aaPanel_Jose What are we still getting from *.bt.cn? There is no way to move that stuff off of them and onto somewhere else?

    gacott
    The domain name of our software download node is download.bt.cn, and there are other nodes in

    /www/server/panel/data/node.json

    • CQT replied to this.

      aaPanel_Jose hello two minutes after the installation the attacks started, not with the ips from node.json, but from the same network operator. We left out the proxy and firewall to see if anything changes and nothing changes. So we can assume that the download requests at the node will be used to track and record the IPS. you have to make sure that the node from bt.cn can no longer be used, we are already trying to load the stuff from the node, but are currently facing problems with it, we had to host the whole thing ourselves, so one clean installation would be possible! So everything that is necessary from the node must be cleaned on another server and first. otherwise aaPanel cannot become what you / your want to achieve. It would also be an absolute risk since all server clients would be contaminated by customers.

        aaPanel_Jose the api to the node is a problem, as long as you cannot pull the download without the api, you are dependent on the node and as long as the ips can be tracked.

        the user who creates here via the db: INSERT INTO users (id, username,password, login_ip,login_time, phone,email) VALUES
        (1, 'admin', '21232f297a57a5a743894a0e4a801fc3', '192.168.0.10', '2016-12-10 15:12:56', 0, '287962566@qq.com');

        Many of the attacks come from the same, namely from Guangdong Communication Co.Ltd. ASN 9808

        All attacks are conducted via our own proxy servers or others, but ultimately from the regions of BT.CN and Shenzhen Tencent Computer Systems Company Limited ASN 45090

        backlinks like libList.conf :: "help": "http://www.bt.cn/bbs",
        it is very helpful to prepare such attacks, because they alone provide enough information about which ip the panel is installed on.

          CQT Great info, this is what I was getting at and thought something like this was going on. IMO, if we (as a community) want to see this become a successful panel, we need to disengage this from bt. Also, yeah I think this very well may be how they are getting in.

          CQT the user who creates here via the db: INSERT INTO users (id, username,password, login_ip,login_time, phone,email) VALUES
          (1, 'admin', '21232f297a57a5a743894a0e4a801fc3', '192.168.0.10', '2016-12-10 15:12:56', 0, '[287962566@qq.com](mailto:287962566@qq.com)');

            still waiting for response! I have use aapanel on several VPS and everything is OK! Aso I use the Chinese Version BT Panel. ..

            Baidu is NO1 SE company in China so I think someone is using their IP as bridge to attacke

            or maybe it's Baidu's spider ? try to ban the Baidu's spider in the robots.txt

              waikey It would be a SUPER aggressive spider. Blocking in robots.txt will do nothing, these are attacks on ports.

              waikey We don't want to come to China and data protection now, it doesn't matter which company comes from. China has never been a country that values data protection. That's why I don't put everyone under general suspicion, but I trust state-owned companies like my ex-wife. Not directly related to aaPanel, but to NO1 SE. Everyone knows that everything and that is spied on and I also know a little bit about the politics of China. According to this sentence, I would be a dead man in China.

                aapanel_user WTF are you talking about? I'm trying to help make a better panel, HERE! Why are you talking about forking it? Is there something wrong about contributing to this project? Do I have to fork and start my own to contribute?

                CQT you clearly dont know what you are talking about. I lived and visit China several times per year so your affirmations are not accurate at all. I am sorry thats not correct.

                China offers several business and services, we cannot state and talk about politics on a webhosting control panel forum, makes no sense at all. Let's keep it to the topic.

                • CQT replied to this.

                  TheWormsUnited you're right politics has no business here. I will hold back in this regard in the future.
                  We all want the same thing, that aaPanel gets better and spreads more

                  aaPanel_Jose Glad to hear that we are currently merging the firewall and Fail2ban so that there is only one tab left.

                  a month later

                  With good reason I also have attack problems in some VPS, I suspected it and changed the panel, How good that they separate from bt.cn.

                  4 months later

                  Dear all . I am a new user to private VPS and found aaPanel to install. I came across this thread by CQT who posts some very valid points. Now I am happy with the service of aaPanel. BUT.... I had to block the whole of China IP due to massive attacks on ssh port 22 ( f2ban was reporting 50,000+ attempts in 48hrs)

                  Basically has the link to a new install of aaPanel opening up your server IP address being 'smeared' hence attacked been proved or not?

                  Do I just accept this is the 'game' of server admin ... this is a 2nd hand IP address and is now exposed anyway.

                  CQT / gacott did u continue with aaPanel ?

                    a month later

                    @cib3r can you tell us what setting you put on your f2ban?

                    thank you

                    4 days later

                    CQT
                    106.12.0.0 - 106.13.255.255 this seems to be China's search engine Baidu crawler robot.