CSF Chain CC_ALLOW (1 references)
in CSF I see Chain CC_ALLOW (1 references)
with 20,000 plus lines of IP and IP blocks?
I checked some of the ups and they are to flooring website, another is att.com another is noop.net
why so many IP's have I been hacked or is this a CSF IP thing where they added all this in the chain CC_ALLOW
im not to good at this so just want to make sure its not bogus and someone added this to my server CSF CC_ALLOW or this is normal?
example : 45.0.0.0/15
belongs to:
NetRange: 45.0.0.0 - 45.1.255.255
CIDR: 45.0.0.0/15
NetName: SHOWNET
NetHandle: NET-45-0-0-0-1
Parent: NET45 (NET-45-0-0-0-0)
NetType: Direct Assignment
OriginAS: AS290
Organization: Interop Show Network (ISN-4)
RegDate: 1991-09-09
Updated: 2011-10-02
Ref:
-
Chain CC_ALLOW (1 references) num pkts bytes target prot opt in out source destination 1 0 0 ACCEPT all -- * * 2.57.164.0/22 0.0.0.0/0 2 53 3857 ACCEPT all -- * * 3.0.0.0/8 0.0.0.0/0 3 0 0 ACCEPT all -- * * 4.0.0.0/8 0.0.0.0/0 4 0 0 ACCEPT all -- * * 5.35.192.0/21 0.0.0.0/0 5 0 0 ACCEPT all -- * * 5.150.156.0/22 0.0.0.0/0 6 0 0 ACCEPT all -- * * 5.152.184.0/21 0.0.0.0/0 7 0 0 ACCEPT all -- * * 5.188.0.0/21 0.0.0.0/0 8 0 0 ACCEPT all -- * * 5.188.120.0/21 0.0.0.0/0 9 0 0 ACCEPT all -- * * 5.252.164.0/22 0.0.0.0/0 10 0 0 ACCEPT all -- * * 6.0.0.0/7 0.0.0.0/0 11 0 0 ACCEPT all -- * * 8.0.0.0/9 0.0.0.0/0 12 0 0 ACCEPT all -- * * 8.192.0.0/12 0.0.0.0/0 13 0 0 ACCEPT all -- * * 8.224.0.0/11 0.0.0.0/0 14 0 0 ACCEPT all -- * * 9.0.0.0/8 0.0.0.0/0 15 0 0 ACCEPT all -- * * 11.0.0.0/8 0.0.0.0/0 16 16 1867 ACCEPT all -- * * 12.0.0.0/7 0.0.0.0/0 17 0 0 ACCEPT all -- * * 14.102.172.0/22 0.0.0.0/0 18 0 0 ACCEPT all -- * * 15.0.0.0/8 0.0.0.0/0 19 7 570 ACCEPT all -- * * 16.0.0.0/6 0.0.0.0/0 20 0 0 ACCEPT all -- * * 20.0.0.0/7 0.0.0.0/0 21 0 0 ACCEPT all -- * * 22.0.0.0/8 0.0.0.0/00 -
this is under view IPtable rules > Display the active iptables rules if you have an Idea if CSF adds these or is there something fishy going on thanks Spiro 0 -
ok I think I got it figured out. my partner logged in earlier and added to CC_ALLOW US,CA,UK so I removed that from CC_ALLOW and ADD to CC_ALLOW_FILTER instead and added US,CA,UK,GB now it populated more IP's so I guess that is what happened and I had a panic attack, arggggg - so now I understand what happened and where those IP's came from. so a quick question is what is the difference between: ALLOW all when using CC_ALLOW with country codes vs RETURN all when using CC_ALLOW_FILTER with country codes Chain CC_ALLOWF (1 references) num pkts bytes target prot opt in out source destination 1 862 124K ACCEPT all -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 2 0 0 RETURN all -- * * 2.57.164.0/22 0.0.0.0/0 3 106 7757 RETURN all -- * * 3.0.0.0/8 0.0.0.0/0 4 0 0 RETURN all -- * * 4.0.0.0/8 0.0.0.0/0 5 0 0 RETURN all -- * * 5.35.192.0/21 0.0.0.0/0
PS ok It was that anything I added to CC_ALLOW or CC_ALLOW_FILTER would add those countries to the allow list and based on the database that will download to your server, So I opted after reading more to signup for Maxmind which you need to signup to and generate a code, also need to accept the agreement or signup here0 -
Hey hey! If I'm reading this correctly, you found there were country code blocks, and those in turn blocked a large number of IPs on the system. Is that correct? 0 -
Hey hey! If I'm reading this correctly, you found there were country code blocks, and those in turn blocked a large number of IPs on the system. Is that correct?
Hello. Well sort of. I had thought I was hacked. And someone added all these IP blocks to the allow. Then after a couple hours of reading more. I found out these are added because we add country codes to those areas. Then it populates in the CC_ALLOW in CSF. So sorry for the long winded posts. And I got it figured out now :)0
Please sign in to leave a comment.
Comments
5 comments