mysqlstudent at gmail.com
Wed Nov 2 00:07:49 UTC 2011
>> Yes, I've implemented iptables to drop the attempts. I was really just
>> curious if it was a specific attack with a known pattern so I could
>> investigate further. fail2ban is great for things like this.
> Do you have an example of the iptables entry which does the block?
Yes, quite easy. Just doing it manually for now:
# Create the LOGDROP chain
iptables -N LOGDROP
iptables -F LOGDROP
iptables -A LOGDROP -j LOG --log-prefix "LOGDROP "
iptables -A LOGDROP -j DROP
iptables -j LOGDROP -I INPUT -s <offending_ip> -d <my_ip> -p tcp --dport 80
This will log each attempt to syslog, or just replace the LOGDROP in
the last rule with DROP to avoid the logging.
More information about the users