Recently I got a call from one of my customers complaining about user accounts not able to login to the server. After doing some digging in the event log, I soon discovered that FTP was setup, which they use, and outside people from other countries that were not invited to the server were attempting to access it. These would be countries of Russia, China and more. I decided that the best thing to do is to restrict their IP ranges from hitting the server, thus stopping their attempts. A great list of IP address ranges can be found at http://www.parkansky.com/china.htm
If you are not familiar with IP subnetting, a cheat sheet on subnet’s is available at http://www.oav.net/mirrors/cidr.html
In order to identify who is hitting your server, I use the tools at http://whois.domaintools.com to lookup the IP address that is hitting the server.
Recent Comments