Search found 221 matches

by eliassal
2020-03-06 18:02
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

OK, tell me how did you hard code so I will test again and see if this will happen again? in php pages?
by eliassal
2020-03-06 14:59
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

Hard coding 0 results in successful rendering.

Well I don't know, mu indicator is that once there was 1 IP banned, gauge showed somehting
I can't say why neither
by eliassal
2020-03-06 14:56
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

What scripts do you do that you need to AUTH via SMTP (or IMAP or POP3)?? For the time being, it is Database Mail service in sql server, he only sends so no POP no IMAP. It is on a 2nd Vlan not the vlan where SQL server is I have also powershell scripts, other services email like jenkins server.......
by eliassal
2020-03-06 12:47
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

Nothing scientific. I wanted the red/yellow line to be 100%. I could have assigned the query to be 100% and then multiplied that by 1.2 I think I have discovered a bug. This morning, after all scripts run, all gauges displayed nothing as follows (which caught my attention). http://82.225.56.11/gaug...
by eliassal
2020-03-05 23:46
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

Use port 587 with starttls set to OPTIONAL.
I did but outlook client was not able to connect, switched back to ssl/tls
by eliassal
2020-03-05 23:29
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

Here you go the config settings 2020-03-05 Hmailserver: 5.6.6-B2383 DOMAINS "Domain1.com" - prxxxxxxxxxxx.saxxx.net Enabled: True SIGNATURE LIMITS DKIM ADVANCED Enabled: False Max size: 0 Enabled: False Max message size: 0 Plus addressing: False Max size of accounts: 0 Greylisting: False "Domain2.co...
by eliassal
2020-03-05 21:13
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

Use port 587 with starttls set to OPTIONAL. I really have no idea what starttls is :lol: , are there steps to follow as TLS and creating certificates Is the sql server in your LAN or outside? If inside, encryption is not really necessary unless you put your unsecured open wifi on the same subnet, w...
by eliassal
2020-03-05 19:45
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

I have port 25 and 465 open and DisableAUTHList=25. My users use 465 (SSL) to send and I receive (external-to-local) on port 25. I am trying to follow your recommendation and try to make all internal users use port 465 or 587 with a Certificate. The account I use to configure outlook works fine and...
by eliassal
2020-03-04 21:44
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

Because there are two for each dial: today's data and max data

the other 2 diq...don't the issue of group by
by eliassal
2020-03-04 21:12
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

max IPs added in a single day = 8 x 1.2 = 9.6 rounded to nearest 10 = 10 max IPs blocked in a single day = 11 x 1.2 = 13.2 rounded to nearest 10 = 10 max total blocks in a single day = ~ 5900 x 1.2 = 7080 rounded to nearest 1000 = 7000 another question, what is the reason you chose to divide by 1.2...
by eliassal
2020-03-04 21:03
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

because your charts show the correct dates
Ok understand, got it
by eliassal
2020-03-04 19:54
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

Because javascript month format is 0-11, not 1-12. but in sql this is returning data as 2months earlier earlier as follows and an error in the last 3 records as they are in March not Februray SELECT CAST(timestamp AS DATE) AS daily, FORMAT(CAST(timestamp AS DATE), 'yyyy', 'en-US') AS year, (FORMAT(C...
by eliassal
2020-03-04 19:49
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

Because there are two for each dial: today's data and max data
Where, in which files other the ones I mentioned?
by eliassal
2020-03-04 19:30
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

Tell me Palinka, why in hmsUpdateChartTables.ps1 in
# Hits Per Day Combined
and
# Block Frequency
you subtract 1 from the month statement

Code: Select all

($( DBFormatDate (DBCastDateTimeFieldAsDate 'timestamp') '%c') - 1) AS month,
by eliassal
2020-03-04 19:04
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

OK got it, thanks. Yes data are up-to-date As sql does not accept aliases in a GRoup by for the queries I replaced "daily" by CAST(timestamp AS DATE) as follows //Get guage max $sql = $pdo->prepare(" SELECT ROUND(((COUNT(DISTINCT(ipaddress))) * 1.2), -1) AS dailymax, ".DBCastDateTimeFieldAsDate('tim...
by eliassal
2020-03-04 18:14
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

I replaced GROUP BY daily by CAST(timestamp AS DATE) everywhere I have the 3 gauges but with strange visuel snapshot hereunder, Of cours I ran the updatechart powershell. http://salam.hd.free.fr/gauge_004.jpg Here is the results in chrome <script type="text/javascript"> google.charts.load('current',...
by eliassal
2020-03-04 17:45
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

show me a screenshot of your chart for IPs added/blocked.
Image
by eliassal
2020-03-04 17:41
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

