Geekzone: technology news, blogs, forums
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

2985 posts

Uber Geek

#183725 27-Oct-2015 21:32
Send private message

Hi All, hoping someone can shed some light on what I assumed would be a relatively easy task (but has so far proved anything but!)

I need to get some sort of logging of traffic/requests to a server we have setup, it just needs the IP address and Time, nothing terribly fancy. 

The server we've got setup is running on Amazon AWS in Sydney, an EC2 instance. Running on it is the server side Java application for a uni project, a Tomcat server and a MySQL server. It's not a production server for a company or anything, so I'm not really concerned it just obviously isn't great having random people trying to connect. We keep seeing login requests/attempts for the Tomcat server using root, tomcat, admin etc as usernames but it doesn't provide anything useful other than that. 

Was hoping that if we could find the IPs trying to login, I could add them to a rule in the Windows firewall and block them. My original idea was to do it via the EC2 console, but it has a default rule of block every port and IP, where you have to specify addresses/ports to allow. This wouldn't work as the 3 of us in our project team have dynamic IPs at home, so it would be really tricky to keep up with. 

If theres another solution I'm missing I'd really appreciate it :)
This goes a little bit beyond what I was taught in my classes so I'm kind of out of my depth but really want to learn. The only time we went into the firewall settings in class was to turn it off completely, that is not gonna happen obviously.

Thanks in advance!

Filter this topic showing only the reply marked as answer Create new topic

2985 posts

Uber Geek

  #1415158 28-Oct-2015 02:56
Send private message

Whoah what a night.

So, I figured out what I was doing wrong. I was setting up logging for traffic only on domain networks rather than public. And since it's not connected to a domain it wasn't generating any results. Problem solved!

Now for the juicy details about how I stuffed it all up :)


  • Left server running and waited for random to try log in (Figured it's automated because they done 20 attempts in the space of 4 seconds using just 3 usernames, none of which existed). 
  • Checked log, cross referenced the timestamp and got their IP. RESULT!
  • Made a new firewall rule to block all traffic to that IP. Got super confident because I figured out my original problem and just skip through the steps. Hit save, system locks up. Realised the second my mouse stopped moving that I'd never entered the IP address, and must have selected the wrong option and blocked ALL traffic on ANY port including RDP. Since this was hosted on AWS I didn't have access to the server physically, and locked my dumba$$ out.

For future reference incase anyone is as dumb as I was (but highly likely tbh) or I repeat the same mistake tomorrow:



  1. Shutdown instance 1 and detach root volume 1 (through Management Console) or AWS CLI :



    2. Detach:
    3. Attach:


  2. Follow instructions from here:



    1. I found I had to disable the keys mentioned in the guide as well as defaultoutboundrule or something as well, which was set at 1 and wouldn't work until I changed to 0. 



Assuming everything went okay, once you reattach volume 1 to instance 1, everything should be good to go. Now go back to where we were before and setup the firewall rule properly!

Bachelor of Computing Systems (2015)




Late 2013 MacBook Pro with Retina Display (4GB/2.4GHz i5/128GB SSD) - HP DV6 (8GB/2.8GHz i7/120GB SSD + 750GB HDD)
iPhone 6S + (64GB/Gold/Vodafone NZ) - Xperia Z C6603 (16GB/White/Spark NZ)

Sam, Auckland 

8035 posts

Uber Geek


  #1417062 30-Oct-2015 14:54
Send private message

Generally on Linux servers you'd use fail2ban and on Windows servers there are various commercial options (rdpguard, syspeace)

However this free/open source project looks like it will do what you want but you'd have to extend it to read tomcat logs probably.


2985 posts

Uber Geek

  #1417088 30-Oct-2015 15:24
Send private message

Thanks for that, had a look around it and seems like a good solution.

Had another bunch of these attempts yesterday and today, sat down and gave the firewall another go and got it working as I tried before (but this time I didn't block myself :P ). So far it's only been 1 IP, and they keep trying but all the logs I can see show the connection was dropped properly which is great. 

Thanks for the suggestion tho!

Bachelor of Computing Systems (2015)




Late 2013 MacBook Pro with Retina Display (4GB/2.4GHz i5/128GB SSD) - HP DV6 (8GB/2.8GHz i7/120GB SSD + 750GB HDD)
iPhone 6S + (64GB/Gold/Vodafone NZ) - Xperia Z C6603 (16GB/White/Spark NZ)

Sam, Auckland 

956 posts

Ultimate Geek
Inactive user

  #1417092 30-Oct-2015 15:32
Send private message

You're probably fighting a losing battle for minimal gain.

These will just be automated bots trying to find vulnerabilities before being exploited

The best way is to just use a tool like Ragnor has already suggested

Filter this topic showing only the reply marked as answer Create new topic

Twitter and LinkedIn »

Follow us to receive Twitter updates when new discussions are posted in our forums:

Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:

Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:

News »

Withings launches three new devices to help monitor heart health from home
Posted 13-Feb-2020 20:05

Auckland start-up Yourcar matches new car buyers with dealerships
Posted 13-Feb-2020 18:05

School gardens go high tech to teach kids the importance of technology
Posted 13-Feb-2020 11:10

Malwarebytes finds Mac threats outpace Windows for the first time
Posted 13-Feb-2020 08:01

Amazon launches Echo Show 8 in Australia and New Zealand
Posted 8-Feb-2020 20:36

Vodafone New Zealand starts two year partnership with LetsPlay.Live
Posted 28-Jan-2020 11:24

Ring launches indoor-only security camera
Posted 23-Jan-2020 17:26

New report findings will help schools implement the digital technologies curriculum content
Posted 23-Jan-2020 17:25

N4L to upgrade & support wireless internet inside schools
Posted 23-Jan-2020 17:22

Netflix releases 21 Studio Ghibli works
Posted 22-Jan-2020 11:42

Vodafone integrates eSIM into device and wearable roadmap
Posted 17-Jan-2020 09:45

Do you need this camera app? Group investigates privacy implications
Posted 16-Jan-2020 03:30

JBL launches headphones range designed for gaming
Posted 13-Jan-2020 09:59

Withings introduces ScanWatch wearable combining ECG and sleep apnea detection
Posted 9-Jan-2020 18:34

NZ Police releases public app
Posted 8-Jan-2020 11:43

Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.