Some bind atttack - how to block this huge IP range automatically?

[postcd]

Please how can i block these excessive bind accesses from this big ip range?
i mean i dont want manual IP ban, i want this to be handled by CSF automatically, so i want o ask you for kind advice on how to do it so such connections have low or no impact (iptables ban)?

Sep 10 13:12:45 host1 lfd[21510]: bind triggered by 74.125.74.17 - ignored
Sep 10 13:12:45 host1 lfd[21510]: bind triggered by 74.125.74.83 - ignored
Sep 10 13:12:45 host1 lfd[21510]: bind triggered by 74.125.46.84 - ignored
Sep 10 13:12:50 host1 lfd[21510]: bind triggered by 74.125.74.146 - ignored
Sep 10 13:12:50 host1 lfd[21510]: bind triggered by 74.125.74.148 - ignored
Sep 10 13:12:50 host1 lfd[21510]: bind triggered by 74.125.74.81 - ignored
Sep 10 13:12:50 host1 lfd[21510]: bind triggered by 74.125.74.17 - ignored
Sep 10 13:12:50 host1 lfd[21510]: bind triggered by 74.125.74.80 - ignored
Sep 10 13:12:50 host1 lfd[21510]: bind triggered by 74.125.74.82 - ignored
Sep 10 13:12:50 host1 lfd[21510]: bind triggered by 74.125.74.83 - ignored
Sep 10 13:12:50 host1 lfd[21510]: bind triggered by 74.125.74.144 - ignored
Sep 10 13:12:50 host1 lfd[21510]: bind triggered by 74.125.74.148 - ignored
Sep 10 13:12:50 host1 lfd[21510]: bind triggered by 74.125.74.146 - ignored
Sep 10 13:12:50 host1 lfd[21510]: bind triggered by 74.125.46.80 - ignored
Sep 10 13:12:50 host1 lfd[21510]: bind triggered by 74.125.74.19 - ignored
Sep 10 13:12:55 host1 lfd[21510]: bind triggered by 74.125.74.16 - ignored
Sep 10 13:12:55 host1 lfd[21510]: bind triggered by 74.125.46.80 - ignored
Sep 10 13:12:55 host1 lfd[21510]: bind triggered by 74.125.74.19 - ignored
Sep 10 13:12:55 host1 lfd[21510]: bind triggered by 74.125.74.19 - ignored
Sep 10 13:12:55 host1 lfd[21510]: bind triggered by 74.125.46.80 - ignored
Sep 10 13:12:55 host1 lfd[21510]: bind triggered by 74.125.74.84 - ignored
Sep 10 13:12:55 host1 lfd[21510]: bind triggered by 74.125.74.147 - ignored
Sep 10 13:12:55 host1 lfd[21510]: bind triggered by 74.125.74.19 - ignored
Sep 10 13:12:55 host1 lfd[21510]: bind triggered by 74.125.74.84 - ignored
Sep 10 13:12:55 host1 lfd[21510]: bind triggered by 74.125.74.18 - ignored
Sep 10 13:12:55 host1 lfd[21510]: bind triggered by 74.125.74.18 - ignored
Sep 10 13:12:55 host1 lfd[21510]: bind triggered by 74.125.46.81 - ignored
Sep 10 13:12:55 host1 lfd[21510]: bind triggered by 74.125.46.84 - ignored
Sep 10 13:13:00 host1 lfd[21510]: bind triggered by 74.125.74.146 - ignored
Sep 10 13:13:00 host1 lfd[21510]: bind triggered by 74.125.74.148 - ignored
Sep 10 13:13:05 host1 lfd[21510]: bind triggered by 74.125.46.83 - ignored
Sep 10 13:13:10 host1 lfd[21510]: bind triggered by 74.125.46.84 - ignored
Sep 10 13:13:10 host1 lfd[21510]: bind triggered by 74.125.73.17 - ignored
Sep 10 13:13:10 host1 lfd[21510]: bind triggered by 74.125.73.18 - ignored
Sep 10 13:13:10 host1 lfd[21510]: bind triggered by 74.125.47.18 - ignored
Sep 10 13:13:10 host1 lfd[21510]: bind triggered by 74.125.73.21 - ignored
Sep 10 13:13:20 host1 lfd[21510]: bind triggered by 74.125.74.144 - ignored
Sep 10 13:13:20 host1 lfd[21510]: bind triggered by 74.125.74.144 - ignored
Sep 10 13:13:25 host1 lfd[21510]: bind triggered by 74.125.74.18 - ignored
Sep 10 13:13:25 host1 lfd[21510]: bind triggered by 74.125.74.82 - ignored
Sep 10 13:13:30 host1 lfd[21510]: bind triggered by 74.125.74.18 - ignored
Sep 10 13:13:30 host1 lfd[21510]: bind triggered by 74.125.74.81 - ignored
Sep 10 13:13:30 host1 lfd[21510]: bind triggered by 74.125.74.81 - ignored
Sep 10 13:13:30 host1 lfd[21510]: bind triggered by 74.125.74.83 - ignored
Sep 10 13:13:40 host1 lfd[21510]: bind triggered by 74.125.74.146 - ignored
Sep 10 13:13:40 host1 lfd[21510]: bind triggered by 74.125.46.82 - ignored
Sep 10 13:13:40 host1 lfd[21510]: bind triggered by 74.125.74.19 - ignored
Sep 10 13:13:40 host1 lfd[21510]: bind triggered by 74.125.74.19 - ignored
Sep 10 13:13:40 host1 lfd[21510]: bind triggered by 74.125.47.18 - ignored
Sep 10 13:13:40 host1 lfd[21510]: bind triggered by 74.125.73.83 - ignored
Sep 10 13:13:45 host1 lfd[21510]: bind triggered by 74.125.73.147 - ignored
Sep 10 13:13:45 host1 lfd[21510]: bind triggered by 74.125.73.82 - ignored
Sep 10 13:13:50 host1 lfd[21510]: bind triggered by 74.125.74.144 - ignored

i see its a gogle IP..

 

[durangod]

74.125.0.0/16 will block all from 74.125.

you also might consider adjusting your cPHulk settings security center ->cPHulk Brute Force Protection you want it to be flexible enough to deal with honest mistakes but hard enough that if they are idiots it says bye bye baby...

 

[quizknows]

I would not recommend blocking google's IP ranges. Their engineers are extremely smart and if anything malicious is going on with their network I assure you they'll find and fix it.

Keep in mind DNS is a UDP protocol and source IPs can be spoofed. This is how DNS amplification attacks work; queries come in with a spoofed source IP, and your server sends the "response" to someone who never asked for it to begin with.

Just make sure DNS recursion is off in your named config. If this is not causing load on your server I wouldn't worry about it.

I recommend reviewing this section of your CSF config. I do not use it, so mine is disabled as shown below:

# [*]Enable detection of repeated BIND denied requests
# This option should be enabled with care as it will prevent blocked IPs from
# resolving any domains on the server. You might want to set the trigger value
# reasonably high to avoid this
# Example: LF_BIND = "100"
LF_BIND = "0"
LF_BIND_PERM = "1"

 

[durangod]

good deal quiz +1 i didnt even look up the ip lol... i was just answering the range question syntax is all.. but thats great you shared that as well

 

[cPanelMichael]

Hello

As mentioned by quizknows, it's likely not an issue that needs to be addressed if you are not experiencing any additional load on your system and DNS recursion is disabled.

Thank you.