utilizing unused ips as a means to block scripted or physical hacking attempts


Aug 30, 2006
ok, i have 20 ips delegated to a server

only 5 ips are utilized by server

the remaining are just sitting there

those attempting attacks will go through the list

they hit the first ips then go through the list

modsec is not blocking subsequent attempts at ip attacks until they are attempted

thus, 000.001 is hit and denied

then 000.002 is hit and denied

by same incoming ip

below are 3 of 14 attempts by one ip as shown in modsec 7x.53.xxx.xx0 7x.53.xxx.xx1 7x.53.xxx.xx2

so, the ip is going down ip list. x hundreds

i want to tie each unused ip or all unused ip's to a web page or program that immediately blocks the ip.

though i could remove the ips i see them as a way to "*midway" these attackers

having a means to stop on first ip would completely block attacker to any access for a period of time

especially the scripted Asian attacks

any comments pro or con appreciated.

i have most security packages installed so if i am missing the facts of using them to do this will also be appreciated


- - - Updated - - -

what i would like to do is similar to this how to except i need it automated.

Nullroute IP using route command

Suppose that bad IP is, type following command at shell:

# route add gw lo

You can verify it with following command:
# netstat -nr
# route -n
You can also use reject target (thanks to Gabriele):
# route add -host IP-ADDRESS reject
# route add -host reject

To confirm the null routing status, use ip command as follows:
# ip route get

RTNETLINK answers: Network is unreachable

Drop entire subnet
# route add -net gw lo


Staff member
Apr 11, 2011
Hello :)

I recommend utilizing a third-party firewall to block the offending IP address, as opposed to additional Mod_Security rules. CSF is a common firewall used by cPanel users, and you can implement custom iptables rules if necessary.

Thank you.
Thread starter Similar threads Forum Replies Date
Astral God Security 0
dlemkin Security 7