The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Blockage of IP

Discussion in 'General Discussion' started by frattay22, Jun 16, 2003.

  1. frattay22

    frattay22 Well-Known Member

    Joined:
    May 24, 2003
    Messages:
    69
    Likes Received:
    0
    Trophy Points:
    6
    I was wondering if there is anyway to Block a certian IP address from hitting your server or a ISP mask to block as well. I have seen a few scanning for hours and it is getting annoying.

    Thanks,
    Frank

    cPanel.net Support Ticket Number:
     
  2. NightHawk

    NightHawk Member

    Joined:
    Apr 17, 2003
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    1
    sure...just throw them in your iptables:

    #########################################
    ######### block a new ip # with iptables ###########
    ##### replace xxxx with the ip # you wish to block #####
    #########################################
    /sbin/iptables -I INPUT 1 -s xxxx -j DROP
    ##########################################
    ####after the above...run this one..to make them stick####
    ##otherwise..they will clear at reboot or restart of iptables##
    #########################################
    iptables-save > /etc/sysconfig/iptables
    ########################################
    ###########done##########################
    ########################################

    cPanel.net Support Ticket Number:
     
  3. frattay22

    frattay22 Well-Known Member

    Joined:
    May 24, 2003
    Messages:
    69
    Likes Received:
    0
    Trophy Points:
    6
    And can you do that for Hosts as well?
    Example
    (host217-42-10-7.range217-42.btcentralplus.com[217.42.10.7]) - ANON anonymous: Login successful So i would block btcentralplus.com?

    cPanel.net Support Ticket Number:
     
  4. NightHawk

    NightHawk Member

    Joined:
    Apr 17, 2003
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    1
    I still recommend using ip#'s....you can use netblocks or ip ranges....that would cover what you are looking for. But in this case in particular...the ip# is 217.42.10.7.

    cPanel.net Support Ticket Number:
     
  5. frattay22

    frattay22 Well-Known Member

    Joined:
    May 24, 2003
    Messages:
    69
    Likes Received:
    0
    Trophy Points:
    6
    BTW Thank you :) hope it will stop them :) the reason I did that is casue Some how I got rooted :( hahah oh well lesson learned

    Thanks,
    Frank

    cPanel.net Support Ticket Number:
     
  6. NightHawk

    NightHawk Member

    Joined:
    Apr 17, 2003
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    1
    if you have been rooted....just blocking thier ip#...won't do you much good...as they will just proxy off another location...

    you might want to ensure that you have removed the rootkit(s) and any other "toys" they left behind (of course the only way to know for sure that you have removed all of them...is to wipe the server and reinstall the OS and cpanel/whm.).

    Then after your restore, make sure you harden and secure your server completely...as well as monitor it's logs on a regular basis...security is not a one-time deal...but a ongoing proccess.

    cPanel.net Support Ticket Number:
     
  7. pingo

    pingo Well-Known Member

    Joined:
    Nov 16, 2002
    Messages:
    430
    Likes Received:
    0
    Trophy Points:
    16
    To kill all incoming and outgoing connections from IPs I usually do:

    /sbin/route add -host <IP-no.> reject

    To save the null route after rebooting to protect the server in
    the future I also add above command to /etc/rc.d/rc.local
    so they would be re-executed when the server comes back
    online.

    John

    cPanel.net Support Ticket Number:
     

Share This Page