Issues with deny IP Address - iis-7

I have an ongoing issue with my server. I have looked through my IIS records and found an inordinate amount of hits to my site by the same address/Domain. I did my homework and looked this up IP address matches the site shown. It appears that the s-ip is the same along with the CS-Host being the same. The s-ip is all over the place. I am not an admin by any means. I looked up how to ban IP addresses and have put the ip address in as deny. However they are continuing to hit the site. I did this at server level and not just on the domain of my site. It has placed this under every site as well. Is there a possiability that they are spoofing the ip address and the domain? I feel like someone is using this particular domain for spamming. I am scratching my head to why the deny is not working..
The domain that is showing up appears to be parked.
The procedure i have done is going into IIS Manager and added the address to IP and Domain Restrictions.
Mode = Deny Requestor = IPAddress Entry = Local
Any help with this would be great.

Related

Can't access some websites using their IP address

I have windows 10.
To get the IP address of some website I type ping somewebsite.com in cmd.
For example if I say ping google.com, cmd shows Pinging google.com [216.58.206.206] with 32 bytes of data: and some lines after that. If I type that IP provided (216.58.206.206), that gets me to Google.
But some websites aren't like this. For example for website codeforces.com I get 213.248.110.126, but this doesn't get me to the website, instead shows some error 404 Not Found .
Why it doesn't work and what is the best method to get IP addresses of websites in Windows 10?
Thanks.
Some websites cannot be accessed by IP only.
Think for example, a public (free or paid) web hosting, with shared IP. If you doesn't provide a domain name (FQDN), then the server doesn't know what page needs to be served.
Think also on some "public" services, like Azure DevOps. They provide you a FQDN over a microsoft domain, but probably each DevOps repository doesn't have their own IP. If you only provides the IP, then the service doesn't know what page are you requesting.
Also, if you enter to an HTTPS page, the certificate are securing the domain name, not IP address. If you try to enter with IP only, your navigator tells you the page are not secure (Try it with Google for example).

Setting up rDSN in IIS (if this is the right place)

I have a couple of web sites and an hmailserver on my VPS. I recently noticed that comcast, and I guess others, are rejecting email where there is no PTR or rDNS. I can set up the PTR in DNS but not sure about the rDNS. I came across an old blog that shows how to do it in older versions of IIS but I'm not sure if this is the right way or how to do it in IIS-10
Say I have 3 domains
myDomain1.com and MyDomain2.com both use Ip x.x.x.y
and myMailServer.com uses Ip x.x.x.z
DNS for these are all set up on cloudflare. MX records for the MyDomain1 and MyDomain2 both point to mail.MyMailserver.com. I use hmailserver and all this works fine.
Comcast says I need a PTR record which I can set up on Cloudflare, and rDNS which is what I'm asking about.
This blog
http://www.expta.com/2010/01/how-to-enable-reverse-dns-lookup-in-iis.html
shows how to do it in earlier versions of IIS (I am on IIS-10) using IP Address and Domain Restrictions
So my questions are :
1 - if this is not the right way then please redirect me! else
2 - Do I use Allow Entry or Deny Entry?
3 - Do I use the mail domain x.x.x.z for all or the ip assigned in DNS - or both?
4 - do I do this for all domains?
Thanks
You need to go to your VPS provider to check their control panel for the PTR/rDNS setup. Usually all the VPS providers has this functionality in their control panels. If not, then ask them to add a proper PTR record for your IP address pointed to your hostname.
The hostname itself should be with proper A record pointed to the IP address of your VPS server.
Separate PTR record setup should be created for all your IPs.

