Replies: 1 comment 1 reply
-
|
it is an attack but for another software, and therefore it is ineffective and harmless. there's no plugin that i know to block after a number of 404 errors, but you can program the code yourself and make it run inside Admin-panel > Options > Server code. Yours should be something like this, but you may need to make changes as i didn't even test it, so maybe there's some error exports.init = api => {
const counters = {}
return {
middleware: ctx => () => { // wait for the status to be calculated by hfs
if (ctx.status === 404) {
if (5 === (counters[ctx.ip] = 1 + (counters[ctx.ip] || 0)))
api.addBlock({ ip: ctx.ip, comment: 'too many 404s' })
}
}
}
}also, this example is lacking a mechanism to reset the counter after a while, so if you make 5 errors in a month time span, you will be banned too. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you! I'll give a try and let you know what worked for me |
Beta Was this translation helpful? Give feedback.
-
So our HFS server is running on a Ryzen 9 pc with windows server inside a datacenter. We host a 15k members community. It won't be a surprise if someone wants to "hack" our server. So today i was looking at Logs in HFS and found this interesting request from a random IP.
"/boaform/admin/formLogin"
"/CDGServer3/SystemConfig"
Is there any kind of addon that blocks a specific IP that returns 404 error more than 5 times? It's annoying to block these IP's one by one.
Also i'd like to know if this kind of attack could be dangerous or not.
Another question. How can i have HTTPS enabled if i don't have a .com domain for example. My server is hosted inside datacenter with a fixed IP. Is there any tutorial to enable HTTPS in HFS?
Thank you!
Beta Was this translation helpful? Give feedback.
All reactions