Eventually I had to deal with that as well. Somebody trying to start DOS attacks on my site. Asking the experts revealed th at the safest way to deal such cases is to use iptables. The command works on the kernel level for any kind of access to your entire web space. To get things started let's suppose that the offending IP address is 192.167.250.1. To block out this address completely enter the following as root.
iptables -A INPUT -s 192.167.250.1 -j DROP
Naturally attacks do not come from just one IP. Their usual sources are entire ISP address blocks so it is much better to block out the entire IP range. The correct syntax for this command is :
iptables -A INPUT -s 192.167.250.0/24 -j DROP
Listing all active iptables rules is performed by the following command.
iptables -L
I will update this post with more info as soon as I 've learned more. For the moment here is a link for more info on the subject
1 comment :
You can also create a script or an alias to automate it like this:
alias block_ip='sudo iptables -A INPUT -j DROP -s '
and use it as:
block_ip NNN.NNN.NNN.NNN
Post a Comment