block IP

**danielldf** · 06-14-2006 12:08 PM

if i see in /var/log/secure for example that some ips are trying to log in in my ssh how can i block these IP?

thankz

**mohit** · 06-14-2006 12:20 PM

best is change the ssh port to a higher value.

see ya,
mohit

**danielldf** · 06-14-2006 12:22 PM

i did that...

but back into my question

if i see in /var/log/secure for example that some ips are trying to log in in my ssh how can i block these IP?

**mohit** · 06-14-2006 12:23 PM

try another port, check if the IP is of a person who know's about your new port.

see ya,
mohit

**rhenderson** · 06-14-2006 01:22 PM

Originally Posted by danielldf

i did that...

but back into my question

I would install apf firewall. Apf uses iptables to block ips. You can then just edit the conf file and block whatever ip's you wish. You can use iptables directly without apf, something like iptables -I INPUT -p tcp -s 00.00.00.00 -j DROP where the 00.00.00.00 is the ip address. You can google iptables blocking ip's and get tons of examples.

You might also look at bfd (Instructions here http://www.webhostgear.com/index.php?art/id:60 ) to auto block Brute force attempts to login.

**IPSecureNetwork** · 06-15-2006 09:54 AM

yeap .. install APF to add ip to the firewall system.
using apf -d ip you will add the ip to the deny list.

if you have freebsd .. you can block the guy with more options. like block the mac adreess of the guy.

but if you use linux.. apf is a good solution.

i recommend you install BFD .. Brute Force Detect ... is a nice tool .. use APF to block ssh fails access..
an excample:--- one guy try to access your SSh server.. and try 3 times.. when the guy try to login the 4 time.. the BFD block the ip guy to access to your box.

**sitekeeper** · 06-15-2006 10:28 AM

I have been using cPanel's Moderator "chirpy" firewall since it's first beta and like it far better then APF + BFD. It is quicker too lock out these things then APF + BFD. It also has a nice and easy to use WHM interface to setup and view logs.

Download: http://www.configserver.com/cp/csf.html

Some more info: http://forums.cpanel.net/showthread....erver+firewall

**djblamire** · 07-16-2006 04:42 PM

Originally Posted by sitekeeper

I have been using cPanel's Moderator "chirpy" firewall since it's first beta and like it far better then APF + BFD. It is quicker too lock out these things then APF + BFD. It also has a nice and easy to use WHM interface to setup and view logs.

Download: http://www.configserver.com/cp/csf.html

Some more info: http://forums.cpanel.net/showthread....erver+firewall

I already use just the BFD (not APF), and would like to try chirpy's firewall.

What is the best way to 'uninstall' BFD before installing this ?

Thanks in advance,
Daniel

**sitekeeper** · 07-16-2006 08:39 PM

This script comes with a tool to remove it, just read the docs....

**djblamire** · 07-30-2006 06:21 AM

So, to uninstall BFD, all I would need to do is:

sh disable_apf_bfd.sh

before installing Chirpy's version ?

Thanks in advance,
Daniel

**chirpy** · 07-30-2006 06:21 AM

Yes, just follow the instructions in the install.txt of csf. You'll also see two options in the WHM > ConfigServer Firewall > page after installation where you can completely remove APF and BFD if you wish.

**djblamire** · 07-30-2006 06:47 AM

Thanks Chirpy

Daniel

LinkBack

Thread Tools

block IP

Firewall

How to block an IP

Block IP

a way to block a certain IP

Block IP

IP Block