Solved

Hacking Issue

Posted on 2013-11-27
5
194 Views
Last Modified: 2013-11-27
I have an application server/webserver in a DMS with a public IP address.  Someone is trying to hack my public IP and locking out accounts.  Is there any way I can either block the IP's or block the port from the windows Server 2003 box?  this doesn't run IIS it's tomcat and it's a clustered environment
0
Comment
Question by:WellingtonIS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 15

Accepted Solution

by:
Giovanni Heward earned 500 total points
ID: 39681357
There are several ways to address this, the most effective would be to block the IP address at your hardware firewall.
0
 

Author Comment

by:WellingtonIS
ID: 39681361
Yes that's what I though we are going to have to put one in front of it in the DMZ
0
 
LVL 15

Assisted Solution

by:Giovanni Heward
Giovanni Heward earned 500 total points
ID: 39681367
Yes, in the meantime you could try to contact your ISP to see if they have blocking capability further down the line.  You could also enable a software firewall on your webserver and block from there.

Tomcat supports remote address filters as well.

These are not the ideal solutions ( let your webserver be dedicated to being a web server, and not a firewall, database server, etc.), but will get you by in the meantime.

When you do get a firewall, best practice when creating a DMZ, would be to have the DMZ reside on an isolated private network.  You'd then create port address translations ( 80/TCP, 443/TCP ) from the public-side to the DMZ.  If you need to access the site internally, you could also create PATs from the private-side to the DMZ.

Taking things a step further, consider placing a web application firewall ( WAF ) in front on the webserver in the DMZ.  You could also place a reverse proxy in front of the WAF.  If you have a database backend, you could utilize database activity monitoring (DAM) between the webserver and the database server.
0
 

Author Closing Comment

by:WellingtonIS
ID: 39681433
I'm going to put a firewall in front of the server to stop this. thanks for the suggestions
0
 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 39681456
Great!  Your welcome.  Here's a quick diagram to illustrate my recommended approach.

defense in depth
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question