1 |
On Tue, Sep 06, 2016 at 01:57:54PM -0700, Grant wrote: |
2 |
> > Hi, my site is being ravaged by an IP but dropping the IP via |
3 |
> > shorewall is seeming to have no effect. I'm using his IP from nginx |
4 |
> > logs. |
5 |
|
6 |
What you really need is to set up net-anlyzer/fail2ban and not do this |
7 |
kind of stuff manually. It automates parsing logs for attacks and setting |
8 |
up persistent iptables rules to block them. |
9 |
|
10 |
As soon as I assigned a dns domain name to my home ssh-server and made it |
11 |
available externally I was getting attacked by multiple IP addresses from |
12 |
china, and as soon as one IP was banned they came at me with another one. |
13 |
After I set up fail2ban and set a low preauth limit along with lifetime |
14 |
bans, this whole cat-and-mouse game started going more to my liking. |
15 |
|
16 |
Highly recommend you try it, it comes with lots of predefined |
17 |
rules/templates that you can choose from (I see nginx-botsearch and |
18 |
nginx-http-auth are included). |