Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Anyone see anything wrong with this iptables string?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Anyone see anything wrong with this iptables string?

DamianDamian Member
edited February 2012 in Help

iptables and I have a storied history together. Especially when things are not working...

Anyone see an issue with this chain?

iptables -I INPUT -p tcp --dport 22 -s 210.51.174.189 -j DROP

Comments

  • Seems correct, if the idea is to block all ssh connections from 210.51.174.189 to the local machine.
    If you are doing it on a VPS node to protect the customers, try -I FORWARD.

  • @rds100 said: If you are doing it on a VPS node to protect the customers, try -I FORWARD.

    Augh, I knew that. That worked. Thanks for rebooting my brain :)

  • Change the SSH port as well, it at least helps to clear up the damn logs.

  • @kalam said: Change the SSH port as well, it at least helps to clear up the damn logs.

    I guess this is about blocking a whole node with several machines from this IP

  • @DotVPS: yeah, one of our /24's was under fire.

  • MaouniqueMaounique Host Rep, Veteran

    That is strange, I have been under same attack at work too. The attacks were coming from 202.x.x.x something but many other IPs as well, argentina, china, etc.
    Havent seen this for some time. Maybe other ppl as well and passes like "jen" are really used...
    M

  • Very common, this happens always

  • @yomero said: Very common, this happens always

    That it is.. I only noticed it because that node was running at a higher load average than normal.

  • Ah! Thanks. I'm not seeing that one yet, but our IPs are on 69.x.x.x and 216.224.x.x, so they must not be far enough up the numbers :)

  • @Damian said: That it is.. I only noticed it because that node was running at a higher load average than normal.

    Yeah, if it is so massive, then it will cause you that issues, since most people runs SSH at the default 22

  • SSH scans are active as they hit 2 of my cPanel boxes but I'm loving the ZERO Wordpress spam since Ubiquity Servers pulled the plug from VirtualSRV

  • DerekDerek Member

    Is this thread about blocking IPs or Wordpress spam?

Sign In or Register to comment.