[BlueOnyx:11662] Re: Blocking connections by IP address

[Chuck Tetlow]

The manual add is easy.

At the command line as root, use:
iptables -I acctin 1 -s x.x.x.x -j DROP (replacing the x.x.x.x with the originating/offending IP)

If you see connections coming from more than one IP in the same network, add a /24 to the back of the IP to block that entire 24-bit network.

But remember, this is in memory only.  As soon as your BX server is rebooted, you add a site, delete a site, or change a IP - that manual firewall addition is gone.  Its a good method to temporarily block a IP or group of IPs that is hacking on you.  Because as soon as they can't get through any more - they'll move on.  But this isn't permanent.

Chuck

---------- Original Message -----------
From: "Richard Morgan" <richard at morgan-web.co.uk> 
To: "BlueOnyx General Mailing List" <blueonyx at blueonyx.it> 
Sent: Mon, 5 Nov 2012 21:51:01 -0000 
Subject: [BlueOnyx:11661]  Blocking connections by IP address

> Our server is being sent loads of POP3 login requests.  They're slow (about 6s apart) and not really causing a problem, but I was under the impression the server would block these once the volume go to above 60 failed log in's within one hour.
>  
> Nov  5 15:28:21 vps1 dovecot: pop3-login: Aborted login (auth failed, 1 attempts): user=<lexus>, method=PLAIN, rip=95.211.132.81, lip=[xx.our.ip.xx]
>  
> So, two questions...
>  
> Is there anyway to tweak the configuration so these are blocked automatically?  The GUI says the IP is blocked, but new connections are still appearing in the log.
>  
> Alternatively, is there any way I can add the offending IP address to a blacklist manually?
>  
> Many thanks indeed.
------- End of Original Message -------
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20121105/1f60e402/attachment.html>