Business Community > Gateways > Hacker "blacklist" management
< Gateways

Hacker "blacklist" management

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Hacker "blacklist" management

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Hacker "blacklist" management
Hacker "blacklist" management
2024-05-28 15:35:17 - last edited 2024-07-09 01:35:46
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.1.2 Build 20230210 Rel.62992

My network is constantly being probed and resources used by hacker type bots that try and access URL's that do not exist or by submitting forms trying to find XSS vulnerabilties. 

 

All these methods are logged and thwarted by active server code but the hacker is still consuming resources that can slow down server operations. 

 

For now I add their IP address to a blacklist and if found the next time I send them to a blank page.  But these subsequent hacking attempts still uses server resources - sometimes it is 10,000 such attempts in a single day.

 

I know that the router can stop them from accessing server resources if the IP is entered into a IP Group.

 

I'd like to automatically add these IP addresses to the IP Group, or configure the router to access the list.  Can ER605 be configured automatically by code?  Maybe the ER605 is the wrong product for my need. 

 

Suggestions on what product allows automated blacklist management or how to use ER605 more effectively is what I am seeking answers about.

  0      
 
  0      
 
#1
Options
1 Accepted Solution
Re:Hacker "blacklist" management-Solution
2024-05-29 00:57:53 - last edited 2024-05-29 02:01:37

Hi @JoeStanton 

Thanks for posting in our business forum.

There is no automation to block an IP address that has probed you. We don't support scripts either.

From what you described, I think what you need is a service from providers like Cloudflare to stop the bots from accessing your network and taking up the resources. Give the cloud protection a try and see if they can offer a reasonable solution for you to stop such a behavior.

IDS/IPS is a feature that can block geo-IP addresses but it may not work well for your situation. It needs to be tested to know if you can filter the location of subnets of them.

Recommended Solution
  3  
  3  
#3
Options
6 Reply
Re:Hacker "blacklist" management
2024-05-28 16:09:58

  @JoeStanton 

 

You want to consider a high model that has IPS on it.  

I can not teach anyone anything - I can only make them think - Socrates
  2  
  2  
#2
Options
Re:Hacker "blacklist" management-Solution
2024-05-29 00:57:53 - last edited 2024-05-29 02:01:37

Hi @JoeStanton 

Thanks for posting in our business forum.

There is no automation to block an IP address that has probed you. We don't support scripts either.

From what you described, I think what you need is a service from providers like Cloudflare to stop the bots from accessing your network and taking up the resources. Give the cloud protection a try and see if they can offer a reasonable solution for you to stop such a behavior.

IDS/IPS is a feature that can block geo-IP addresses but it may not work well for your situation. It needs to be tested to know if you can filter the location of subnets of them.

Recommended Solution
  3  
  3  
#3
Options
Re:Hacker "blacklist" management
2024-06-04 16:34:21

  @JoeStanton Thanks for the replies!  Does the Omada Pro G36 allow such IP management?  E.g. some sort of API to add IP's.

  0  
  0  
#4
Options
Re:Hacker "blacklist" management
2024-06-05 00:45:57

Hi @JoeStanton 

 

Thanks for posting in our business forum.

JoeStanton wrote

  @JoeStanton Thanks for the replies!  Does the Omada Pro G36 allow such IP management?  E.g. some sort of API to add IP's.

Omada Pro is not a part of the technical support on the forum, phone, or email. As for now, there is no public entrance in support of it. The entrance for the Omada Pro tech support would only be your dedicated agent assigned to take care of your cases.

And, Omada Pro is not open to regular customers without a contract and bulk order.

  1  
  1  
#6
Options
Re:Hacker "blacklist" management
2024-06-06 21:57:25

  @JoeStanton 

 

having a similar, though much less extreme version of this, playing whack-a-mole with thousands of VPN login attempts per day, rather than add IPs to a blocklist, what i simply did was create a "Location Group" of every country but my home country, added it to 3 ACLs that were:

 

Block - Location Group > Wan In > My_Wan_IP_Group

Block - Location Group > Wan In > Me (this blocks all router access)

Block - Location Group > Wan In > IPGROUP_ANY

 

This three prong approcach basically reduced VPN login attempts, port scans and such to almost zero, just one or two a week now, if that.

Main: ER8411 x1, SG3428X x1, SG3452 x1, SG2428LP x1, SG3210 x1, SG2218P x1, SG2008P x3, ES208G x1, EAP650 x6 Remote: ER7206 v2 x1, ER605 v2 x3, SG2008P x2, EAP650 x2, ES205G x1 Controller: OC300
  1  
  1  
#7
Options
Re:Hacker "blacklist" management
2024-07-08 15:55:08 - last edited 2024-07-11 10:07:42

You want to set clear guidelines, just like outlining steps in a tutorial, to keep things fair and fun.

  0  
  0  
#8
Options

Information

Helpful: 0

Views: 1068

Replies: 6

About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.