However, I've got a number of powerful plug-ins installed which auto-ban their IP's for 24 hours after x number of failed login attempts. I don't know if I mentioned it before or not, but I get these same kind of brute force attacks on my WordPress blog every single day. Well, now I am scratching my head a bit again. I've done without since 1997, so why rock the boat now? I don't run any commercial sites, and there are very few places on my server which require a login - and which are in fact for the most part dead anyway - so why bother?" However, after conducting some online research regarding the issue, looking at the price ranges, and considering self-signed certificates, I figured, "Nah, I don't really need this. I was wondering if I should implement SSL on my server, perhaps just to instill more confidence in the visitors to my various domains. Yeah, it blocks a lot of innocents, but it's not like any of my domains are getting majorly flooded with visitors.Ībout an hour ago, I did the same thing regarding SSL. That hacker dude who keeps using "admin", "support" and "root" must be getting pretty upset by now, because I have been blocking the entire IP range for each ISP subnet that he uses. So, I have settled for the simpler approach of looking at logs, and using Little Snitch and Norton Personal Firewall. I did look at pf's man pages, but quite frankly, it was all over my head. Ha! I think you overlooked a previous comment that I made - or at least I think I made it. You can always go in and hand-tweak the back-end after reading the man pages and config info on stack overflow. But the firewall configuration tool they provide on Server is back-end agnostic, and gives you the same powerful options for pf that it did for ipfw, without having to adjust your front-end configuration after upgrading. In this case, pf is the back-end system that you can learn about by typing man pf (either in spotlight or from Terminal) - or by looking at the OpenBSD documentation on this firewall. I've also had good luck finding documentation for pretty much everything on their website - although it's easier to search on Google and use site: than to use Apple's own search, which often doesn't find the material. As such, most of the tools you need are provided on stock OS X, but the management software that makes it easier is in the server upgrade. Maybe it is just me, but it seems to me that Apple purposely dumbs down a lot of their software, and removes important features that were previously there.Īpple purposely dumbs down all their defaults, but leaves power-user options in their interfaces, and usually provides full access to the back-end systems that actually do the dirty work. IceFloor is a front end for "pf" and requires Mac OS X 10.7 or 10.8. WaterRoof is a front end for "ipfw" and requires Mac OS X 10.6. They are called "WaterRoof" and "IceFloor". This same developer has written two related apps - also front ends - for earlier versions of Mac OS X. I haven't tried it out yet, but I am sure that it is probably a lot easier to use than typing commands in the Terminal, or directly editing some hidden config file somewhere. It currently stands at version 1.1.2 and requires Mac OS X 10.9.4 or greater. Well, just today I discovered over on the website that a certain developer has written a front end for "pf" called "Murus Lite". However, it did not prevent that Pitbull Pro guy from accessing my Hotline server and attempting to log on to it. I mentioned that Apple had removed "ipfw" from OS X in 2014 or earlier, and had replaced it with something called "pf".Īfter looking at some message threads regarding its use, I entered what seemed to be the right string in the "pf.conf" file. I wanted to add an update to an earlier comment that I made in this thread.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |