[BlueOnyx:05509] Re: getting hammered by this ip 219.237.15.233

[James]

That's strange.  log_traffic has been present on all of my BlueOnyx
installations.  If your /etc/sysconfig/iptables exists and is not
automatically generated (should say in the comments), you could just add the
rule manually.  Of course, that also assumes iptables is set up on your
sever - again something that has been part of all my BlueOnyx servers by
default.

> -----Original Message-----
> From: blueonyx-bounces at blueonyx.it [mailto:blueonyx-
> bounces at blueonyx.it] On Behalf Of Alan Kline
> Sent: Friday, October 01, 2010 11:02 AM
> To: BlueOnyx General Mailing List
> Subject: [BlueOnyx:05508] Re: getting hammered by this ip
> 219.237.15.233
> 
> OK...I see what you're saying, but I don't have anything at all in
> cron.hourly. I'm using dFix to temporarily block intruders, but it
> sounds like what I'm after is a way to have the cron job permanently
> block those IP's...
> 
> Most of my problems lately have been hackers trying to get at my
> phpMyAdmin config files. My .htaccess 403's any such attempt, and I
> then
> go through and add the attacker's subnet to iptables manually, usually
> every day. I'd love to find a way to automate that...
> 
> ak
> 
> On 10/1/2010 9:18 AM, James wrote:
> > The most reliable way I have found to block all traffic, permanently,
> from a
> > specific host is to put iptables rejection rules in
> > /etc/cron.hourly/log_traffic.  In the configfile generation section
> before
> > the -A rules, you can add a line such as:
> >
> > -I INPUT -s<ip address>  -j DROP
> >
> > That cron job regularly updates your firewall rules in
> > /etc/sysconfig/iptables.  You should also be able to mask a subnet in
> a
> > similar fashion to the routing example.
> >
> > James
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at blueonyx.it
> http://www.blueonyx.it/mailman/listinfo/blueonyx