Koozali.org: home of the SME Server

suspicious IP

Offline SchulzStefan

  • *
  • 620
  • +0/-0
suspicious IP
« on: July 06, 2018, 11:58:49 AM »
Good day,

does anybody know the IP 37.49.224.226 ?

I've attempts on my systems all day long. No customer of me, would like to block.

regards,
stefan
And then one day you find ten years have got behind you.

Time, 1973
(Mason, Waters, Wright, Gilmour)

Offline Stefano

  • *
  • 10,836
  • +2/-0
Re: suspicious IP
« Reply #1 on: July 06, 2018, 12:40:34 PM »
geektools.com -> insert IP and the captcha code, you're done

Offline mmccarn

  • *
  • 2,626
  • +10/-0
Re: suspicious IP
« Reply #2 on: July 06, 2018, 12:41:33 PM »
You can get basic IP info at "ipinfo.io": https://ipinfo.io/37.49.224.226

You can check if a server is listed on DNSBL services using mxtoolbox.com: https://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a37.49.224.226&run=toolpage

You can configure your SME server to automatically block misbehaving IPs using Fail2ban: https://wiki.contribs.org/Fail2ban



Offline SchulzStefan

  • *
  • 620
  • +0/-0
Re: suspicious IP
« Reply #3 on: July 06, 2018, 12:45:15 PM »
Stefano and mmccarn,

thank you both - I did already a lookup. Fail2ban is running and configured. I just wanted to know if anybody in the community stumbled already over this IP.

Thx and regards,
stefan
And then one day you find ten years have got behind you.

Time, 1973
(Mason, Waters, Wright, Gilmour)

Offline Stefano

  • *
  • 10,836
  • +2/-0
Re: suspicious IP
« Reply #4 on: July 06, 2018, 02:10:40 PM »
sincerely I don't care, I manage more than 2 dozens of servers.. ;-)

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: suspicious IP
« Reply #5 on: July 06, 2018, 03:46:16 PM »
If it is blocked then why worry over one IP?

I have truck loads of IPs banging away, and they in turn get blocked.

Just worry about the ones that get through....

FYI new Geoip reveals

geoiplookup 37.49.224.226
GeoIP Country Edition: NL, Netherlands
GeoIP City Edition, Rev 1: NL, N/A, N/A, N/A, N/A, 52.382401, 4.899500, 0, 0
GeoIP ASNum Edition: AS199264 Estro Web Services Private Limited

Doesn't really mean anything much though.

As long as it gets blocked then move on and worry about more important things.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline mmccarn

  • *
  • 2,626
  • +10/-0
Re: suspicious IP
« Reply #6 on: July 07, 2018, 04:11:21 PM »
I became obsessed with blocking access from known bad IPs a while ago, and dug up firehol - a firewall project that does for IP traffic what spam filters do for email.  That is - it monitors lists of known bad IPs and creates "ipsets" that can then be used by iptables to block traffic to or from those systems.

My notes on setting up firehol went into this post - https://forums.contribs.org/index.php?topic=53302.0 - but need significant updating.

All of "firehol" is not needed, only iprange, functions.common, update-ipsets, and a customized version of "install.config" pointing to wherever you put the other 3 files.  I don't have any notes on this for SME server, as I did it on EdgeOS on a ubiquiti edgerouter lite.