Why did you round to decimal? -1 rounds to nearest 10.......
No it is 1m that was a test in sql
by eliassal
2020-03-04 17:39
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

its likely that you didn't run hmsUpdateChartTables.ps I have run it so many times Just saw this in the log several timesm again this is a query that sql cant run Exception calling "Fill" with "2" argument(s): "Invalid column name 'daily'." Exception calling "Fill" with "2" argument(s): "Invalid co...
by eliassal
2020-03-04 15:39
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

Something else happened, an IP just banned today (1st 1), Refreshed the page, 1st gauge displayed something very strange http://salam.hd.free.fr/gauge_002.jpg here is what I see in Chrome <script type="text/javascript"> google.charts.load('current', {'packages':['gauge']}); google.charts.setOnLoadCa...
by eliassal
2020-03-04 15:21
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

There is a big issue in dialtodayhits.php The following does not work in sql serverm if you remember I already mentioned this and was fixed in some pages; in sql we cant use an alias in the group by keyword SELECT ROUND(((COUNT(DISTINCT(ipaddress))) * 1.2), -1) AS dailymax, CAST(timestamp AS DATE) A...
by eliassal
2020-03-04 15:01
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

Fixed and merged. I udpated my site this morning, (I will post a 2nd thread regarding an issue with 1st gauge and sql server right after this one which I fixed temporarily), couple of things. can you please confirm that the 3rd dial gauge "Total Blocks" get its data inside the page dialtodayblocks.p...
by eliassal
2020-03-03 16:39
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

More confusion :D Okm but if hackers always scan for open portsm if today you prevent port 25 they will switch to the other ports no? Also I have a couple of users from outside my networkm so would it be 25 or other port hackers will figure it out 1 day or another if i am not mistaken I thought of s...
by eliassal
2020-03-03 15:35
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

See link above . I saw the link I noticed the lines DisableAUTHList=25,587 ; Comma delimited list of SMTP ports to disable AUTH EHLO response banner & command ; Default if not defined is SMTP AUTH enabled on all SMTP ports ; NOTE: Disables AUTH Plain as well. ; Particularly effective on blocking al...
by eliassal
2020-03-03 15:31
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

I'll fix that later today.
Ok, I will wait for your update then download the new version tonight
by eliassal
2020-03-03 11:14
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

also, you can configure port 25 to disable AUTH

in which part / where I can do this?
by eliassal
2020-03-03 11:12
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

Download everything * Create index on timestamp in hm_fwban_rh I noticed that you have added a variable $GeoIPDatabase = array ( 'use_geoip' => 'false', 'dbtype' => 'mysql', 'host' => 'localhost', 'username' => 'geoip', 'password' => 'supersecretpassword', 'dbname' => 'geoip', 'driver' => 'mysql', ...
by eliassal
2020-03-01 20:50
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

Ok in this case I should change the
"^(US)$"
by
"^(FR)$"

2nd, even port 25, it needs user and password, I don't where is the difference except the other posts I configured to used certificates
by eliassal
2020-03-01 18:35
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

I have just noticed that you check for port 25 as follows If (oClient.Port = 25) Then ' ALLOWED COUNTRIES - Port 25 only... Check Alpha-2 Code here -> https://en.wikipedia.org/wiki/ISO_3166-1 strBase = "^(US|CA|AT|BE|CH|CZ|DE|DK|ES|FI|FR|GB|GL|GR|HR|HU|IE|IS|IT|LI|MC|NL|NO|PL|PT|RO|RS|SE|SI|SK|SM|AU...
by eliassal
2020-03-01 18:27
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

I have If IsInSpamHausZEN(oClient.IPAddress) this in the Sub OnHELO(oClient) as well as IsInSpamHausDBL(oClient.HELO) Only Now can you please tell me why they have different arguments? one receives the IP the 2nd an object? As I said earlier, I did not go through the vbs, when are they called?, for ...
by eliassal
2020-03-01 15:39
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

Yeh, really nice, as usual goog work Palinka, I will do. Question in Ban reasons section, I see in your demo 15,329 hits for GeoIP. 2,367 hits for Spamhaus. 556 hits for Manual. 464 hits for Dyn-PTR. 392 hits for No-PTR. 199 hits for HELO-Inv. ....... ..... I have only IDS in my site. Are those filt...
by eliassal
2020-03-01 14:32
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

