Ip addresses that piss me off....

Yeah because command line works. A gui is just another point of failure. That being said when the absolute value of the person (me) using command line is -failure- you don't need a gui to fail. Personally I can do "fail" straight from command line. :-)

But I'm not folding servers anymore so that has got to be a good sign
wink.png
 
EQnoble said:
See you guys are command-line-commandos, I am the water boy...lol

Looking up shorewall as we speak.
Click to expand...
lol ... read my name very carefully
is has a hidden message about me being addicted to something :eek:

edit: Well, for what it's worth, I think this has potential, but I can't accurately report back whether my suggested ipset script with work, or if it is any better or worse as I don't have access to the kernel modules.

Maybe when debian updates (which could be years from now :) )
 
EQnoble said:
If you own one of these ip addresses please address the possibility that you are complicit in helping people to try and ruin my server and or augment my data and possibly making people generally disgusted at your lack of caring.
62.141.36.63 ******* GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1
173.201.44.16 (someone doesn't care about their mail server I suppose.)
109.230.220.219 GET http://209.191.81.94/config/login? HTTP/1.0
109.230.220.219 GET http://66.163.169.186/config/login? HTTP/1.0
173.201.44.16 -- again for 70 pages
Click to expand...

Hey, those are my ip addresses (except for 173.201.44.16, because I do care about my mail server). Can you please refrain from tying up the resources of my servers? They are running like a dog!
 
TerminalAddict said:
lol ... read my name very carefully
is has a hidden message about me being addicted to something :eek:

edit: Well, for what it's worth, I think this has potential, but I can't accurately report back whether my suggested ipset script with work, or if it is any better or worse as I don't have access to the kernel modules.

Maybe when debian updates (which could be years from now :) )
Click to expand...

What version of Debian are you running?
 
Ok,

so packages similar to the following should be available:

xtables-addons-common install
xtables-addons-modules-2.6.32-26-server install
xtables-addons-source install

You use module-assistant to install the kernel modules...
 
Aww :(

The biggest thing to remember is that sets (inside ipset) can store an ip address, an ipaddress plus netmask, an ipaddress plus netmask plus port. This makes it extremely powerful. An example

ipset -N blacklist_ipaddress iphash
ipset -A blacklist_ipaddress 213.221.160.1
ipset -A blacklist_ipaddress 213.221.160.2

in iptables you just have the following:

iptables -A INPUT -m set –set blacklist_ipaddress src -j DROP

You can also create different sets, so as well as having the set blacklist_ipaddress you could also do this at the same time...

ipset -N blacklist_netaddress nethash
ipset -A blacklist_netaddress 213.221.160.0/24
ipset -A blacklist_netaddress 44.10.5.0/16

iptables -A INPUT -m set -set blacklist_netaddress src -j DROP

Or if you want to ban an ip address for a specific length of time:

ipset -N blacklist_tempbans iptree --timeout 86400 (create a set with a default ban time of 24 hours)
ipset -A blacklist_tempbans 213.221.160.1,600 (ban this ip for just 10 minutes)
ipset -A blacklist_tempbans 213.221.160.2 (ban this ip for the set default which is 24 hours)
ipset -A blacklist_tempbans 213.221.160.4,3600 (ban this ip for an hour)

iptables -A INPUT -m set -set blacklist_tempbans src -j DROP
 
Deebs said:
Aww :(

The biggest thing to remember is that sets (inside ipset) can store an ip address, an ipaddress plus netmask, an ipaddress plus netmask plus port. This makes it extremely powerful. An example

ipset -N blacklist_ipaddress iphash
ipset -A blacklist_ipaddress 213.221.160.1
ipset -A blacklist_ipaddress 213.221.160.2

in iptables you just have the following:

iptables -A INPUT -m set –set blacklist_ipaddress src -j DROP

You can also create different sets, so as well as having the set blacklist_ipaddress you could also do this at the same time...

ipset -N blacklist_netaddress nethash
ipset -A blacklist_netaddress 213.221.160.0/24
ipset -A blacklist_netaddress 44.10.5.0/16

iptables -A INPUT -m set -set blacklist_netaddress src -j DROP

Or if you want to ban an ip address for a specific length of time:

ipset -N blacklist_tempbans iptree --timeout 86400 (create a set with a default ban time of 24 hours)
ipset -A blacklist_tempbans 213.221.160.1,600 (ban this ip for just 10 minutes)
ipset -A blacklist_tempbans 213.221.160.2 (ban this ip for the set default which is 24 hours)
ipset -A blacklist_tempbans 213.221.160.4,3600 (ban this ip for an hour)

iptables -A INPUT -m set -set blacklist_tempbans src -j DROP
Click to expand...
I am leaving right now but I have questions related to this....bout to grab some food...ill replace this line with my questions in regard to the quotes :-)
 
I've just recently put this in .htaccess

Code: 
order allow,deny
deny from 64.235.56.224
deny from 217.199.168.117
deny from 74.63.242.243
deny from 217.199.168.117
deny from 212.72.183.210
deny from 217.125.124.143
deny from 91.200.111.2
allow from all

I could add them to iptables but we've set it up to only temporarily block IP's (something to do with DoS attacks).
 

Similar threads

SpecialK
Fixed Moderators can view the "Spam" button under the "Shared IP Addresses" tool, even if they don't have permission to run the spam cleaner
Replies
1
Views
2K
XF Bug Bot
XF Bug Bot
hutt132
  • Question Question
XF 2.1 Xenforo is logging all user's IP addresses as the load balancer's private IP address
Replies
7
Views
3K
alex_s
alex_s
enivid
  • Suggestion Suggestion
Lack of interest Display "More Users" link in IP Addresses list only if there are more users on that IP
Replies
0
Views
955
enivid
enivid
Back
Top Bottom