[CentOS] Simple way to banish IP addresses ?
tkb at alltechmedusa.com
Fri Oct 9 19:01:50 UTC 2009
Toby Bluhm wrote:
> Niki Kovacs wrote:
>> I just set up a web server... and my bandwidth is being eaten by some
>> chinese folks trying to brute-force-ssh their way into the machine.
>> Is there a simple way to banish either single IP addresses or, maybe
>> even better, whole IP classes ? I know it's feasible with iptables, but
>> is there something more easily configurable ?
> Try fail2ban from rpmforge.
Also, if you're using the standard fw that ships with centos, you can
stop entire blocks of IPs by manually inserting rules after iptables starts:
iptables -I RH-Firewall-1-INPUT 1 -s 126.96.36.199/24 -p tcp --dport 22 -j DROP
IP ranges by country:
The IP ranges will change from time to time, so you have to check often.
You could script in a download from
http://www.countryipblocks.net/continents/ to keep it current.
Like someone said, if you have to keep ssh open to the world, changing
the port number will dramatically cut down on the attempts.
More information about the CentOS