Hello Palinka, how are you? I think there is something wrong in the page repeats-IP.php, lines 53, 56, 82 and 85 The date format should be 'Y-m-d' http://prodwebserver/PHPBanAdmin/repeats-ip-day.php?submit=Search&[b]date=2020[/b]/02/25&repeatIP=45.142.195.6 not '%y/%m/%d' http://prodwebserver/PHPBan...
by eliassal
2020-02-23 20:15
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

But RemRuleIP expects 1 IP and rule.txt file is hard coded "$PSScriptRoot\fwrulelist.txt" which is different from the logic inside hmsConsolidateRules, so both needs modification. In fact I am following the same logic - Getting all banned IPs ofr February each time - insert them in the file....rule....
by eliassal
2020-02-22 21:22
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

By the way Palinka, in Config.php, I kept $SMTPPort = 587 # $SSL = 'True' In hMailServer, On IP/port 587, I have configured a certificate that I have generated which works fine with my outlook. When I send an email from the powershell script on the machine itself, I get a timeout in Powershell and t...
by eliassal
2020-02-22 19:50
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

Great and good work. Well in order not to clutter the firwall, for the time being, I have updated the script to enter ips per month but I faced the problem of existing IPs in a rule get removed when I use the "SET" keyword (I was not aware of that) & netsh advfirewall firewall set rule name="$RuleNa...
by eliassal
2020-02-21 21:20
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

Palinka, this was just a quick and dirty code in order to make my environment do 1 rule /month. I will look at your recommendations. I have just used
$ErrorActionPreference = 'SilentlyContinue'
to get rid of the non-terminating error produced by Get-NetFirewallRule

Thanks for the hint
by eliassal
2020-02-21 19:31
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

Here is the code that is not yet finished (I am not using this limit and Rows variables $BanDate = (Get-Date).AddDays(-1).ToString("yyyy-MM") $RegexName = '^hMS\sFWBan\s202[0-9]\-[0-9]{2}\-[0-9]{2}(_[0-9]{1,3})?\.csv$' $RegexIP = '(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-...
by eliassal
2020-02-21 19:27
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

Sorry, 1 Rule per month
by eliassal
2020-02-21 14:28
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

According to this thread and another one, 1000 IPs maybe a good compromise
https://superuser.com/questions/802355/ ... 534#804534
by eliassal
2020-02-21 14:24
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

Let me see, a rule per day is too much and will not be easy to manage. On my side, I will check also on the limits
by eliassal
2020-02-21 11:11
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

Also maybe this evening, I will share a new version of hmsConsolidateRules.ps1.
The new vesrion will
- create 1 rule per month
add all IPs of everyday in this rule

So the name will be for ex 2020-02, 2020-03......

There will be a check if the rule exists so ip will be added
by eliassal
2020-02-21 11:07
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

I replaced all files in www, yeh very well done, nice, yes now this tool can suggested to all hMailServer Users.

I think next week I will fork and start separating sql statements in 2 different files, one for sql one for mysql. I might need a small help regarding the functions
by eliassal
2020-02-20 15:39
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

I forgot to tell about 1 note I have noted earlier, Please also update the script for the creation of the hm_fwban table (it gets created with 1) BEGIN CREATE TABLE hm_fwban ( ID int IDENTITY(1,1) NOT NULL PRIMARY KEY, ipaddress varchar NOT NULL, timestamp datetime NOT NULL, ban_reason varchar(192) ...
by eliassal
2020-02-20 13:15
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

You should replace all powershell files (except config.ps1) and all php files (except config.php).
I did it is working fine for the moment
by eliassal
2020-02-20 00:46
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

Palinka, I have an issue with the 1st graph, it displays the number of ips correctly but the date is 1 month in advance. You can see a snapshot at http://salam.hd.free.fr/combined.jpg If I am not mistaken, it is this query that populates it which returns 18 February, 4 ipperday but the graph says Ma...
by eliassal
2020-02-19 22:58
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

Try this and tell me if it fits in your script. Please note that I commented the 1st order by as it is not needed SELECT a.week_beginning, a.year, a.month, a.day, a.ipperweek, b.blockperweek FROM ( SELECT DATEADD(ww, DATEDIFF(ww,0,timestamp), 0) AS week_beginning, year(CAST(DATEADD(ww, DATEDIFF(ww,0...
by eliassal
2020-02-19 21:53
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

