My TM server is receiving repeated login attempts from an IP addy that I just don't recognise and I'm wondering if there is anything that I can do to block them from spamming my server every 10 seconds or so ???
CCcam unwanted logins
- Thread starter mannachie
- Start date
i would change port/dns name, you could probably find a way to block the i.p that's trying to connect but it sounds like their aren't the kind of person who's going to give up and would just try from different i.p.
i'm not sure what kind of logs you get from cccam but few things might make it easier to see what they are trying to do
- are they using a "username" that exists/used to exist
- if so are they trying to login using same password over and over
if they are doing both of those it sounds like a peer you deleted hasn't removed cline from his box, if someones trying different logins/pass then i'd deffiently change port/dns
i'm not sure what kind of logs you get from cccam but few things might make it easier to see what they are trying to do
- are they using a "username" that exists/used to exist
- if so are they trying to login using same password over and over
if they are doing both of those it sounds like a peer you deleted hasn't removed cline from his box, if someones trying different logins/pass then i'd deffiently change port/dns
Thanks ToneDeff. The warnings.txt file that CCcam produces only advises of repeated failed logins from an IP address. It gives no more than that, no username etc, just what time the login was attempted. It is likely to be a client that I have removed a C line for and when this has happened in the past they usually take the hint and remove their C line but this individual is being persistant !!!!
@Parad0x
and there's a debug mode that would show alot more info, can be run from telnet when it's enabled
not sure about how though never looked into it...
Code:
You don't have permission to view the code content. Log in or register now.and there's a debug mode that would show alot more info, can be run from telnet when it's enabled
Code:
You don't have permission to view the code content. Log in or register now.I found this by using google and wonder if it works??
Syntax to block an IP address under Linux
iptables -A INPUT -s IP-ADDRESS -j DROP
Replace IP-ADDRESS with actual IP address. For example if you wish to block ip address 65.55.44.100 for whatever reason then type command as follows:
iptables -A INPUT -s 65.55.44.100 -j DROP
Syntax to block an IP address under Linux
iptables -A INPUT -s IP-ADDRESS -j DROP
Replace IP-ADDRESS with actual IP address. For example if you wish to block ip address 65.55.44.100 for whatever reason then type command as follows:
iptables -A INPUT -s 65.55.44.100 -j DROP
Add this line to CCcam.cfg that TonDeff has given here already:
LOG WARNINGS : /tmp/warnings.txt
The file will then appear in your /tmp folder. If you have no bad logins it will not create the fils so nothing will be there.
Yep ToneDeff, the iptables command did not work. I am currently reading about other scripts to use but all require iptables firewall installed on the server. :grayno:
Liam1611
Inactive User
You probably could do but most people have dynamic I.P.s so it would only work for a short period of time. The best thing to do is contact the people who are attempting to log into your server and ask them to remove your C: line, if thats not possible then change your dyndns account.
Regards
Liam
Regards
Liam
How do you find out what cline they're trying to use as i can only see the I.P in the warnings.txt
Liam1611
Inactive User
That all depends on how many people you have removed from your server and if you have kept the F: lines. If so then just add the F: lines in one by one and see who pops up in your client list. Once done contact the idiots and ask them to remove your C: line, it may be an idea to just hash out F: lines of useless peers/clients and if this happens again you will have a record of them.
Regards
Liam
Regards
Liam
Last edited:
Think theres about 3, my fault for deleting them and not hashing them.
Thanks for the advice.
The best idea is not to hash them out but to change all the numbers in their F line to zero i.e. F: user password 0 0 0 { 0:0:0 }.
That allows them to login to the server but does not allow them access to any local or remote cards so they wil not get anything to clear from your server. In their server list in CCcam info your server will show zero cards available to them and they will eventually take the hint and remove their C line. Once you see them disappear from your client list in CCcam info, you can delete or hash out their F line altogether.
By doing it this way, it will keep them logged in and stop the repeated login attempts that spam up your server and affect your feeds to other clients.
Thankfully I have now sorted my problem as I was able to identify the client that was still using their old C line so I put their F line back in as per the example above and the warnings.txt file is not being created now. :Clap:
All I have to do is wait for the unwanted client to take the hint !!! :banana:
Similar threads
