Solved

Hacking Issue

Posted on 2013-11-27
5
198 Views
Last Modified: 2013-11-27
I have an application server/webserver in a DMS with a public IP address.  Someone is trying to hack my public IP and locking out accounts.  Is there any way I can either block the IP's or block the port from the windows Server 2003 box?  this doesn't run IIS it's tomcat and it's a clustered environment
0
Comment
Question by:WellingtonIS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 15

Accepted Solution

by:
Giovanni Heward earned 500 total points
ID: 39681357
There are several ways to address this, the most effective would be to block the IP address at your hardware firewall.
0
 

Author Comment

by:WellingtonIS
ID: 39681361
Yes that's what I though we are going to have to put one in front of it in the DMZ
0
 
LVL 15

Assisted Solution

by:Giovanni Heward
Giovanni Heward earned 500 total points
ID: 39681367
Yes, in the meantime you could try to contact your ISP to see if they have blocking capability further down the line.  You could also enable a software firewall on your webserver and block from there.

Tomcat supports remote address filters as well.

These are not the ideal solutions ( let your webserver be dedicated to being a web server, and not a firewall, database server, etc.), but will get you by in the meantime.

When you do get a firewall, best practice when creating a DMZ, would be to have the DMZ reside on an isolated private network.  You'd then create port address translations ( 80/TCP, 443/TCP ) from the public-side to the DMZ.  If you need to access the site internally, you could also create PATs from the private-side to the DMZ.

Taking things a step further, consider placing a web application firewall ( WAF ) in front on the webserver in the DMZ.  You could also place a reverse proxy in front of the WAF.  If you have a database backend, you could utilize database activity monitoring (DAM) between the webserver and the database server.
0
 

Author Closing Comment

by:WellingtonIS
ID: 39681433
I'm going to put a firewall in front of the server to stop this. thanks for the suggestions
0
 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 39681456
Great!  Your welcome.  Here's a quick diagram to illustrate my recommended approach.

defense in depth
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question