Furthermore, not all countries blockages are accepted by the sys-firewall, there are some problems that have to be fixed beforehand.

@aaPanel_Jose:

Suggestion! Connect the sys firewall and geoip under one tab. Write Config in such a way that both get the DB from one source (folder) and can access it at the same time. Furthermore, the IP and the entire IP range are queried, which can then be blocked using a button, but which the user can decide for himself whether only the individual IP (Geoip is blocked or the entire network of the IP operator). Then integrate the NGINX firewall into the whole. Because on the one hand it is very confusing, and I also think that everything does not work together so harmoniously.

A good approach can be found here: https://gist.github.com/Pandry/21fc0e30abbfd0579ec69c491b99a446

as I said, just an approach!

In addition, the purchased DB from https://www.ipdeny.com/ are outdated and have not been maintained since 2014.

    CQT
    I checked the installation script, it just visits a url on aapanel, then aapanel gets the client ip and records it

    I tried to enable HTTPS for the requested URL. Can you help me see if there are any attacks after normal installation?

    In addition, you only need to allow server access, *.aapanel.com *.bt.cn, all functions of the panel can work

        aaPanel_Jose What are we still getting from *.bt.cn? There is no way to move that stuff off of them and onto somewhere else?

            gacott
            The domain name of our software download node is download.bt.cn, and there are other nodes in

            /www/server/panel/data/node.json

            • CQT replied to this.

                aaPanel_Jose hello two minutes after the installation the attacks started, not with the ips from node.json, but from the same network operator. We left out the proxy and firewall to see if anything changes and nothing changes. So we can assume that the download requests at the node will be used to track and record the IPS. you have to make sure that the node from bt.cn can no longer be used, we are already trying to load the stuff from the node, but are currently facing problems with it, we had to host the whole thing ourselves, so one clean installation would be possible! So everything that is necessary from the node must be cleaned on another server and first. otherwise aaPanel cannot become what you / your want to achieve. It would also be an absolute risk since all server clients would be contaminated by customers.

                    aaPanel_Jose the api to the node is a problem, as long as you cannot pull the download without the api, you are dependent on the node and as long as the ips can be tracked.

                    the user who creates here via the db: INSERT INTO users (id, username,password, login_ip,login_time, phone,email) VALUES
                    (1, 'admin', '21232f297a57a5a743894a0e4a801fc3', '192.168.0.10', '2016-12-10 15:12:56', 0, '287962566@qq.com');

                    Many of the attacks come from the same, namely from Guangdong Communication Co.Ltd. ASN 9808

                    All attacks are conducted via our own proxy servers or others, but ultimately from the regions of BT.CN and Shenzhen Tencent Computer Systems Company Limited ASN 45090

                    backlinks like libList.conf :: "help": "http://www.bt.cn/bbs",
                    it is very helpful to prepare such attacks, because they alone provide enough information about which ip the panel is installed on.

                        CQT Great info, this is what I was getting at and thought something like this was going on. IMO, if we (as a community) want to see this become a successful panel, we need to disengage this from bt. Also, yeah I think this very well may be how they are getting in.

                        CQT the user who creates here via the db: INSERT INTO users (id, username,password, login_ip,login_time, phone,email) VALUES
                        (1, 'admin', '21232f297a57a5a743894a0e4a801fc3', '192.168.0.10', '2016-12-10 15:12:56', 0, '[287962566@qq.com](mailto:287962566@qq.com)');

                              still waiting for response! I have use aapanel on several VPS and everything is OK! Aso I use the Chinese Version BT Panel. ..

                              Baidu is NO1 SE company in China so I think someone is using their IP as bridge to attacke

                              or maybe it's Baidu's spider ? try to ban the Baidu's spider in the robots.txt

                                waikey It would be a SUPER aggressive spider. Blocking in robots.txt will do nothing, these are attacks on ports.

                                  waikey We don't want to come to China and data protection now, it doesn't matter which company comes from. China has never been a country that values data protection. That's why I don't put everyone under general suspicion, but I trust state-owned companies like my ex-wife. Not directly related to aaPanel, but to NO1 SE. Everyone knows that everything and that is spied on and I also know a little bit about the politics of China. According to this sentence, I would be a dead man in China.

                                      aapanel_user WTF are you talking about? I'm trying to help make a better panel, HERE! Why are you talking about forking it? Is there something wrong about contributing to this project? Do I have to fork and start my own to contribute?

                                        CQT you clearly dont know what you are talking about. I lived and visit China several times per year so your affirmations are not accurate at all. I am sorry thats not correct.

                                        China offers several business and services, we cannot state and talk about politics on a webhosting control panel forum, makes no sense at all. Let's keep it to the topic.

                                        • CQT replied to this.

                                            TheWormsUnited you're right politics has no business here. I will hold back in this regard in the future.
                                            We all want the same thing, that aaPanel gets better and spreads more

                                              aaPanel_Jose Glad to hear that we are currently merging the firewall and Fail2ban so that there is only one tab left.

                                                a month later

                                                With good reason I also have attack problems in some VPS, I suspected it and changed the panel, How good that they separate from bt.cn.

                                                4 months later

                                                Dear all . I am a new user to private VPS and found aaPanel to install. I came across this thread by CQT who posts some very valid points. Now I am happy with the service of aaPanel. BUT.... I had to block the whole of China IP due to massive attacks on ssh port 22 ( f2ban was reporting 50,000+ attempts in 48hrs)

                                                Basically has the link to a new install of aaPanel opening up your server IP address being 'smeared' hence attacked been proved or not?

                                                Do I just accept this is the 'game' of server admin ... this is a 2nd hand IP address and is now exposed anyway.

                                                CQT / gacott did u continue with aaPanel ?

                                                  a month later

                                                  @cib3r can you tell us what setting you put on your f2ban?

                                                  thank you

                                                  Connect with us: 📨 Telegram 💬 Discord Email: support@aapanel.com