[CentOS] Simple way to banish IP addresses ?
Toby Bluhm
tkb at alltechmedusa.comFri Oct 9 19:01:50 UTC 2009
- Previous message: [CentOS] Simple way to banish IP addresses ?
- Next message: [CentOS] Simple way to banish IP addresses ?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Toby Bluhm wrote: > Niki Kovacs wrote: >> Hi, >> >> I just set up a web server... and my bandwidth is being eaten by some >> chinese folks trying to brute-force-ssh their way into the machine. >> >> Is there a simple way to banish either single IP addresses or, maybe >> even better, whole IP classes ? I know it's feasible with iptables, but >> is there something more easily configurable ? >> >> Cheers, >> > > > Try fail2ban from rpmforge. > > Also, if you're using the standard fw that ships with centos, you can stop entire blocks of IPs by manually inserting rules after iptables starts: iptables -I RH-Firewall-1-INPUT 1 -s 1.2.3.4/24 -p tcp --dport 22 -j DROP IP ranges by country: http://www.countryipblocks.net/country-blocks/select-formats/ The IP ranges will change from time to time, so you have to check often. You could script in a download from http://www.countryipblocks.net/continents/ to keep it current. Like someone said, if you have to keep ssh open to the world, changing the port number will dramatically cut down on the attempts. -- tkb
- Previous message: [CentOS] Simple way to banish IP addresses ?
- Next message: [CentOS] Simple way to banish IP addresses ?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list