[BlueOnyx:05508] Re: getting hammered by this ip 219.237.15.233
Alan Kline
alan at snugglebunny.us
Fri Oct 1 10:02:29 -05 2010
OK...I see what you're saying, but I don't have anything at all in
cron.hourly. I'm using dFix to temporarily block intruders, but it
sounds like what I'm after is a way to have the cron job permanently
block those IP's...
Most of my problems lately have been hackers trying to get at my
phpMyAdmin config files. My .htaccess 403's any such attempt, and I then
go through and add the attacker's subnet to iptables manually, usually
every day. I'd love to find a way to automate that...
ak
On 10/1/2010 9:18 AM, James wrote:
> The most reliable way I have found to block all traffic, permanently, from a
> specific host is to put iptables rejection rules in
> /etc/cron.hourly/log_traffic. In the configfile generation section before
> the -A rules, you can add a line such as:
>
> -I INPUT -s<ip address> -j DROP
>
> That cron job regularly updates your firewall rules in
> /etc/sysconfig/iptables. You should also be able to mask a subnet in a
> similar fashion to the routing example.
>
> James
More information about the Blueonyx
mailing list