Hi all,
As we were getting fed up with hundred login attempts from China, Russia, USA, etc. I decided to look up all IP's with 50 or more login attempts and made a complete list of IP-ranges.
This resulted in a very good list, but though I have added the IP's to iptables (and saved it ofcourse) I discovered this morning there are still login attempts...?
If I ban a range, like this:
It should completely block anyone on 89.248.168.x who will try to login to the DA panel, email, ssh, etc. Right?
I don't know what I am doing wrong here, but I just noticed the following this morning:
So apparently they can still try to login? Or am I wrong....?
I also checked the ConfigServer Security & Firewall, but the rule is also in there:
So why isn't this IP blocked completely and permantly?
By the way, this is just an example, it happens to all IP's I blocked.
FYI: I followed the tutorial at: https://help.poralix.com/articles/how-to-block-ips-with-csf-directadmin-bfm
OS: CentOS 6.9
Should I take other actions? And how can I permantly ban those IP's for real? Currently they can still access everything or at least try so...
Thanks in advance.
As we were getting fed up with hundred login attempts from China, Russia, USA, etc. I decided to look up all IP's with 50 or more login attempts and made a complete list of IP-ranges.
This resulted in a very good list, but though I have added the IP's to iptables (and saved it ofcourse) I discovered this morning there are still login attempts...?
If I ban a range, like this:
Code:
iptables -A INPUT -s 89.248.168.0/24 -j DROP
It should completely block anyone on 89.248.168.x who will try to login to the DA panel, email, ssh, etc. Right?
I don't know what I am doing wrong here, but I just noticed the following this morning:
Code:
89.248.168.219 150 Dec 12 15:09 Dec 13 08:40 No No IP Info
So apparently they can still try to login? Or am I wrong....?
I also checked the ConfigServer Security & Firewall, but the rule is also in there:
Code:
Chain num pkts bytes target prot opt in out source destination
INPUT 250 0 0 DROP all -- * * 89.248.168.0/24 0.0.0.0/0
So why isn't this IP blocked completely and permantly?
By the way, this is just an example, it happens to all IP's I blocked.
FYI: I followed the tutorial at: https://help.poralix.com/articles/how-to-block-ips-with-csf-directadmin-bfm
OS: CentOS 6.9
Should I take other actions? And how can I permantly ban those IP's for real? Currently they can still access everything or at least try so...
Thanks in advance.
Last edited: