Hacking attacks with and through aaPanel
So, I did a little test. I just moved that exact same box to another IP. I removed all websites from it, and just let it sit there with the new IP. Less than 24 hours later, it's being attacked.
God, I hate to say it, as I have had a guy working on something SUPER cool for this for over a week now, but until this is figured out, this panel is unusable for us. We can't have IPs keep getting shut down because they are under constant attack.
gacott Something tells them where these installations are located! And I'm talking about that all the time. As long as that is, I cannot expect this panel from my customers and servers. We had so much to do with it. Well then don't stop. Letting all installations run only via the proxy server, this will soon be down and I don't want that either.
Okay, OVH was looking over logs, my box was also being used to carry out attacks. LITERALLY the panel was the only thing installed. Nobody else had access, passwords were good.
- Edited
I think it may be that the SESSION ID of the panel is set to a special value, which is easy to be scanned to the feature. We will deal with this in the next update.
In addition, the data we have collected will no longer be synchronized to bt.cn, I think it should not be caused by this problem
gacott
In addition, on your server where only the panel is installed, whether the default port of the panel has been changed and whether the ssh port has been changed. Is the sshroot password strong enough?
I also know for a fact that sometimes, in what so called "old ip's" with several years and installations and owners, sometimes the IP's are blacklisted and/or flagged. Some hosting providers use the same IP address and hand it over to other clients. They basically format the machine and give the same machine to others, this means that the past history may follow you everywhere despite what you do with the machine, not saying this is the case in the post, but its a pretty good addon to the topic.
aaPanel_Jose all ports have been changed including SSH, FTP, MySql
and so on, in addition, the password is so strong that it cannot actually be hacked with a supercomputer in 30 years, furthermore we have secured all logins and synchronizations with a certificate. We experimented with another server (aaPanel) installation and let this run from the beginning via a proxy (install.sh). So far not a single attack !!
At what point are the IPs tracked?
- Edited
These are the main Ips from which the attacks originate, we should compare them to get closer to the matter. If possible all posts here then we can spear them in the next update right from the start.
"IP","Domain","Country","Region","City","ISP","ASN","Lat","Long","CNAME"
"106.12.215.244","","China","","","Beijing Baidu Netcom Science and Technology Co., Ltd.","38365","34,7725","113,7266",""
"111.229.78.120","","China","","","Shenzhen Tencent Computer Systems Company Limited","45090","34,7725","113,7266",""
"112.35.62.225","","China","","","Guangdong Mobile Communication Co.Ltd.","9808","34,7725","113,7266",""
"14.142.143.138","14.142.143.138.static-Mumbai.vsnl.net.in","India","Madhya Pradesh","Indore","TATA Communications formerly VSNL is Leading ISP","4755","22,7163","75,8316",""
"152.136.141.254","","China","","","Shenzhen Tencent Computer Systems Company Limited","45090","34,7725","113,7266",""
"186.215.235.9","186.215.235.9.static.gvt.net.br","Brazil","Rio de Janeiro","Rio de Janeiro","TELEFONICA BRASIL S.A","18881","-22,9201","-43,3307",""
"222.186.180.130","","China","","","AS Number for CHINANET jiangsu province backbone","23650","34,7725","113,7266",""
"222.186.31.127","","China","","","AS Number for CHINANET jiangsu province backbone","23650","34,7725","113,7266",""
"49.235.87.213","","China","","","Shenzhen Tencent Computer Systems Company Limited","45090","34,7725","113,7266",""
"222.186.30.35","","China","","","AS Number for CHINANET jiangsu province backbone","23650","34,7725","113,7266",""
"144.172.79.5","","United States","","","Boomer LTD","62203","37,751","-97,822",""
"222.186.15.62","","China","","","AS Number for CHINANET jiangsu province backbone","23650","34,7725","113,7266",""
"182.252.133.70","","South Korea","","","purplestones","38661","37,5112","126,9741",""
"109.244.101.169","","China","","","Shenzhen Tencent Computer Systems Company Limited","45090","34,7725","113,7266",""
"61.177.172.102","","China","Shanghai","Shanghai","Chinanet","4134","31,0449","121,4012",""
"139.215.217.181","181.217.215.139.adsl-pool.jlccptt.net.cn","China","Jilin","Changchun","CHINA UNICOM China169 Backbone","4837","43,88","125,3228",""
"106.53.19.186","","China","","","Shenzhen Tencent Computer Systems Company Limited","45090","34,7725","113,7266",""
"106.124.141.108","","China","","","CHINATELECOM Xinjiang Wulumuqi MAN network","137695","34,7725","113,7266",""
"222.186.30.57","","China","","","AS Number for CHINANET jiangsu province backbone","23650","34,7725","113,7266",""
"109.115.187.31","","Italy","Monza Brianza","Desio","Vodafone Italia S.p.A.","30722","45,614","9,1976",""
"222.186.180.142","","China","","","AS Number for CHINANET jiangsu province backbone","23650","34,7725","113,7266",""
"222.186.42.7","","China","","","AS Number for CHINANET jiangsu province backbone","23650","34,7725","113,7266",""
"222.186.190.14","","China","","","AS Number for CHINANET jiangsu province backbone","23650","34,7725","113,7266",""
"119.18.194.168","","China","","","IDC, China Telecommunications Corporation","23724","34,7725","113,7266",""
"36.111.171.108","","China","","","Cloud Computing Corporation","58519","34,7725","113,7266",""
"218.92.0.220","","China","Jiangsu","Xinpu","Chinanet","4134","34,5997","119,1594",""
"222.186.42.136","","China","","","AS Number for CHINANET jiangsu province backbone","23650","34,7725","113,7266",""
"222.186.31.83","","China","","","AS Number for CHINANET jiangsu province backbone","23650","34,7725","113,7266",""
"112.17.184.171","","China","Zhejiang","Hangzhou","China Mobile communications corporation","56041","30,294","120,1619",""
"193.70.12.219","ns3061461.ip-193-70-12.eu","France","","","OVH SAS","16276","48,8582","2,3387",""
"93.146.233.226","net-93-146-233-226.cust.vodafonedsl.it","Italy","Milan","Milan","Vodafone Italia S.p.A.","30722","45,4707","9,1889",""
"218.92.0.215","","China","Jiangsu","Xinpu","Chinanet","4134","34,5997","119,1594",""
"94.172.225.26","94-172-225-26.dynamic.chello.pl","Poland","Mazovia","Warsaw","Liberty Global B.V.","6830","52,2088","21,0053",""
"222.186.30.112","","China","","","AS Number for CHINANET jiangsu province backbone","23650","34,7725","113,7266",""
"222.186.42.155","","China","","","AS Number for CHINANET jiangsu province backbone","23650","34,7725","113,7266",""
"218.92.0.219","","China","Jiangsu","Xinpu","Chinanet","4134","34,5997","119,1594",""
"222.186.30.76","","China","","","AS Number for CHINANET jiangsu province backbone","23650","34,7725","113,7266",""
"111.229.176.206","","China","","","Shenzhen Tencent Computer Systems Company Limited","45090","34,7725","113,7266",""
"218.92.0.221","","China","Jiangsu","Xinpu","Chinanet","4134","34,5997","119,1594",""
"216.83.45.162","","United States","","","BGPNET Global ASN","64050","37,751","-97,822",""
"218.92.0.223","","China","Jiangsu","Xinpu","Chinanet","4134","34,5997","119,1594",""
"222.186.42.137","","China","","","AS Number for CHINANET jiangsu province backbone","23650","34,7725","113,7266",""
"222.186.15.115","","China","","","AS Number for CHINANET jiangsu province backbone","23650","34,7725","113,7266",""
"218.255.86.106","static.reserve.wtt.net.hk","Hong Kong","Tuen Mun","Tuen Mun","HKBN Enterprise Solutions HK Limited","9381","22,4","113,9833",""
"115.78.4.219","","Vietnam","Ho Chi Minh","Ho Chi Minh City","Viettel Group","7552","10,8142","106,6438",""
"222.186.31.166","","China","","","AS Number for CHINANET jiangsu province backbone","23650","34,7725","113,7266",""
"181.30.99.114","114-99-30-181.fibertel.com.ar","Argentina","Buenos Aires F.D.","Buenos Aires","Telecom Argentina S.A.","10481","-34,6021","-58,3845",""
"117.50.8.61","","China","","","China Unicom Beijing Province Network","4808","34,7725","113,7266",""
"186.147.129.110","static-ip-186147129110.cable.net.co","Colombia","Departamento del Valle del Cauca","Santiago de Cali","Telmex Colombia S.A.","10620","3,4384","-76,5232",""
"222.186.30.167","","China","","","AS Number for CHINANET jiangsu province backbone","23650","34,7725","113,7266",""
"51.178.55.92","92.ip-51-178-55.eu","France","","","OVH SAS","16276","48,8582","2,3387",""
"124.30.44.214","firewallgoa.unichemlabs.com","India","","","Sify Limited","9583","20,0063","77,006",""
"220.78.28.68","","South Korea","Gyeonggi-do","Seongnam-si","Korea Telecom","4766","37,4388","127,1396",""
"144.172.79.7","","United States","","","Boomer LTD","62203","37,751","-97,822",""
"58.246.94.230","","China","Shanghai","Shanghai","China Unicom Shanghai network","17621","31,0449","121,4012",""
"218.92.0.216","","China","Jiangsu","Xinpu","Chinanet","4134","34,5997","119,1594",""
"37.49.224.39","","Estonia","","","Vitox Telecom","199264","59","26",""
"85.209.0.103","","Russia","","","Chernyshov Aleksandr Aleksandrovich","202984","55,7386","37,6068",""
"50.70.229.239","S0106105611a4b7a2.wp.shawcable.net","Canada","Manitoba","Winnipeg","SHAW","6327","49,9192","-97,1263",""
"112.35.57.139","","China","","","Guangdong Mobile Communication Co.Ltd.","9808","34,7725","113,7266",""
"82.118.236.186","","Bulgaria","Sofia-Capital","Sofia","Belcloud LTD","44901","42,683","23,3175",""
"118.89.69.159","","China","","","Shenzhen Tencent Computer Systems Company Limited","45090","34,7725","113,7266",""
"144.172.73.41","","United States","","","Boomer LTD","62203","37,751","-97,822",""
"168.197.31.14","","Brazil","Para","Abaetetuba","silva souza comercio e servico de informatica ltda","264985","-1,7357","-48,9429",""
"219.250.188.165","","South Korea","Seoul","Seoul","SK Broadband Co Ltd","9318","37,5985","126,9783",""
"222.186.52.39","","China","","","AS Number for CHINANET jiangsu province backbone","23650","34,7725","113,7266",""
"222.186.30.218","","China","","","AS Number for CHINANET jiangsu province backbone","23650","34,7725","113,7266",""
"106.75.13.192","","China","","","China Unicom Beijing Province Network","4808","34,7725","113,7266",""
"45.162.216.10","","Brazil","Ceara","Fortaleza","MR7 TELECOM LTDA - ME","268528","-3,7196","-38,5257",""
"144.172.79.8","","United States","","","Boomer LTD","62203","37,751","-97,822",""
"150.129.67.50","","India","West Bengal","Kolkata","Alliance Broadband Services Pvt. Ltd.","23860","22,5655","88,3653",""
"120.201.125.204","","China","","","China Mobile communications corporation","56044","34,7725","113,7266",""
"119.45.114.87","","China","","","Shenzhen Tencent Computer Systems Company Limited","45090","34,7725","113,7266",""
"223.167.13.128","","China","Shanghai","Shanghai","China Unicom Shanghai network","17621","31,0449","121,4012",""
"49.234.83.240","","China","","","Shenzhen Tencent Computer Systems Company Limited","45090","34,7725","113,7266",""
"114.67.102.106","","China","","","China Telecom (Group)","4812","34,7725","113,7266",""
"122.51.66.219","","China","","","Shenzhen Tencent Computer Systems Company Limited","45090","34,7725","113,7266",""
"207.244.247.192","vmi418530.contaboserver.net","United States","Missouri","St Louis","CONTABO","40021","38,6364","-90,1985",""
"128.199.100.254","","Singapore","","","DIGITALOCEAN-ASN","14061","1,314","103,6839",""
"222.186.15.158","","China","","","AS Number for CHINANET jiangsu province backbone","23650","34,7725","113,7266",""
"144.172.73.40","","United States","","","Boomer LTD","62203","37,751","-97,822",""
"49.234.122.94","","China","","","Shenzhen Tencent Computer Systems Company Limited","45090","34,7725","113,7266",""
"106.124.135.232","","China","","","CHINATELECOM Xinjiang Wulumuqi MAN network","137695","34,7725","113,7266",""
"84.124.204.154","84.124.204.154.dyn.user.ono.com","Spain","Balearic Islands","Palma","Vodafone Ono, S.A.","6739","39,5661","2,6484",""
"154.204.27.249","","Hong Kong","","","ICIDC NETWORK","136800","22,25","114,1667",""
"205.185.115.40",".","United States","California","San Jose","PONYNET","53667","37,3387","-121,8914",""
"180.250.248.169","","Indonesia","East Java","Kediri","PT Telekomunikasi Indonesia","7713","-7,8175","112,019",""
"51.75.171.171","vps-e6d1b82f.vps.ovh.net","United Kingdom","Kingston upon Thames","Surbiton","OVH SAS","16276","51,3878","-0,2945",""
"207.244.247.251","vmi419283.contaboserver.net","United States","Missouri","St Louis","CONTABO","40021","38,6364","-90,1985",""
"37.49.224.65","cf.rootvpn.us","Estonia","","","Vitox Telecom","199264","59","26",""
"121.204.185.106","106.185.204.121.broad.xm.fj.dynamic.163data.com.cn","China","","","Fuzhou","133774","34,7725","113,7266",""
"205.185.123.139","gonazamenal.com","United States","California","San Jose","PONYNET","53667","37,3387","-121,8914",""
"218.94.156.130","","China","Jiangsu","Nanjing","Chinanet","4134","32,0617","118,7778",""
"159.65.158.30","","India","Karnataka","Bengaluru","DIGITALOCEAN-ASN","14061","12,9721","77,5933",""
"1.204.116.48","","China","Guizhou","Guiyang","Chinanet","4134","26,5833","106,7167",""
"107.170.104.125","www.jambcbttest.com","United States","New York","New York","DIGITALOCEAN-ASN","14061","40,7308","-73,9975",""
"203.195.235.135","","China","","","Shenzhen Tencent Computer Systems Company Limited","45090","34,7725","113,7266",""
"49.235.141.203","","China","","","Shenzhen Tencent Computer Systems Company Limited","45090","34,7725","113,7266",""
"114.67.113.78","","China","","","China Telecom (Group)","4812","34,7725","113,7266",""
"106.13.82.54","","China","","","Beijing Baidu Netcom Science and Technology Co., Ltd.","38365","34,7725","113,7266",""
With the ASN we can then stop these spinners
aaPanel_Jose Can you please tell us which IPS have to be whitelisted for aaPanel to work properly, this is very important to me because we are currently writing a module for aaPanel which will lock out the entire ip range and this for all functions and modules.
So for first aid we prepared and exported our firewall rule, which everyone can easily import via the sys firewall:
[{"id": 101, "types": "drop", "address": "106.13.82.54", "brief": "", "addtime": "2020-07-17 18:19:13"}, {"id": 100, "types": "drop", "address": "114.67.113.78", "brief": "", "addtime": "2020-07-17 18:18:59"}, {"id": 99, "types": "drop", "address": "49.235.141.203", "brief": "", "addtime": "2020-07-17 18:18:44"}, {"id": 98, "types": "drop", "address": "203.195.235.135", "brief": "", "addtime": "2020-07-17 18:18:30"}, {"id": 97, "types": "drop", "address": "107.170.104.125", "brief": "", "addtime": "2020-07-17 18:18:14"}, {"id": 96, "types": "drop", "address": "1.204.116.48", "brief": "", "addtime": "2020-07-17 18:17:59"}, {"id": 95, "types": "drop", "address": "159.65.158.30", "brief": "", "addtime": "2020-07-17 18:17:45"}, {"id": 94, "types": "drop", "address": "218.94.156.130", "brief": "", "addtime": "2020-07-17 18:17:31"}, {"id": 93, "types": "drop", "address": "205.185.123.139", "brief": "", "addtime": "2020-07-17 18:17:17"}, {"id": 92, "types": "drop", "address": "121.204.185.106", "brief": "", "addtime": "2020-07-17 18:17:02"}, {"id": 91, "types": "drop", "address": "37.49.224.65", "brief": "", "addtime": "2020-07-17 18:16:49"}, {"id": 90, "types": "drop", "address": "207.244.247.251", "brief": "", "addtime": "2020-07-17 18:15:24"}, {"id": 89, "types": "drop", "address": "51.75.171.171", "brief": "", "addtime": "2020-07-17 18:15:10"}, {"id": 88, "types": "drop", "address": "180.250.248.169", "brief": "", "addtime": "2020-07-17 18:14:55"}, {"id": 87, "types": "drop", "address": "205.185.115.40", "brief": "", "addtime": "2020-07-17 18:14:42"}, {"id": 86, "types": "drop", "address": "154.204.27.249", "brief": "", "addtime": "2020-07-17 18:14:28"}, {"id": 85, "types": "drop", "address": "84.124.204.154", "brief": "", "addtime": "2020-07-17 18:14:14"}, {"id": 84, "types": "drop", "address": "106.124.135.232", "brief": "", "addtime": "2020-07-17 18:14:00"}, {"id": 83, "types": "drop", "address": "49.234.122.94", "brief": "", "addtime": "2020-07-17 18:13:46"}, {"id": 82, "types": "drop", "address": "144.172.73.40", "brief": "", "addtime": "2020-07-17 18:13:30"}, {"id": 81, "types": "drop", "address": "222.186.15.158", "brief": "", "addtime": "2020-07-17 18:13:17"}, {"id": 80, "types": "drop", "address": "128.199.100.254", "brief": "", "addtime": "2020-07-17 18:13:01"}, {"id": 79, "types": "drop", "address": "207.244.247.192", "brief": "", "addtime": "2020-07-17 18:12:47"}, {"id": 78, "types": "drop", "address": "122.51.66.219", "brief": "", "addtime": "2020-07-17 18:12:33"}, {"id": 77, "types": "drop", "address": "114.67.102.106", "brief": "", "addtime": "2020-07-17 18:12:18"}, {"id": 76, "types": "drop", "address": "49.234.83.240", "brief": "", "addtime": "2020-07-17 18:12:03"}, {"id": 75, "types": "drop", "address": "223.167.13.128", "brief": "", "addtime": "2020-07-17 18:11:47"}, {"id": 74, "types": "drop", "address": "119.45.114.87", "brief": "", "addtime": "2020-07-17 18:11:32"}, {"id": 73, "types": "drop", "address": "120.201.125.204", "brief": "", "addtime": "2020-07-17 18:11:19"}, {"id": 72, "types": "drop", "address": "150.129.67.50", "brief": "", "addtime": "2020-07-17 18:11:05"}, {"id": 71, "types": "drop", "address": "144.172.79.8", "brief": "", "addtime": "2020-07-17 18:10:51"}, {"id": 70, "types": "drop", "address": "45.162.216.10", "brief": "", "addtime": "2020-07-17 18:10:36"}, {"id": 69, "types": "drop", "address": "106.75.13.192", "brief": "", "addtime": "2020-07-17 18:10:20"}, {"id": 68, "types": "drop", "address": "222.186.30.218", "brief": "", "addtime": "2020-07-17 18:10:06"}, {"id": 67, "types": "drop", "address": "222.186.52.39", "brief": "", "addtime": "2020-07-17 18:09:52"}, {"id": 66, "types": "drop", "address": "219.250.188.165", "brief": "", "addtime": "2020-07-17 18:09:38"}, {"id": 65, "types": "drop", "address": "168.197.31.14", "brief": "", "addtime": "2020-07-17 18:09:24"}, {"id": 64, "types": "drop", "address": "144.172.73.41", "brief": "", "addtime": "2020-07-17 18:09:10"}, {"id": 63, "types": "drop", "address": "118.89.69.159", "brief": "", "addtime": "2020-07-17 18:08:55"}, {"id": 62, "types": "drop", "address": "82.118.236.186", "brief": "", "addtime": "2020-07-17 18:08:42"}, {"id": 61, "types": "drop", "address": "112.35.57.139", "brief": "", "addtime": "2020-07-17 18:08:28"}, {"id": 60, "types": "drop", "address": "50.70.229.239", "brief": "", "addtime": "2020-07-17 18:08:13"}, {"id": 59, "types": "drop", "address": "85.209.0.103", "brief": "", "addtime": "2020-07-17 18:07:58"}, {"id": 58, "types": "drop", "address": "37.49.224.39", "brief": "", "addtime": "2020-07-17 18:07:40"}, {"id": 57, "types": "drop", "address": "218.92.0.216", "brief": "", "addtime": "2020-07-17 18:07:25"}, {"id": 56, "types": "drop", "address": "58.246.94.230", "brief": "", "addtime": "2020-07-17 18:07:10"}, {"id": 55, "types": "drop", "address": "144.172.79.7", "brief": "", "addtime": "2020-07-17 18:06:56"}, {"id": 54, "types": "drop", "address": "220.78.28.68", "brief": "", "addtime": "2020-07-17 18:06:42"}, {"id": 53, "types": "drop", "address": "124.30.44.214", "brief": "", "addtime": "2020-07-17 18:06:28"}, {"id": 52, "types": "drop", "address": "51.178.55.92", "brief": "", "addtime": "2020-07-17 18:06:14"}, {"id": 51, "types": "drop", "address": "222.186.30.167", "brief": "", "addtime": "2020-07-17 18:05:15"}, {"id": 50, "types": "drop", "address": "186.147.129.110", "brief": "", "addtime": "2020-07-17 18:05:02"}, {"id": 49, "types": "drop", "address": "117.50.8.61", "brief": "", "addtime": "2020-07-17 18:02:00"}, {"id": 48, "types": "drop", "address": "181.30.99.114", "brief": "", "addtime": "2020-07-17 18:01:35"}, {"id": 47, "types": "drop", "address": "222.186.31.166", "brief": "", "addtime": "2020-07-17 18:01:20"}, {"id": 46, "types": "drop", "address": "115.78.4.219", "brief": "", "addtime": "2020-07-17 17:59:43"}, {"id": 45, "types": "drop", "address": "218.255.86.106", "brief": "", "addtime": "2020-07-17 17:59:27"}, {"id": 44, "types": "drop", "address": "222.186.15.115", "brief": "", "addtime": "2020-07-17 17:59:13"}, {"id": 43, "types": "drop", "address": "222.186.42.137", "brief": "", "addtime": "2020-07-17 17:59:00"}, {"id": 42, "types": "drop", "address": "218.92.0.223", "brief": "", "addtime": "2020-07-17 17:58:46"}, {"id": 41, "types": "drop", "address": "216.83.45.162", "brief": "", "addtime": "2020-07-17 17:58:32"}, {"id": 40, "types": "drop", "address": "218.92.0.221", "brief": "", "addtime": "2020-07-17 17:58:18"}, {"id": 39, "types": "drop", "address": "111.229.176.206", "brief": "", "addtime": "2020-07-17 17:53:37"}, {"id": 38, "types": "drop", "address": "222.186.30.76", "brief": "", "addtime": "2020-07-17 17:53:24"}, {"id": 37, "types": "drop", "address": "218.92.0.219", "brief": "", "addtime": "2020-07-17 17:53:05"}, {"id": 36, "types": "drop", "address": "222.186.42.155", "brief": "", "addtime": "2020-07-17 17:52:51"}, {"id": 35, "types": "drop", "address": "222.186.30.112", "brief": "", "addtime": "2020-07-17 17:52:02"}, {"id": 34, "types": "drop", "address": "94.172.225.26", "brief": "", "addtime": "2020-07-17 17:51:49"}, {"id": 33, "types": "drop", "address": "218.92.0.215", "brief": "", "addtime": "2020-07-17 17:51:33"}, {"id": 32, "types": "drop", "address": "93.146.233.226", "brief": "", "addtime": "2020-07-17 17:51:19"}, {"id": 31, "types": "drop", "address": "193.70.12.219", "brief": "", "addtime": "2020-07-17 17:51:05"}, {"id": 30, "types": "drop", "address": "112.17.184.171", "brief": "", "addtime": "2020-07-17 17:50:51"}, {"id": 29, "types": "drop", "address": "222.186.31.83", "brief": "", "addtime": "2020-07-17 17:50:37"}, {"id": 28, "types": "drop", "address": "222.186.42.136", "brief": "", "addtime": "2020-07-17 17:50:22"}, {"id": 27, "types": "drop", "address": "218.92.0.220", "brief": "", "addtime": "2020-07-17 17:50:08"}, {"id": 26, "types": "drop", "address": "36.111.171.108", "brief": "", "addtime": "2020-07-17 17:49:55"}, {"id": 25, "types": "drop", "address": "119.18.194.168", "brief": "", "addtime": "2020-07-17 17:49:42"}, {"id": 24, "types": "drop", "address": "222.186.190.14", "brief": "", "addtime": "2020-07-17 17:49:28"}, {"id": 23, "types": "drop", "address": "222.186.42.7", "brief": "", "addtime": "2020-07-17 17:49:13"}, {"id": 22, "types": "drop", "address": "222.186.180.142", "brief": "", "addtime": "2020-07-17 17:48:59"}, {"id": 21, "types": "drop", "address": "109.115.187.31", "brief": "", "addtime": "2020-07-17 17:48:45"}, {"id": 20, "types": "drop", "address": "222.186.30.57", "brief": "", "addtime": "2020-07-17 17:47:16"}, {"id": 19, "types": "drop", "address": "106.124.141.108", "brief": "", "addtime": "2020-07-17 17:47:02"}, {"id": 18, "types": "drop", "address": "139.215.217.181", "brief": "", "addtime": "2020-07-17 17:44:14"}, {"id": 17, "types": "drop", "address": "61.177.172.102", "brief": "", "addtime": "2020-07-17 17:44:01"}, {"id": 16, "types": "drop", "address": "109.244.101.169", "brief": "", "addtime": "2020-07-17 17:43:46"}, {"id": 15, "types": "drop", "address": "182.252.133.70", "brief": "", "addtime": "2020-07-17 17:43:33"}, {"id": 14, "types": "drop", "address": "222.186.15.62", "brief": "", "addtime": "2020-07-17 17:43:18"}, {"id": 13, "types": "drop", "address": "144.172.79.5", "brief": "", "addtime": "2020-07-17 17:43:04"}, {"id": 12, "types": "drop", "address": "222.186.30.35", "brief": "", "addtime": "2020-07-17 17:42:49"}, {"id": 11, "types": "drop", "address": "222.186.31.127", "brief": "", "addtime": "2020-07-17 17:38:46"}, {"id": 10, "types": "drop", "address": "222.186.180.130", "brief": "", "addtime": "2020-07-17 17:38:31"}, {"id": 9, "types": "drop", "address": "186.215.235.9", "brief": "", "addtime": "2020-07-17 17:38:18"}, {"id": 8, "types": "drop", "address": "152.136.141.254", "brief": "", "addtime": "2020-07-17 17:38:03"}, {"id": 7, "types": "drop", "address": "14.142.143.138", "brief": "", "addtime": "2020-07-17 17:37:48"}, {"id": 6, "types": "drop", "address": "112.35.62.225", "brief": "", "addtime": "2020-07-17 17:37:33"}, {"id": 5, "types": "drop", "address": "111.229.78.120", "brief": "", "addtime": "2020-07-17 17:37:18"}, {"id": 4, "types": "drop", "address": "106.12.215.244", "brief": "", "addtime": "2020-07-17 17:36:57"}, {"id": 3, "types": "drop", "address": "23.129.64.0/24", "brief": "hacking", "addtime": "2020-07-11 11:42:22"}, {"id": 2, "types": "drop", "address": "89.248.168.0-89.248.168.255", "brief": "Hacking", "addtime": "2020-07-10 12:50:58"}, {"id": 1, "types": "drop", "address": "212.70.149.0-212.70.149.255", "brief": "212.70.149.0-212.70.149.255", "addtime": "2020-07-09 18:06:25"}]
So for first aid we prepared and exported our firewall rule, which everyone can easily import via the sys firewall
Copy content as and save as ip.json
and import
aaPanel_Jose Hey man,
Not the default panel port, ssh port is still standard but ssh pass is very strong.
TheWormsUnited I have had all of these IPs for years, probably 5 years at this point now, we have around 500 of them. These same IPs were running a different panel, no issues. So we have some issues with the panel here. Hopefully the next update will solve these.
I / We and my employees are in the process of working something out, but it still takes a little time.
As we can see, the firewall and geoip must still be worked on, before aapanel is installed, a proxy must be set up to run the installation. so the ips can no longer be stretched.
- Edited
Furthermore, not all countries blockages are accepted by the sys-firewall, there are some problems that have to be fixed beforehand.
Suggestion! Connect the sys firewall and geoip under one tab. Write Config in such a way that both get the DB from one source (folder) and can access it at the same time. Furthermore, the IP and the entire IP range are queried, which can then be blocked using a button, but which the user can decide for himself whether only the individual IP (Geoip is blocked or the entire network of the IP operator). Then integrate the NGINX firewall into the whole. Because on the one hand it is very confusing, and I also think that everything does not work together so harmoniously.
A good approach can be found here: https://gist.github.com/Pandry/21fc0e30abbfd0579ec69c491b99a446
as I said, just an approach!
In addition, the purchased DB from https://www.ipdeny.com/ are outdated and have not been maintained since 2014.
CQT
I checked the installation script, it just visits a url on aapanel, then aapanel gets the client ip and records it
I tried to enable HTTPS for the requested URL. Can you help me see if there are any attacks after normal installation?
In addition, you only need to allow server access, *.aapanel.com *.bt.cn, all functions of the panel can work
aaPanel_Jose What are we still getting from *.bt.cn? There is no way to move that stuff off of them and onto somewhere else?
gacott
The domain name of our software download node is download.bt.cn, and there are other nodes in
/www/server/panel/data/node.json
