. My question is (please excuse my TCP/IP
ignorance), how do I determine which ports to use? The admin screen
want a Public port # and a private port number.

Thanks...
--
This is the Web Enabling the AS400 / iSeries (WEB400) mailing list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/web400.

--
This is the Web Enabling the AS400 / iSeries (WEB400) mailing list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/web400.


--
This is the Web Enabling the AS400 / iSeries (WEB400) mailing list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/web400.





As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.