[CentOS] Simple way to banish IP addresses ?
amos.shapira at gmail.com
Mon Oct 12 21:20:03 UTC 2009
There is an iptables geoip module to allow you to specify countries. I
never used it thought.
The advantage of denyhosts is that it not only bans addresses but also
shares banned hosts with a network of a few thousands of installations
(an opt-in option), so you are not on your own.
Moving ssh to a none standard port is the best thing you can do under
the circumstances you describe, IMHO.
Another option might be to tar-pit attackers (using iptables) - that
way you can slow down their traffic so hopefully they'll eat less of
On 10/10/09, Toby Bluhm <tkb at alltechmedusa.com> wrote:
> Toby Bluhm wrote:
>> Niki Kovacs wrote:
>>> I just set up a web server... and my bandwidth is being eaten by some
>>> chinese folks trying to brute-force-ssh their way into the machine.
>>> Is there a simple way to banish either single IP addresses or, maybe
>>> even better, whole IP classes ? I know it's feasible with iptables, but
>>> is there something more easily configurable ?
>> Try fail2ban from rpmforge.
> Also, if you're using the standard fw that ships with centos, you can
> stop entire blocks of IPs by manually inserting rules after iptables starts:
> iptables -I RH-Firewall-1-INPUT 1 -s 220.127.116.11/24 -p tcp --dport 22 -j DROP
> IP ranges by country:
> The IP ranges will change from time to time, so you have to check often.
> You could script in a download from
> http://www.countryipblocks.net/continents/ to keep it current.
> Like someone said, if you have to keep ssh open to the world, changing
> the port number will dramatically cut down on the attempts.
> CentOS mailing list
> CentOS at centos.org
More information about the CentOS