Block IP address from connecting to server using iptables

To block IP address from connecting to server, i use iptables.

this morning, i noticed some idiot trying to log into my server over and over, and so a quick iptables line will kick them off (until they change their IP and try again of course).

[code]
/sbin/iptables -I INPUT -s 74.63.223.222 -j DROP
[/code]

Easy. They will now get a connection refused, or nothing at all.

Here is the log (maillog) that i was viewing when i noticed:

[code gutter=”false”]
Nov 13 10:41:01 stus pop3d: IMAP connect from @ [::ffff:74.63.223.222]checkmailpasswd: FAILED: site2 – short names not allowed from @ [::ffff:74.63.223.222]ERR: LOGIN FAILED, ip=[::ffff:74.63.223.222]
Nov 13 10:41:01 stus pop3d: LOGOUT, ip=[::ffff:74.63.223.222]
Nov 13 10:41:02 stus pop3d: Connection, ip=[::ffff:74.63.223.222]
Nov 13 10:41:02 stus pop3d: IMAP connect from @ [::ffff:74.63.223.222]checkmailpasswd: FAILED: pamela – short names not allowed from @ [::ffff:74.63.223.222]ERR: LOGIN FAILED, ip=[::ffff:74.63.223.222]
Nov 13 10:41:02 stus pop3d: LOGOUT, ip=[::ffff:74.63.223.222]
Nov 13 10:41:04 stus pop3d: Connection, ip=[::ffff:74.63.223.222]
Nov 13 10:41:07 stus pop3d: IMAP connect from @ [::ffff:74.63.223.222]checkmailpasswd: FAILED: site2 – short names not allowed from @ [::ffff:74.63.223.222]ERR: LOGIN FAILED, ip=[::ffff:74.63.223.222]
Nov 13 10:41:07 stus pop3d: LOGOUT, ip=[::ffff:74.63.223.222]
Nov 13 10:41:08 stus pop3d: Connection, ip=[::ffff:74.63.223.222]
Nov 13 10:41:09 stus pop3d: IMAP connect from @ [::ffff:74.63.223.222]checkmailpasswd: FAILED: pamela – short names not allowed from @ [::ffff:74.63.223.222]ERR: LOGIN FAILED, ip=[::ffff:74.63.223.222]
Nov 13 10:41:09 stus pop3d: LOGOUT, ip=[::ffff:74.63.223.222]
Nov 13 10:41:10 stus pop3d: Connection, ip=[::ffff:74.63.223.222]
Nov 13 10:41:14 stus pop3d: IMAP connect from @ [::ffff:74.63.223.222]checkmailpasswd: FAILED: site2 – short names not allowed from @ [::ffff:74.63.223.222]ERR: LOGIN FAILED, ip=[::ffff:74.63.223.222]
Nov 13 10:41:14 stus pop3d: LOGOUT, ip=[::ffff:74.63.223.222]
Nov 13 10:41:14 stus pop3d: Connection, ip=[::ffff:74.63.223.222]
Nov 13 10:41:16 stus pop3d: IMAP connect from @ [::ffff:74.63.223.222]checkmailpasswd: FAILED: pamela – short names not allowed from @ [::ffff:74.63.223.222]ERR: LOGIN FAILED, ip=[::ffff:74.63.223.222]
Nov 13 10:41:16 stus pop3d: LOGOUT, ip=[::ffff:74.63.223.222]
Nov 13 10:41:17 stus pop3d: Connection, ip=[::ffff:74.63.223.222]
Nov 13 10:41:20 stus pop3d: IMAP connect from @ [::ffff:74.63.223.222]checkmailpasswd: FAILED: site2 – short names not allowed from @ [::ffff:74.63.223.222]ERR: LOGIN FAILED, ip=[::ffff:74.63.223.222]
Nov 13 10:41:20 stus pop3d: LOGOUT, ip=[::ffff:74.63.223.222]
Nov 13 10:41:20 stus pop3d: Connection, ip=[::ffff:74.63.223.222]
Nov 13 10:41:22 stus pop3d: IMAP connect from @ [::ffff:74.63.223.222]checkmailpasswd: FAILED: pamela – short names not allowed from @ [::ffff:74.63.223.222]ERR: LOGIN FAILED, ip=[::ffff:74.63.223.222]
[/code]

The loser on the end of 74.63.223.222 has been blocked of course.




No Comments


No comments yet.



Leave a Reply

Your email address will not be published. Required fields are marked *