1 Nov
2011
1 Nov
'11
7:07 p.m.
Hi,
Yes, I've implemented iptables to drop the attempts. I was really just curious if it was a specific attack with a known pattern so I could investigate further. fail2ban is great for things like this.
Do you have an example of the iptables entry which does the block?
Yes, quite easy. Just doing it manually for now:
# Create the LOGDROP chain iptables -N LOGDROP iptables -F LOGDROP iptables -A LOGDROP -j LOG --log-prefix "LOGDROP " iptables -A LOGDROP -j DROP
iptables -j LOGDROP -I INPUT -s <offending_ip> -d <my_ip> -p tcp --dport 80
This will log each attempt to syslog, or just replace the LOGDROP in the last rule with DROP to avoid the logging.
Best regards, Alex