Tech Blog - Recently notice one of my home servers running Linux CentOS's SSH port is being attacked using Bruteforce almost nonstop daily, and a lot of the attack are coming from China and Russia, one IP logged 15445 brute force attempt on my SSH port, anyway I found a list of IP off at wizcraft which has various Asia/Asian countries IP that are known offenders, and I apply it to my servers IPtable, I wrote a simple PHP script to read the list and apply the list in one go.All you need to do is replaced the /etc/script/blockip2 to your own IP list you want to block and run the script, the script will run the command "iptables -A INPUT -s offendingip -j DROP" and apply the rules that will drop all incomming connection from sources on your IP block list, this is not the most efficient way of doing this but its a good start :)
The IP list(blockip2) file format is, no extra line space and no letters.
-----Sample format----
58.17.0.0/16------- End ----------------
58.20.0.0/16
58.21.0.0/16
58.22.0.0/15
58.34.0.0/16
58.37.0.0/16
58.38.0.0/16
58.56.0.0/15
58.58.0.0/16
58.59.0.0/17
To view your applied iptables rules
$ iptables -L
-nL for non reverse lookup
$ iptables -nL
To Flush your iptables rules
$ iptables -F
Hope this help.
Check out other pages:
0 comments:
Post a Comment