The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

block traceroute IP?

Discussion in 'E-mail Discussions' started by erfg1234, Dec 16, 2014.

  1. erfg1234

    erfg1234 Registered

    Joined:
    Dec 12, 2014
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Cape Coral, Florida, United States
    cPanel Access Level:
    DataCenter Provider
    Sometimes there will be several IP addresses that spam my server, and it seems that most of them are coming from 1 source, but will slowly hit my server over time. Is there any way to block an IP coming from a traceroute?

    For example, this morning I got some spam from this IP. I trace route it and find that it's coming once again from domain.co.uk They do not have a website where I can report these IPs, so can I just use iptables or some other command to block 64.79.xx.xxx (domain.co.uk)?

    Code:
    >tracert 74.122.192.247
    
    Tracing route to Chi.domaintoo.com [74.122.xxx.xx]
    over a maximum of 30 hops:
    
    [MY TRACEROUTE OUT HERE]
      8    45 ms    45 ms    47 ms  be-7922-ar01.elmhurst.il.chicago.comcast.net [68
    .86.xx.xx]
      9    44 ms    47 ms    44 ms  te-0-7-0-7-sur01.beechgrove.in.indiana.comcast.n
    et [68.86.xxx.xx]
     10    44 ms    44 ms    44 ms  xx-xxx-150-242-static.hfc.comcastbusiness.net [5
    0.205.xxx.xxx]
     11    45 ms    44 ms    44 ms  domain.co.uk [64.79.xxx.xxx]
     12    92 ms    92 ms    91 ms  Chi.domaintoo.com [74.122.xxx.xxx]
    
    Trace complete.
     
    #1 erfg1234, Dec 16, 2014
    Last edited by a moderator: Dec 16, 2014
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Do you use a firewall management utility such as CSF? If so, you could block the IP address in CSF to prevent additional connections to your server.

    Thank you.
     
  3. erfg1234

    erfg1234 Registered

    Joined:
    Dec 12, 2014
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Cape Coral, Florida, United States
    cPanel Access Level:
    DataCenter Provider
    I use IPTables, can it be done using that?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  5. erfg1234

    erfg1234 Registered

    Joined:
    Dec 12, 2014
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Cape Coral, Florida, United States
    cPanel Access Level:
    DataCenter Provider
    If I block the domain.co.uk [64.79.xxx.xxx] with iptables, their emails still go through. But installing CSF has definitely helped to protect my server. Within 1 day I have 50 IP addresses blocked that were trying to login using FTP!
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    You may need to modify your custom iptables rules or use CSF if traffic from those IP addresses is still reaching your email service.

    Thank you.
     
Loading...

Share This Page