Skillz wrote:
95.166.108.220
Was recently looking through the logs and it appears this IP address is DDOSing my server for the past 3 months, in what seems to be a rather lame attempt. I believe they might be using some sort of "website mirror" program (HTTrack) to download all the files on the site, but after 31826 total hits this month, 234947 total hits (138 GB, the site only has 61.7 GB of data) last month and 29824 total hits from October, I think foul play might be coming from this user. Either that or they simply don't know how to use the web site copying software correctly; either way it's been banned from my server.
Am not a fond linux user but i know their are bin script [Cron Job] script to ban users who do bruteforce login attampts,
Here it is, maby u can use it somehow?
#!/bin/sh
############################################################
#
# check_brute_force
# Checks for failed logins and blocks IP addresses
#
############################################################
IP=`awk -F\[ :]\ \/login attempt/ {print $(NF-1)}\ /var/log/messages | tail -1`
rc=0
# Do nothing if there is an existing rule for this IP address
if `iptables -L -n | grep $IP > /dev/null 2>&1`; then
exit 0
fi
case $IP in
"") # Do nothing with empty IP
;;
192.168*) # Exclude local LAN
;;
*) # Add rule against intruding IP
iptables -I INPUT -s $IP -j DROP
RC=$?
;;
esac
exit $RC
# EOF
#!/bin/sh
############################################################
#
# show_blocked_ip
#
# Shows explicitly blocked IP addresses
#
############################################################
IP=`iptables -L -n | awk \$4~/[0-9]{1,3}'.[0-9]{1,3}'.[0-9]{1,3}'.[0-9]{1,3}/ && $4!~/0'.0'.0'.0/ && $1~/DROP/ {print $4}\`
if [ "$IP" == "" ]; then
echo "No blocked IP addresses found."
else
echo "Blocked IP addresses:"
for n in $IP; do
echo $n
done
fi
exit 0
# EOF
Login
Register
FAQ
Search
