Mailing List CGatePro@mail.stalker.com Message #101346
From: Jeff Wark <jwark@tbaytel.net>
Subject: Re: Error - 476 connections from your host are denied
Date: Mon, 10 Jan 2011 15:33:06 -0500
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
That sounds more like an "UpdateTemplBlacklistedIPs" or "AddTempBlacklistedIPs" command and not really a "SetTempBlacklistedIPs" command.

On 1/10/2011 3:25 PM, Nicolas Hatier wrote:
Unfortunately (according to the documentation) the SetTempBlacklistedIPs only adds to the blacklist.

NH

On 2011-01-10 15:21, Bret Miller wrote:
The only way I know of is to use CLI:

GetTempBlacklistedIPs()
SetTempBlacklistedIPs(IPs)

Bret Miller

On 1/10/2011 12:13 PM, Nicolas Hatier wrote:
I don't see a way to clear the temp blacklist, except maybe a stop/start of the CGP service.

NH

On 2011-01-10 15:00, Tom Rymes wrote:
On 01/10/2011 11:12 AM, Nicolas Hatier wrote:
Grep with the IP or its DNS name, maybe. Then check what happened around
each instance you find.

OK, looks like our router's address is being blocked after Pidgin kept trying to login every 10 minutes, even though the password was rejected.

13:06:12.478 1 ACCOUNT(username) login(XMPP) from [x.x.x.x]:2198(TLS) failed. Error Code=incorrect password
13:06:14.490 1 ACCOUNT(username) login(XMPP) from [x.x.x.x]:2198(TLS) failed. Error Code=incorrect password
13:06:16.503 1 ACCOUNT(username) login(XMPP) from [x.x.x.x]:2198(TLS) failed. Error Code=incorrect password
13:06:44.770 1 ACCOUNT(username) login(XMPP) from [x.x.x.x]:2207(TLS) failed. Error Code=incorrect password
13:06:46.782 1 ACCOUNT(username) login(XMPP) from [x.x.x.x]:2207(TLS) failed. Error Code=incorrect password
13:06:46.782 3 SYSTEM [x.x.x.x] blocked on 5 login failures

What's frustrating about this is that, if I paste the router's address into the "test" field on this page:

http://my.server.address:8010/Master/Settings/BlacklistedIPs.html?#Test it returns as "LAN:[x.x.x.x] is Trusted" even though it's been temporarily balcklisted. Shouldn't this report as "temporarily blacklisted"?

I also wonder how I can remove the host from the temporary blacklist before the 60 minutes I have specified are up. I have tried modifying the blocking time, but that only seems to work for new entries.  I also wonder if there is some way I can avoid having this happen in the future without causing a security problem.

Of course, theI'm trying Pidgin as a replacement for Spark upon the recommendation of Support. I have to say that I really don't like it anywhere near as much, but it might resolve the roster/presence issues we've had with both Microsoft Messenger and Spark.

I'm going to give Pandion a shot, too. Maybe it'll prove to have a better user interface; I haven't been impressed with Pidgin.

Tom


-- *Nicolas Hatier, ing.* <nicolas.hatier@niversoft.com <mailto:nicolas.hatier@niversoft.com>>
Niversoft idées logicielles - http://www.niversoft.com

#############################################################

This message is sent to you because you are subscribed to

   the mailing list<CGatePro@mail.stalker.com>.

To unsubscribe, E-mail to:<CGatePro-off@mail.stalker.com>

To switch to the DIGEST mode, E-mail to<CGatePro-digest@mail.stalker.com>

To switch to the INDEX mode, E-mail to<CGatePro-index@mail.stalker.com>

Send administrative queries to<CGatePro-request@mail.stalker.com>

-- *Nicolas Hatier, ing.* <nicolas.hatier@niversoft.com <mailto:nicolas.hatier@niversoft.com>>
Niversoft idées logicielles - http://www.niversoft.com


Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster