Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Hacking Issue

Posted on 2013-11-27
5
Medium Priority
?
201 Views
Last Modified: 2013-11-27
I have an application server/webserver in a DMS with a public IP address.  Someone is trying to hack my public IP and locking out accounts.  Is there any way I can either block the IP's or block the port from the windows Server 2003 box?  this doesn't run IIS it's tomcat and it's a clustered environment
0
Comment
Question by:WellingtonIS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 15

Accepted Solution

by:
Giovanni Heward earned 2000 total points
ID: 39681357
There are several ways to address this, the most effective would be to block the IP address at your hardware firewall.
0
 

Author Comment

by:WellingtonIS
ID: 39681361
Yes that's what I though we are going to have to put one in front of it in the DMZ
0
 
LVL 15

Assisted Solution

by:Giovanni Heward
Giovanni Heward earned 2000 total points
ID: 39681367
Yes, in the meantime you could try to contact your ISP to see if they have blocking capability further down the line.  You could also enable a software firewall on your webserver and block from there.

Tomcat supports remote address filters as well.

These are not the ideal solutions ( let your webserver be dedicated to being a web server, and not a firewall, database server, etc.), but will get you by in the meantime.

When you do get a firewall, best practice when creating a DMZ, would be to have the DMZ reside on an isolated private network.  You'd then create port address translations ( 80/TCP, 443/TCP ) from the public-side to the DMZ.  If you need to access the site internally, you could also create PATs from the private-side to the DMZ.

Taking things a step further, consider placing a web application firewall ( WAF ) in front on the webserver in the DMZ.  You could also place a reverse proxy in front of the WAF.  If you have a database backend, you could utilize database activity monitoring (DAM) between the webserver and the database server.
0
 

Author Closing Comment

by:WellingtonIS
ID: 39681433
I'm going to put a firewall in front of the server to stop this. thanks for the suggestions
0
 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 39681456
Great!  Your welcome.  Here's a quick diagram to illustrate my recommended approach.

defense in depth
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question