Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Steve Lewis on November 23, 2002, 01:42:46 AM

Title: blocking IP block...
Post by: Steve Lewis on November 23, 2002, 01:42:46 AM

Hello,

I continue to get SPAM and CODE RED hits from several block of IP from China. I would like to block those.

What is the best, easiest, most effective way to make the block of IPs "disappear" so to speak.

Steve Lewis

Title: Re: blocking IP block...
Post by: Nathan Fowler on November 23, 2002, 05:31:20 AM

/sbin/ipchains -A input -p tcp --dport 80 --source / -j DENY -i

Add it to your /etc/rc.d/rc.local to keep these settings on reboot.

Title: Re: blocking IP block...
Post by: Steve Lewis on November 23, 2002, 06:34:42 AM

Thank you, I will give this a whirl.

Steve Lewis

Title: Re: blocking IP block...
Post by: Benny Andersen on November 23, 2002, 08:25:37 AM

Hi
Just a note, we had a similar problem so we ran a program called blockchains it seemd simple enough to install and is effective.

Title: Re: blocking IP block...
Post by: Richard Swann on November 24, 2002, 03:06:14 PM

Hi,

Blockchains sounds interesting but a search on google finds nothing resembling it - do you have a url for it?

Richard Swann

Title: Re: blocking IP block...
Post by: Luis A. Navas on November 27, 2002, 10:35:42 PM

try to use SNORT with ACID, this feature works blocking IP that can try to vulnerable the system.

Sorry for my bad english