haywardi
Free User
- Joined
- Feb 27, 2011
- Messages
- 88
- Reaction score
- 1
A word of warning and some advise needed.
Just noticed my Internet running VERY slowly, did the normal thngs like reboot my router thinking it had a problem, but it didn't fix. Started checking my installation until I noticed hundreds of entries in the 3cx server log saying
Authentication failed and a number of blacklist entries to ip 50.56.101.178. I'm not a network expert but from my knowledge this ip lives somewhere in china...
Thought I may stop the attack by closing my open ports to the 3cx server, so disabled these at my router. A few minutes later the Internet started working again, but still not as fast as usual. I also upped the blacklist time to 3660 seconds.
First the warning, someone is clearly trying to hack into the system, hopefully they will move on shortly, but it could be to you so watch out..
Secondly the advise. It seems reasonable to me that it should be possible to put an ip on a total blacklist that is never allowed to reconnect, but the best I seem to be able to do is limit the length of time before it can simoly try again.
Is there a proper, non temporary blacklist? Or better still a Whitelist for the ip's that can connect?
Thanks in advance
Iain
Just noticed my Internet running VERY slowly, did the normal thngs like reboot my router thinking it had a problem, but it didn't fix. Started checking my installation until I noticed hundreds of entries in the 3cx server log saying
Authentication failed and a number of blacklist entries to ip 50.56.101.178. I'm not a network expert but from my knowledge this ip lives somewhere in china...
Thought I may stop the attack by closing my open ports to the 3cx server, so disabled these at my router. A few minutes later the Internet started working again, but still not as fast as usual. I also upped the blacklist time to 3660 seconds.
First the warning, someone is clearly trying to hack into the system, hopefully they will move on shortly, but it could be to you so watch out..
Secondly the advise. It seems reasonable to me that it should be possible to put an ip on a total blacklist that is never allowed to reconnect, but the best I seem to be able to do is limit the length of time before it can simoly try again.
Is there a proper, non temporary blacklist? Or better still a Whitelist for the ip's that can connect?
Thanks in advance
Iain