IP Address Gets Blocked Due to Hacking Attempts

This article applies to Syncrify as well as SynaMan, which have built-in mechanism to detect if someone is trying to connect to the web server with a malicious intent. For example:

  • Trying to connect using invalid passwords
  • Send invalid HTTP requests to determine how the server responds. For example, sending characters that could cause a buffer overflow.

In both cases, the server (Syncrify or SynaMan) will mark the IP address of the connecting client and will prevent that client from performing any task. Whenever an IP address gets blocked due to hacking attempt you may see the following line in the log file:

IP Address: xx.xx.xx.xx blocked due to previous hacking attempts
where xx.xx.xx.xx shows the IP address of the offending client.

Why do I see the IP address of my own router/firewall

A problem arises when you see the IP address of your own router in this log. For example:

IP Address: 192.168.1.1 blocked due to previous hacking attempts

This happens if your router hides the IP address of the actual client connecting from the Internet. Since every client appears to connect from the same IP address, one misbehaving IP address will end up blocking every other client. Click here to see how to fix this problem.

Can I do anything to prevent this in Syncrify?

Since the IP address of the connecting client is read from TCP/IP headers, nothing at the software layer can discover the actual IP address. Therefore, we strongly recommend you configure your router so it does not hide the actual IP.

You can certainly configure Syncrify/SynaMan to ignore the hacking attempts by adding:

block.blacklisted.hacker.ip=false
in server.properties file. However, this is NOT recommended for security reasons.

Navigation

Social Media

Powered by 10MinutesWeb.com