SHSaeed

Well-Known Member
May 9, 2002
245
0
316
We've been under attack for a couple of hours now. I tried to block the attacker with [b:4f8a97f080]iptables -I INPUT 1 -s xxx.xxx.xxx.xxx -j DROP[/b:4f8a97f080] but I get &iptables v1.2.5: can't initialize iptables table `filter': iptables who? (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded.& I also tried to use /sbin/route to block them but it's of no use!!! How can I block these attacks, they're causing Apache to reach maxclients (which is set to 256).

Please HELP!!!!!!!!
 

SHSaeed

Well-Known Member
May 9, 2002
245
0
316
Here are the IPs that were attacking if anyone's interested...

24.185.148.33
68.36.123.27
66.76.93.157
68.11.36.65
24.205.209.230
12.220.192.165
68.5.224.66
4.46.204.175
24.76.66.39
66.189.215.241
128.111.71.114
212.202.128.213
4.46.204.175

We finally got our datacenter to null route the listed IPs.
 

SHSaeed

Well-Known Member
May 9, 2002
245
0
316
Found a way to do it ourselves...

ipchains -A input -s &IP&/255.255.255.255 -d 0.0.0.0/0.0.0.0 -j DENY

By replacing &IP& with the attacking IP you will block them on all ports.
 

itf

Well-Known Member
May 9, 2002
624
0
316
refer to this post I wrote there
http://forums.cpanel.net/read.php?TID=5583&page=1#24084