IIS Website IP Change

So my IIS7 server was hosting an ASP.Net web site with domain xxx-xxx.com with IP yyy.yyy.yyy.yyy.
Few days ago, I changed my ISP, which in result, changed my IP address to zzz.zzz.zzz.zzz.
Obviously the web site is down at the moment.
ping xxx-xxx.com
Results into:
Pinging xxx-xxx.com [yyy.yyy.yyy.yyy] with 32 bytes of data:
Request timed out.
Reply from yyy.yyy.yyy.yyy: Destination host unreachable.
Request timed out.
Reply from yyy.yyy.yyy.yyy: Destination host unreachable.
Ping statistics for yyy.yyy.yyy.yyy:
Packets: Sent = 4, Received = 2, Lost = 2 (50% loss)
As seen above, domain name xxx-xxx.com is still assigned to my old IP address yyy.yyy.yyy.yyy xxx-xxx.com.
According to my friend, and excuse me my ignorance and lacking experience, there's a really simple step I must take in IIS7 in order to get the web site back online, however, I'm not entirely sure how. I tried editing bindings and setting IP address, however that does not work, neither did netsh iplisten add work.
Furthermore, correct me if I'm wrong, but do I need to go to the place domain name was bought from and change assigned IP address?
Here's the command
netsh http add iplisten ipaddress=xxx.xxx.xxx.xxx
It is necessary to restart IIS7 for the change to take affect.

WordPress and BuddyPress SPAM prevention

I am setting up a site using WordPress and buddypress with suffusion theme. All up to date. As per usual I have spammers registering and are banning them as the register. I ban their ip number on the htaccess file.
Then I notice an ip number was actually coming from my hosting company and it so turned out that it is the shared hosting ip number, that my site is on.
So some person is registering, numerous times and the ip number is my shared hosting account ip number. Even thought I banned the number its still registering. I get the ip numbers from wordfence and bp register plugins.
I checked my host web stats on the control panel and it shows 174 vists and 446 hits from that ip number. I have checked the ip number on spam lists sites and it does not appear.
My hosting company, who are normally very good, says,
The IP address: xxxxxxxx is a part of the shared hosting server: (named of host) which your website is hosted on. This is not a bot host or visitor IP address. I assume that either your website has some redirection loop or this is the script a part of your website such as cron script or similar.
There should be no point to block this IP address as this is not an actual visitor on your website.
What does this mean and how do I stop that ip number coming up on some registrations and is my script corrupt.
I don't understand why you think that banning the IP address on your .htaccess file would be the best way to prevent people from registering on your site.
Have you tried using any spam prevention measures besides modding your .htaccess file?
http://premium.wpmudev.org/blog/buddypress-spam/
step 1:
Using IP blocker in cPanel
Most hosting providers also offer the option to block suspicious IP addresses in WordPress. If you prefer this method, you can block suspicious IPs from your hosting account by following these steps:
Log into your hosting account
Go to the cPanel and go to the section called Security.
In this section, there should be an option that allows you to block IPs. On Bluehost, the option is called IP Blocker. Other hosting providers may name it something else.
Step 2:
check your website script maybe these Ip bots are operating from your directory.
check for any malicious code

Users access same domain name, but LAN users point to local IP rather than internet IP

I have a networking question. I've setup my own server. The server is up and running. But I must give people inside my network the server's local IP address for better downspeed, because when my network clients using internet, the server's upspeed is slow.
I think giving ip address to my users is pretty odd and hard to remember. Is there any way to allow a same domain name access the server, where the LAN users access via local ip address (ex: 192.168.1.99) and internet users via a static ip address (ex: 111.111.111.111), but with same domain name?
I've made a flow chart, if you don't fully understand my question.
Users on local network and on the internet type the same domain: example.com
If you can recognise 100%, wheter a user is internal or external (e.g. set up a list with internal user accounts), you can use only the internet site, and redirect internal users to the internal IP address after they logged in. They will use the site thru the internet only before they're not logged in, I think, it's acceptable. Don't forget, when redirecting users from example.com to 192.168.1.99, all the cookies will be "lost", the user's session will be cleared, which thing you have to solve it somehow (say, redirect to the local site with a magic parameter, which re-initializes the session on the 192.168.1.99 server).
It has one withdraw: your users listed as internals can't use the site from other place, say, from home. It can be solved by placing to them (and only to them) a direct link after they logs in ("click here if you're not in the office"), which forces the use of the internet site (example.com), or you can solve it by JavaScript (requesting some data with AJAX from 192.168.1.99, and if it fails, don't redirect the user to 192.168.1.99 - maybe it is a bit more difficult).
Edit, suggested by #glglgl: Check client's IP address to see, wheter the request has been initiated from local network or over internet. (See comments.)

Resources