Here you can find answers to frequently asked questions.

Why GreenSnow? What is the project? How to use it?

The GreenSnow project helps to identify various attacks around the world in order to block them

My IP address is listed on the project and I do not understand why! What can i do?

No problem, we rely on blockages from live server around the world, it may be that you are listed due to a misconfiguration on your computer.

I do not understand the attack TCP_IN

If you are blacklisted for TCP_IN, one of the reason is that you do not use the correct ports in your email software (25,26), FTP (21), SSH (A ask the administrator), HTTP (80) , POP (110) HTTPS (443), MySQL (3306) .

What is a cPanel attack ?

This is due to bad identifiers used on the authentication at a cPanel / WHM or Webmail form, we are recommending that you change them with the password generator utility .

What is a SMTP attack ?

If you have been blacklisted for a SMTP attack, this is due to bad identifiers used for sending your emails (mail client), we recommend that you change the password of your mailbox in your cPanel with the "Email account" option and reconfigure the mail client accounts.

I do not understand the attack pop3d

If you have been blacklisted for POP3 attack, this is due to bad identifiers used for receiving your emails (mail client), we recommend that you change access your mailbox in your cPanel with the "Email Accounts" option and reconfigure the mail client.

I do not understand the attack: modsec

If you have been blacklisted for a modsec attack, this is due to mod_security that blocks HTTP requests that seem to attack the server (SQL Injection, XSS, ...). We advise you to contact your administrator to find out why. This is often due to a bad URLs encoding or parameters in a strange GET / POST passed to the server.

I do not understand the attack IMAP

If you have have been blacklisted for a IMAP attack, this is due to bad identifiers used for receiving your emails (mail client), we recommend that you change the password of your mailbox in your cPanel with the "Email Accounts" option and reconfigure the mail client.

I do not understand the attack: sshd

The SSHD attack is very simple, you tried to access the SFTP or SSHD with identifiers that are not correct, please note that it is often necessary to ask your server administrator to activate the access to the SSH or SFTP service on your account.

I do not understand the attack AUTHRELAY

The AUTHRELAY attack is very simple, you tried to access the SFTP or SSHD with identifiers that are not correct, please note that it is often necessary to ask your server administrator to activate the access to the SSH or SFTP service on your account.

I do not understand the attack PERM

If you have been blacklisted for a PERM attack, you have had more than 5 temporary blocking in a very short duration. System decided to block you permanently.

I do not understand the attack NETWORK

It appears that your IP address was not valid.Do you have the IPFuck software installed on your browser?

I do not understand the attack CT_LIMIT

If you have been blacklisted for a CT_LIMIT attack, this is due to too many connections to the server (often more 1000connexion/min). This is often triggered by a misconfigured FTP client.

I do not understand the attack RDP

RDP (Remote Desktop Protocol) protocol is not enabled on servers such as Linux, there is no need to access this port on a Linux server.

I do not understand the attack RADMIN

The RADMIN protocol is not enabled on the server, there is no need to access the 4899 port on a Linux server.

I do not understand the attack: SIP

SIP voip service is not enabled on the server, there is no need to access the 5060 port on a Linux server.

I do not understand the attack VNC

The VNC remote access service is not enabled on the server, there is no need to access the 5900 port on a Linux server.

I do not understand the attack MSSQL

Servers such as Linux use predominantly MySQL / PostgreSQL / MongoDB and not Microsoft SQL the port 1433 is closed.

I do not understand the attack TELNET

TELNET service and port 23 are mostly off / closed on the new generation servers, we must instead use the SSH protocol which is secure.

I do not understand the attack FTPD

Have you tried to authenticate to an FTP space? It seems that you are not using the right password. We recommend you change your password with the "FTP Accounts" option in your cPanel.

I do not understand the attack FLOOD

The FLOOD attack is an attack or computer you use test the server load by flooding(overloading)

I do not understand the attack htpasswd

Have you tried to authenticate to a limited space? It seems that you are not using the right password. We recommend that you clear the cache / cookies from your browser.

I do not understand the attack ICMP_IN

This attack is all just an abuse of ping.Did you pinged from several different consoles at the same time on the same server?

I do not understand the attack WPBrute

This attack is all simply an abuse of demand on the wp-login.php ou sur /administrator/ Currently we are experiencing a large number of bruteforce attacks on sites hosting the WordPress and Joomla CMS (https://blog.planethoster.net/en/consider-increasing-the-level-of-protection-of-your-cms/) So it is very advisable to put a Captcha and Anti-BruteForce system : https://blog.planethoster.net/protegez-wordpress-cmsprotection/

I do not understand the attack UDP_IN

You are attempting to access a UDP port that is not open, a configuration is wrong on your computer or it is most likely infected.

My IP address is not listed, however I seem block.

GreenSnow is a project that try to be to have the least possible false positive, we rely on the number of attacks, the number of attacked servers, different attacks and the country of the IP. If you are not on the list and you can not successfully ping the server, we recommend that you contact the administrator thereof.

I have a question to ask you directly, how do I contact you ?

We are open to constructive criticism, you want to join us, offer ideas, help us expand this list, thank you for contacting us here: http://greensnow.co/contact.php

I want to use your list on my cPanel server, I have Configserver Security & Firewall but I do not know how to install it ...

Our BlockingList is very easy to use, simply log in WHM >> ConfigServer Security & Firewall >> lfd Blocklist and add this at the end:

# GreenSnow Hack List
# Details: https://greensnow.co
GREENSNOW|3600|0|https://blocklist.greensnow.co/greensnow.txt