Hacker "blacklist" management

Hacker "blacklist" management

Hacker "blacklist" management
Hacker "blacklist" management
2024-05-28 15:35:17 - last edited 2024-07-09 01:35:46
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.1.2 Build 20230210 Rel.62992

My network is constantly being probed and resources used by hacker type bots that try and access URL's that do not exist or by submitting forms trying to find XSS vulnerabilties. 

 

All these methods are logged and thwarted by active server code but the hacker is still consuming resources that can slow down server operations. 

 

For now I add their IP address to a blacklist and if found the next time I send them to a blank page.  But these subsequent hacking attempts still uses server resources - sometimes it is 10,000 such attempts in a single day.

 

I know that the router can stop them from accessing server resources if the IP is entered into a IP Group.

 

I'd like to automatically add these IP addresses to the IP Group, or configure the router to access the list.  Can ER605 be configured automatically by code?  Maybe the ER605 is the wrong product for my need. 

 

Suggestions on what product allows automated blacklist management or how to use ER605 more effectively is what I am seeking answers about.

  0      
  0      
#1
Options
1 Accepted Solution
Re:Hacker "blacklist" management-Solution
2024-05-29 00:57:53 - last edited 2024-05-29 02:01:37

Hi @JoeStanton 

Thanks for posting in our business forum.

There is no automation to block an IP address that has probed you. We don't support scripts either.

From what you described, I think what you need is a service from providers like Cloudflare to stop the bots from accessing your network and taking up the resources. Give the cloud protection a try and see if they can offer a reasonable solution for you to stop such a behavior.

IDS/IPS is a feature that can block geo-IP addresses but it may not work well for your situation. It needs to be tested to know if you can filter the location of subnets of them.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  3  
  3  
#3
Options
6 Reply
Re:Hacker "blacklist" management
2024-05-28 16:09:58

  @JoeStanton 

 

You want to consider a high model that has IPS on it.  

I can not teach anyone anything - I can only make them think - Socrates
  2  
  2  
#2
Options
Re:Hacker "blacklist" management-Solution
2024-05-29 00:57:53 - last edited 2024-05-29 02:01:37

Hi @JoeStanton 

Thanks for posting in our business forum.

There is no automation to block an IP address that has probed you. We don't support scripts either.

From what you described, I think what you need is a service from providers like Cloudflare to stop the bots from accessing your network and taking up the resources. Give the cloud protection a try and see if they can offer a reasonable solution for you to stop such a behavior.

IDS/IPS is a feature that can block geo-IP addresses but it may not work well for your situation. It needs to be tested to know if you can filter the location of subnets of them.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  3  
  3  
#3
Options
Re:Hacker "blacklist" management
2024-06-04 16:34:21

  @JoeStanton Thanks for the replies!  Does the Omada Pro G36 allow such IP management?  E.g. some sort of API to add IP's.

  0  
  0  
#4
Options
Re:Hacker "blacklist" management
2024-06-05 00:45:57

Hi @JoeStanton 

 

Thanks for posting in our business forum.

JoeStanton wrote

  @JoeStanton Thanks for the replies!  Does the Omada Pro G36 allow such IP management?  E.g. some sort of API to add IP's.

Omada Pro is not a part of the technical support on the forum, phone, or email. As for now, there is no public entrance in support of it. The entrance for the Omada Pro tech support would only be your dedicated agent assigned to take care of your cases.

And, Omada Pro is not open to regular customers without a contract and bulk order.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#6
Options
Re:Hacker "blacklist" management
2024-06-06 21:57:25

  @JoeStanton 

 

having a similar, though much less extreme version of this, playing whack-a-mole with thousands of VPN login attempts per day, rather than add IPs to a blocklist, what i simply did was create a "Location Group" of every country but my home country, added it to 3 ACLs that were:

 

Block - Location Group > Wan In > My_Wan_IP_Group

Block - Location Group > Wan In > Me (this blocks all router access)

Block - Location Group > Wan In > IPGROUP_ANY

 

This three prong approcach basically reduced VPN login attempts, port scans and such to almost zero, just one or two a week now, if that.

  1  
  1  
#7
Options
Re:Hacker "blacklist" management
2024-07-08 15:55:08 - last edited 2024-07-11 10:07:42

You want to set clear guidelines, just like outlining steps in a tutorial, to keep things fair and fun.

  0  
  0  
#8
Options