Announcement

Collapse
No announcement yet.

Firewall/pinging question

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Firewall/pinging question

    I seriously doubt this is actually a vBulletin issue, but I would really appreciate being able to give this member a knowledgeable answer, with some help from you folks, of course!

    Here is a post that I received from one member that was unable to access the boards from several days:

    The problem with Kim getting on BBU was a firewall issue. Now that we have a Broadband connection, I am running a hardware firewall on my router and a software firewall on our PC. A few days ago I noticed that I was getting a large number of requests from a specific IP address to access ports on our computer. This was happening even though Internet Explorer was closed!

    I traced the IP address (66.246.135.11) to host.bwscom.net - Registered to MJRSolutions which is a web site hosting company in NC. When Kim first started telling me she couldn't get on BBU, I thought the website was down. Once others started IMing her without problems, I started trying to figure out what was happening. In then end, we figured out that the IP address was registered in NC and so is BBU. I unblocked the IP address, and now it works.

    So......can anyone tell me why BBU is trying to access ports on my computer?
    The only thing I can think of is that, to my knowledge, these issues began on the same day that my site went down. This happened because I was screwing around with adding hotlink protection to my .htaccess file and some how crashed the site in what appeared to me to be like a loop.

    Can anyone explain to me what is happening and why this person seems to be the only one with this issue? Thanks for any help!

  • #2
    We had a few similar issues because we were running a DNS Blacklist/Proxy scanner for IRC servers on the same machine as the forums. Resulted in some people who connected to IRC not being able to access the forums afterwards.

    Some software firewalls react when they shouldn't - and if it's one person I wouldn't wory about it. I've seen crappy Norton Internet Security block many sites for stupid reasons.

    If you are on shared hosting, this might be one of the risks you run - another user on the same machine could possibly cause your users some problems.
    HP DL-380 G6, 2x E5520, 28GB RAM, 4x300GB SAS, VMWare ESXi
    -
    Unreal Tournament : Assault forums - irc://irc.utassault.net:6667 -

    Comment


    • #3
      Thank you for the reply! Unfortunately, this person is continuing to stir up trouble and now informs me that they explained it wrong. I'm beginning to think it may be an ad that I'm running. Is there anything in this report that could give me clues?

      Date/Time Source IP Hostname SPort DPort Event Information
      2005/10/11 20:39:57 66.246.135.11 host.bwscom.net 80 4406 Port 4406 (TCP)
      2005/10/11 20:42:04 66.246.135.11 host.bwscom.net 80 4477 Port 4477 (TCP)
      2005/10/11 20:44:02 66.246.135.11 host.bwscom.net 80 4547 Lanner License Manager
      2005/10/12 10:05:55 66.246.135.11 host.bwscom.net 80 2454 IndX-DDS
      2005/10/16 13:42:34 66.246.135.11 host.bwscom.net 80 3121 Port 3121 (TCP)
      2005/10/16 13:42:34 66.246.135.11 host.bwscom.net 80 3122 Port 3122 (TCP)
      2005/10/17 10:26:46 66.246.135.11 host.bwscom.net 80 2190 Port 2190 (TCP)
      2005/10/17 10:26:47 66.246.135.11 host.bwscom.net 80 2199 Port 2199 (TCP)
      2005/10/17 10:27:15 66.246.135.11 host.bwscom.net 80 2242 Folio Remote Server
      2005/10/17 17:08:56 66.246.135.11 host.bwscom.net 80 3606 Port 3606 (TCP)

      I blocked IP 66.246.135.11 during this time and Kim was unable to access BBU

      2005/10/23 13:08:26 66.246.135.11 host.bwscom.net 80 2412 CDN
      2005/10/23 13:08:57 66.246.135.11 host.bwscom.net 80 2455 WAGO-IO-SYSTEM
      2005/10/24 08:51:39 66.246.135.11 host.bwscom.net 80 2033 Port 2033 (TCP)
      2005/10/24 08:51:49 66.246.135.11 host.bwscom.net 80 2112 Port 2112 (TCP)
      2005/10/24 11:31:22 66.246.135.11 host.bwscom.net 80 4669 Port 4669 (TCP)
      2005/10/24 11:31:23 66.246.135.11 host.bwscom.net 80 4670 Port 4670 (TCP)
      2005/10/24 15:09:14 66.246.135.11 host.bwscom.net 80 2393 MS OLAP 1
      2005/10/24 15:09:14 66.246.135.11 host.bwscom.net 80 2394 MA OLAP 2 / MS OLAP 2

      Comment


      • #4
        It's shared hosting from what I can see - so theres a good chance it isn't anything to do with your server. Moving to your own dedicated IP address would stop anyone else on your shared server from causing problems which seemily come from you. Speak to your web hosts - they should be able to help you with this.

        www.babyuniversity.com => 66.246.135.11
        66.246.135.11 => host.bwscom.net

        Any decent firewall should not block all connections from that IP address - especially if the log files you posted are a complete list of all the attempts. They should just block the request, and carry on. I still "blame" the user for having a crappy or misconfigured firewall. Yes it should deny requests to those ports as they happen, but it shouldn't block all traffic to and from that IP address - espcially not for a workstation firewall anyway.

        Tell them to uninstall Norton and get something decent and speak to your web hosts about WHY such request are originating from your server, and by whom.
        HP DL-380 G6, 2x E5520, 28GB RAM, 4x300GB SAS, VMWare ESXi
        -
        Unreal Tournament : Assault forums - irc://irc.utassault.net:6667 -

        Comment


        • #5
          Their reply was that it was from an ad on my site. There's only three sites on this server, and the other two are friends of mine. As I tried to explan to the member, I also run a firewall and I don't have these same issues. Apparently, no one else does either. <<shrugs>>

          Thank you for shedding some light on that for me! I appreciate your help!

          Comment

          widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
          Working...
          X