Hacker "blacklist" management
My network is constantly being probed and resources used by hacker type bots that try and access URL's that do not exist or by submitting forms trying to find XSS vulnerabilties.
All these methods are logged and thwarted by active server code but the hacker is still consuming resources that can slow down server operations.
For now I add their IP address to a blacklist and if found the next time I send them to a blank page. But these subsequent hacking attempts still uses server resources - sometimes it is 10,000 such attempts in a single day.
I know that the router can stop them from accessing server resources if the IP is entered into a IP Group.
I'd like to automatically add these IP addresses to the IP Group, or configure the router to access the list. Can ER605 be configured automatically by code? Maybe the ER605 is the wrong product for my need.
Suggestions on what product allows automated blacklist management or how to use ER605 more effectively is what I am seeking answers about.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @JoeStanton
Thanks for posting in our business forum.
There is no automation to block an IP address that has probed you. We don't support scripts either.
From what you described, I think what you need is a service from providers like Cloudflare to stop the bots from accessing your network and taking up the resources. Give the cloud protection a try and see if they can offer a reasonable solution for you to stop such a behavior.
IDS/IPS is a feature that can block geo-IP addresses but it may not work well for your situation. It needs to be tested to know if you can filter the location of subnets of them.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Hi @JoeStanton
Thanks for posting in our business forum.
There is no automation to block an IP address that has probed you. We don't support scripts either.
From what you described, I think what you need is a service from providers like Cloudflare to stop the bots from accessing your network and taking up the resources. Give the cloud protection a try and see if they can offer a reasonable solution for you to stop such a behavior.
IDS/IPS is a feature that can block geo-IP addresses but it may not work well for your situation. It needs to be tested to know if you can filter the location of subnets of them.
- Copy Link
- Report Inappropriate Content
@JoeStanton Thanks for the replies! Does the Omada Pro G36 allow such IP management? E.g. some sort of API to add IP's.
- Copy Link
- Report Inappropriate Content
Hi @JoeStanton
Thanks for posting in our business forum.
JoeStanton wrote
@JoeStanton Thanks for the replies! Does the Omada Pro G36 allow such IP management? E.g. some sort of API to add IP's.
Omada Pro is not a part of the technical support on the forum, phone, or email. As for now, there is no public entrance in support of it. The entrance for the Omada Pro tech support would only be your dedicated agent assigned to take care of your cases.
And, Omada Pro is not open to regular customers without a contract and bulk order.
- Copy Link
- Report Inappropriate Content
having a similar, though much less extreme version of this, playing whack-a-mole with thousands of VPN login attempts per day, rather than add IPs to a blocklist, what i simply did was create a "Location Group" of every country but my home country, added it to 3 ACLs that were:
Block - Location Group > Wan In > My_Wan_IP_Group
Block - Location Group > Wan In > Me (this blocks all router access)
Block - Location Group > Wan In > IPGROUP_ANY
This three prong approcach basically reduced VPN login attempts, port scans and such to almost zero, just one or two a week now, if that.
- Copy Link
- Report Inappropriate Content
You want to set clear guidelines, just like outlining steps in a tutorial, to keep things fair and fun.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 558
Replies: 6
Voters 0
No one has voted for it yet.