[CentOS] Simple way to banish IP addresses ?
Toby Bluhm
tkb at alltechmedusa.com
Fri Oct 9 19:01:50 UTC 2009
Toby Bluhm wrote:
> Niki Kovacs wrote:
>> Hi,
>>
>> I just set up a web server... and my bandwidth is being eaten by some
>> chinese folks trying to brute-force-ssh their way into the machine.
>>
>> Is there a simple way to banish either single IP addresses or, maybe
>> even better, whole IP classes ? I know it's feasible with iptables, but
>> is there something more easily configurable ?
>>
>> Cheers,
>>
>
>
> Try fail2ban from rpmforge.
>
>
Also, if you're using the standard fw that ships with centos, you can
stop entire blocks of IPs by manually inserting rules after iptables starts:
iptables -I RH-Firewall-1-INPUT 1 -s 1.2.3.4/24 -p tcp --dport 22 -j DROP
IP ranges by country:
http://www.countryipblocks.net/country-blocks/select-formats/
The IP ranges will change from time to time, so you have to check often.
You could script in a download from
http://www.countryipblocks.net/continents/ to keep it current.
Like someone said, if you have to keep ssh open to the world, changing
the port number will dramatically cut down on the attempts.
--
tkb
More information about the CentOS
mailing list