Block access by domainname

Hi,

My rejectlog is filed with attempts from the same domainname. The subdomain keeps changing and the IP-adress too.


Is there a way to block this attempts by domainname? I'm not interested in chicken...

Ah Russians again. It might be able to do this, by adding some custom configuration to Exim, don't know if there's an easier method to prevent connections.

He can easily use another domain or free domain and start again. You say the ip address keeps changing? Is the ip within the same range c.q. from the same provider?
Otherwise you could block the complete range by doing this:
csf -d 191.96.249/24
If he's using ip's in that range, that might be a better solution. If he's using multiple ip's from multiple providers.... well... just ignore it. Chinese also give waves of these kinds of attacks for days or weeks. It will start and it will stop. Can't block everything.

It would be not efficient to block by domain name, I'd rather block by IP range. Domain resolving takes resources.


p.s.

@Richard,

You sure?



The site http://locode.info/SC says it is Country: Seychelles.

As a Russian I'm very flattered that you think Seychelles are ours

Peace, man

Are you Russian Alex? Cool!

Yes I'm pretty sure:
Owners Sychelles, server in Russia.
AS Number AS64484 Jupiter 25 Limited

At least that's waht CQCounter says about it. Maybe you can see if it's a Russian datacenter. CQCounter thinks it is.
Looks like 3 country's. Server in Russia, ISP in Chili and ip owner in Seychelles.

And ofcourse there are also a lot of good Russians! Peace to you too!

Yes, I am

OK, I see. Dmzhost seems to be an offshore hosting company. I would not expect strict policies and traffic filtering there.

Yep, I see many attacks from Russian, Ukrainian, China IPs on servers under our support these days. Good hosting companies do care of it and block malicious outgoing traffic per an abuse.

So the TS might file an abuse to the company with detailed logs.