Friday, February 26, 2010

IPtables Howto | Block China and Korean IP | Brute Force

Tech Blog - Recently notice one of my home servers running Linux CentOS's SSH port is being attacked using Bruteforce almost nonstop daily, and a lot of the attack are coming from China and Russia, one IP logged 15445 brute force attempt on my SSH port, anyway I found a list of IP off at wizcraft which has various Asia/Asian countries IP that are known offenders, and I apply it to my servers IPtable, I wrote a simple PHP script to read the list and apply the list in one go.

All you need to do is replaced the /etc/script/blockip2 to your own IP list you want to block and run the script, the script will run the command "iptables -A INPUT -s offendingip -j DROP" and apply the rules that will drop all incomming connection from sources on your IP block list, this is not the most efficient way of doing this but its a good start :)











The IP list(blockip2) file format is, no extra line space and no letters.
-----Sample format----
58.17.0.0/16
58.20.0.0/16
58.21.0.0/16
58.22.0.0/15
58.34.0.0/16
58.37.0.0/16
58.38.0.0/16
58.56.0.0/15
58.58.0.0/16
58.59.0.0/17
------- End ----------------

To view your applied iptables rules
$ iptables -L

-nL for non reverse lookup
$ iptables -nL

To Flush your iptables rules
$ iptables -F

Hope this help.


Check out other pages:

No comments:

For suggestion and concerns E-mail