Will APF (Advanced Policy Firewall) work with InterWorx?

system · November 13, 2005, 6:55am

Due to increasing hack attacks on my server, slowing down everything, I am in great need to do something asap.

I have come upon APF (Advanced Policy Firewall) and BFD (Brute Force Detection) which seems to be able to work together - http://www.webhostgear.com/240.html

APF - http://www.webhostgear.com/61.html

BFD - http://www.webhostgear.com/60.html

The tutorial for APF however, mentions settings for CPanel servers, and I would then assume something similar is needed for InterWorx.

Any ideas?

IWorx-Socheat · November 13, 2005, 7:01am

APF is already included in InterWorx 2.1.0, in NodeWorx. Please see the following docs:

BFD is already being considered for a future version of InterWorx.

system · November 13, 2005, 8:08am

Can I with this add my static IP address, which I have from my home BellSouth ADSL, as “Trusted” and then block EVERYTHING else?

And if in the unlikely event BellSouth changes my IP address, can I then still get into NodeWorx and change the IP address?

system · November 14, 2005, 1:32pm

Bumpedy, bump

Justec · November 14, 2005, 3:38pm

I block SSH and put my static IP as trusted so I can SSH all I want and those overnight script scanner attacks only put a little load on my server drop’n the packets isntead of having failed login attempts.

I wouldn’t block NodeWorx though b/c thats a good backup. If your IP should change or…

if you get hit by a hurricane and the power is out for 5 days, but then hey, you get a generator and get that PC fired up only to find that the DSL is out and you have to use a dial-up backup account that will of course give you a totally different IP. If NodeWorx isn’t block then you can log into NodeWorx and unblock SSH login or add your new temporary dial-up IP :rolleyes:

I also block MySQL port since everything with MySQL is done locally.

Hope this helps.

system · November 14, 2005, 4:48pm

Thanks! So I should:

Put my ISP IP address in as trusted, and turn on Debug mode until I make sure that I can still get in via SSH.
Block SSH, TCP In and TCP Out?
Perhaps block MySQL. Can my sites then still access MySQL databases and can I then still access phpMyAdmin through SiteWorx?
Leave Port Access for everything else as is

Correct?

Justec · November 14, 2005, 5:50pm

Yes, but if you are not blocking NodeWorx you dont really need to worry about putting debug mode on because you can just open the SSH ports again through NodeWorx.

Yes, block all TCP/UDP

Everything works fine for me, I believe this is only if a remote computer is connecting directly to the database, but all your sites and PHPmyAdmin access the server via localhost

This is really up to you what else you want to block or leave open, but I wouldn’t mess with anything you are not sure about.

Good Luck and hopefully you will see a nice CPU drop from no more hack attempts via SSH. I guess my not allowing root direct SSH access is kind of pointless now since no one can log into SSH