Very quickly, Does the following meets your expectation SELECT DATEADD(ww, DATEDIFF(ww,0,GETDATE()), 0) AS week_beginning, year(CAST(DATEADD(ww, DATEDIFF(ww,0,GETDATE()), 0) AS DATE)) AS [Year], month(CAST(DATEADD(ww, DATEDIFF(ww,0,GETDATE()), 0) AS DATE)) AS [Month], day(CAST(DATEADD(ww, DATEDIFF(w...
by eliassal
2020-02-19 21:37
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

Hello Palinka, just came back home, I will look on both tomorrow
by eliassal
2020-02-19 10:33
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

FROM_DAYS(TO_DAYS(timestamp) -MOD(TO_DAYS(timestamp) -1, 7)) AS week_beginning, DATE_FORMAT(FROM_DAYS(TO_DAYS(timestamp) -MOD(TO_DAYS(timestamp) -1, 7)), '%Y') AS year, (DATE_FORMAT(FROM_DAYS(TO_DAYS(timestamp) -MOD(TO_DAYS(timestamp) -1, 7)), '%c') - 1) AS month, Can you share for each statement th...
by eliassal
2020-02-19 10:26
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

And since you're a mssql guru, sql code

Sure I will look at it either this evening or tomorrow morning. Currently out of office. I looked quickly at your query, it is just a question of replacing mysql functions
by eliassal
2020-02-19 10:23
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

I just pushed a bug fix commit to GitHub. Sorry for late response as I went to bed early yesterday as I have meetings the whole day today. Oh my god, I spent à lot of time yesterday updating some small things but it took some time. Can you tell me what was the update, then I will give it a go.I wil...
by eliassal
2020-02-18 21:11
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

Run hmsConsolidateRules.ps1 at 12:01 am daily. Before scheduling, I debugged this file, I was sure that there was no record was entered yesterday and the query returned nothing by the code continued 400 loops even though there were no record to export to csv file, so it created 400 empty csv file Mo...
by eliassal
2020-02-18 20:24
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

Ok I will do. I was browsing the index source as one of the sql statements caujhgt my attention as it seemed to me is not returning any result SELECT DBFormatDate(DBCastDateTimeFieldAsDate('MIN(lasttimestamp)'), '%M %D, %Y')." AS mindate, COUNT(ipaddress) AS countip, SUM(hits) AS counthits FROM hm_f...
by eliassal
2020-02-18 19:38
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

Ok got it, still I need your help for this question
Last question , I still have rule created for each IP, I thought that new version allows grouping of IPs, am I right, if yes, how this can be done?
by eliassal
2020-02-18 18:45
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

I agree and the tool is working perfectly and as I said earlier, very good ideas behind it useful for any serious admin, I really congratulate you for the work you have done. I completely agree with you when things start small very basic for 1 need then starts to grow step by step.... I am not so ve...
by eliassal
2020-02-18 17:41
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

Its worth mentioning that it might be a good idea to start a new github with last version and start maybe making the code more robust from sql perspective instead of IFs everywhere. Forexample, thinking loudly, using a session flag in PS or the we, put sql code in file and mysql code in another file...
by eliassal
2020-02-18 17:36
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

Wonderful, can you share them please? By the way, when you develop your vbs scripts, do you ghave a function or routine to log some messages? I have done this long time ago and can search in my archives but if you have one so I can right away incoporate in the events vbs as I would like to log from ...
by eliassal
2020-02-18 16:28
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

That was on search.php, also on repeats-view.php I get the same thing 7 IPs repeatedly dropped at firewall matching "2020-02". (Page: 1 of 1) Last Hit IP Address Reason Country FB 20-02-18 10:53:40 92.154.95.236 IDS France 1 20-02-18 10:40:05 185.36.81.78 IDS Republic of Lithuania 1 20-02-17 18:18:3...
by eliassal
2020-02-18 16:25
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

So you're able to search months in repeats-view.php by clicking a link under "This Year's Monthly Blocks:"? On the index page when I hit the link "3 hits so far this month" under "This Year's Monthly Hits: ", Yes I get Results for search term "2020-02": 3 Hits (Page: 1 of 1) Timestamp IP Address Re...
by eliassal
2020-02-18 16:14
Forum: General discussions
Topic: Block IPs
Replies: 265
Views: 61793

Re: Block IPs

There's an issue with that. Maybe you can suggest a solution. Some links on repeats.php send date=YYYY-DD only, which is to search repeats-view.php by month. This works fine in MySQL but I think maybe that would error out in sqlsrv? Can you try it? Go to repeats.php and click one of the "This Year'...