Block all of 183.7.x.x

C

csgo

Verified User
Joined
Feb 29, 2012
Messages
47
I'm tired of all the brute force attacks from 183.7.x.x and want to block all of it. I'm running CentoOS 6.x and latest DirectAdmin (iptables and brute force auto-blocking).

I've tried a couple of times to block all of 183.7.x.x and none of my attempts have worked.

Any suggestions appreciated!

Thanks,
-Joe
 
You should just add a rule in iptables:

Code: 
iptables -A INPUT -s 183.7.0.0/16 -j DROP
 
scsi said:
You should just add a rule in iptables:

Code: 
iptables -A INPUT -s 183.7.0.0/16 -j DROP
Click to expand...

I tried that (and did a service iptables restart) and I'm still getting Brute Force attacks from 183.7.128.x and 183.7.132.x so it apparently doesn't work. Very frustrating.

Anyone have any other suggestions?

Thanks,
-Joe
 
You must have an allow rule that is allowing stuff in then. Rules go in order from top to bottom so if it allow rule is before a deny rule then they will be allowed in.

If you want help you can post output of:

Code: 
iptables -L -v -n

Are you using this firewall guide or do you have a custom ruleset of your own?

http://help.directadmin.com/item.php?id=380
 
Last edited:
Below is the output of iptables -L -v -n

NOTE: I do NOT see the results of the "iptables -A INPUT -s 183.7.0.0/16 -j DROP" that I put in yesterday and verified that it was in there. It appears that every time iptables restarts it deletes that entry.

I use the DirectAdmin brute force monitor script and default iptables... nothing special.


Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
614 24770 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
29 2805 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 REJECT all -- * * 0.0.0.0/0 127.0.0.0/8 reject-with icmp-port-unreachable
0 0 DROP all -- * * 199.83.91.99 0.0.0.0/0
0 0 DROP all -- * * 59.60.7.111 0.0.0.0/0
0 0 DROP all -- * * 213.229.73.233 0.0.0.0/0
0 0 DROP all -- * * 67.205.112.146 0.0.0.0/0
0 0 DROP all -- * * 78.141.21.71 0.0.0.0/0
0 0 DROP all -- * * 122.228.236.136 0.0.0.0/0
0 0 DROP all -- * * 42.49.128.45 0.0.0.0/0
0 0 DROP all -- * * 42.49.128.218 0.0.0.0/0
0 0 DROP all -- * * 218.18.87.129 0.0.0.0/0
0 0 DROP all -- * * 175.4.2.80 0.0.0.0/0
0 0 DROP all -- * * 124.229.1.226 0.0.0.0/0
0 0 DROP all -- * * 222.186.20.48 0.0.0.0/0
0 0 DROP all -- * * 101.224.10.45 0.0.0.0/0
0 0 DROP all -- * * 24.12.225.4 0.0.0.0/0
0 0 DROP all -- * * 218.18.25.242 0.0.0.0/0
0 0 DROP all -- * * 60.169.75.229 0.0.0.0/0
0 0 DROP all -- * * 121.10.112.87 0.0.0.0/0
0 0 DROP all -- * * 222.66.129.200 0.0.0.0/0
0 0 DROP all -- * * 201.116.123.125 0.0.0.0/0
0 0 DROP all -- * * 124.229.0.223 0.0.0.0/0
0 0 DROP all -- * * 124.229.0.240 0.0.0.0/0
0 0 DROP all -- * * 58.215.2.238 0.0.0.0/0
0 0 DROP all -- * * 183.7.84.225 0.0.0.0/0
0 0 DROP all -- * * 183.7.131.157 0.0.0.0/0
0 0 DROP all -- * * 183.7.129.91 0.0.0.0/0
0 0 DROP all -- * * 183.7.92.68 0.0.0.0/0
0 0 DROP all -- * * 183.7.130.109 0.0.0.0/0
0 0 DROP all -- * * 183.7.91.133 0.0.0.0/0
0 0 DROP all -- * * 183.7.85.226 0.0.0.0/0
0 0 DROP all -- * * 183.4.33.72 0.0.0.0/0
0 0 DROP all -- * * 183.7.94.2 0.0.0.0/0
0 0 DROP all -- * * 183.7.89.110 0.0.0.0/0
0 0 DROP all -- * * 183.4.19.108 0.0.0.0/0
0 0 DROP all -- * * 183.7.92.109 0.0.0.0/0
0 0 DROP all -- * * 218.24.71.29 0.0.0.0/0
0 0 DROP all -- * * 221.234.43.164 0.0.0.0/0
0 0 DROP all -- * * 183.7.129.252 0.0.0.0/0
0 0 DROP all -- * * 113.73.160.24 0.0.0.0/0
0 0 DROP all -- * * 113.73.183.81 0.0.0.0/0
0 0 DROP all -- * * 58.34.47.135 0.0.0.0/0
0 0 DROP all -- * * 70.169.166.202 0.0.0.0/0
0 0 DROP all -- * * 183.7.120.83 0.0.0.0/0
0 0 DROP all -- * * 183.7.89.246 0.0.0.0/0
0 0 DROP all -- * * 183.7.121.48 0.0.0.0/0
0 0 DROP all -- * * 59.50.175.214 0.0.0.0/0
0 0 DROP all -- * * 113.73.161.230 0.0.0.0/0
0 0 DROP all -- * * 5.9.13.176 0.0.0.0/0
0 0 DROP all -- * * 112.136.149.212 0.0.0.0/0
0 0 DROP all -- * * 113.117.190.146 0.0.0.0/0
0 0 DROP all -- * * 124.229.0.5 0.0.0.0/0
0 0 DROP all -- * * 183.7.91.149 0.0.0.0/0
0 0 DROP all -- * * 183.7.131.181 0.0.0.0/0
0 0 DROP all -- * * 113.110.220.245 0.0.0.0/0
0 0 DROP all -- * * 124.229.18.98 0.0.0.0/0
0 0 DROP all -- * * 120.84.130.252 0.0.0.0/0
0 0 DROP all -- * * 125.122.208.243 0.0.0.0/0
0 0 DROP all -- * * 61.147.110.19 0.0.0.0/0
0 0 DROP all -- * * 58.212.242.221 0.0.0.0/0
0 0 DROP all -- * * 222.186.23.9 0.0.0.0/0
0 0 DROP all -- * * 200.98.168.122 0.0.0.0/0
0 0 DROP all -- * * 61.160.247.182 0.0.0.0/0
0 0 DROP all -- * * 207.114.147.195 0.0.0.0/0
0 0 DROP all -- * * 81.223.99.211 0.0.0.0/0
0 0 DROP all -- * * 113.73.162.133 0.0.0.0/0
0 0 DROP all -- * * 118.186.204.178 0.0.0.0/0
0 0 DROP all -- * * 41.41.40.206 0.0.0.0/0
0 0 DROP all -- * * 115.113.30.154 0.0.0.0/0
0 0 DROP all -- * * 14.98.152.138 0.0.0.0/0
0 0 DROP all -- * * 115.184.106.104 0.0.0.0/0
0 0 DROP all -- * * 124.229.50.189 0.0.0.0/0
0 0 DROP all -- * * 121.245.158.100 0.0.0.0/0
0 0 DROP all -- * * 117.216.215.196 0.0.0.0/0
0 0 DROP all -- * * 196.206.31.192 0.0.0.0/0
0 0 DROP all -- * * 81.192.38.189 0.0.0.0/0
0 0 DROP all -- * * 114.79.53.48 0.0.0.0/0
0 0 DROP all -- * * 101.63.153.147 0.0.0.0/0
0 0 DROP all -- * * 41.178.1.10 0.0.0.0/0
0 0 DROP all -- * * 119.235.50.11 0.0.0.0/0
0 0 DROP all -- * * 200.109.11.179 0.0.0.0/0
0 0 DROP all -- * * 187.141.139.243 0.0.0.0/0
0 0 DROP all -- * * 117.198.1.51 0.0.0.0/0
0 0 DROP all -- * * 114.79.50.87 0.0.0.0/0
0 0 DROP all -- * * 208.94.177.168 0.0.0.0/0
0 0 DROP all -- * * 116.202.199.83 0.0.0.0/0
0 0 DROP all -- * * 118.126.3.121 0.0.0.0/0
0 0 DROP all -- * * 115.184.93.153 0.0.0.0/0
0 0 DROP all -- * * 117.204.68.35 0.0.0.0/0
0 0 DROP all -- * * 62.251.219.202 0.0.0.0/0
0 0 DROP all -- * * 183.32.204.51 0.0.0.0/0
0 0 DROP all -- * * 197.7.31.9 0.0.0.0/0
0 0 DROP all -- * * 114.79.16.102 0.0.0.0/0
0 0 DROP all -- * * 114.79.48.134 0.0.0.0/0
0 0 DROP all -- * * 121.247.252.152 0.0.0.0/0
0 0 DROP all -- * * 223.196.128.21 0.0.0.0/0
0 0 DROP all -- * * 27.156.154.44 0.0.0.0/0
0 0 DROP all -- * * 2.91.207.186 0.0.0.0/0
36 2160 DROP all -- * * 69.23.112.20 0.0.0.0/0
0 0 DROP all -- * * 114.79.55.76 0.0.0.0/0
0 0 DROP all -- * * 190.205.154.247 0.0.0.0/0
0 0 DROP all -- * * 124.229.34.14 0.0.0.0/0
0 0 DROP all -- * * 124.229.58.175 0.0.0.0/0
0 0 DROP all -- * * 183.32.183.168 0.0.0.0/0
0 0 DROP all -- * * 116.203.96.176 0.0.0.0/0
0 0 DROP all -- * * 200.98.168.176 0.0.0.0/0
0 0 DROP all -- * * 41.226.43.143 0.0.0.0/0
0 0 DROP all -- * * 210.212.105.7 0.0.0.0/0
0 0 DROP all -- * * 183.32.191.151 0.0.0.0/0
0 0 DROP all -- * * 114.79.52.31 0.0.0.0/0
0 0 DROP all -- * * 124.229.3.180 0.0.0.0/0
0 0 DROP all -- * * 114.79.52.214 0.0.0.0/0
0 0 DROP all -- * * 41.32.129.122 0.0.0.0/0
0 0 DROP all -- * * 183.7.85.175 0.0.0.0/0
0 0 DROP all -- * * 183.7.131.217 0.0.0.0/0
0 0 DROP all -- * * 183.7.99.37 0.0.0.0/0
0 0 DROP all -- * * 200.98.164.106 0.0.0.0/0
0 0 DROP all -- * * 112.86.27.232 0.0.0.0/0
0 0 DROP all -- * * 183.7.120.242 0.0.0.0/0
0 0 DROP all -- * * 61.147.110.68 0.0.0.0/0
0 0 DROP all -- * * 124.229.47.133 0.0.0.0/0
0 0 DROP all -- * * 183.32.217.178 0.0.0.0/0
0 0 DROP all -- * * 183.7.131.200 0.0.0.0/0
0 0 DROP all -- * * 183.7.133.140 0.0.0.0/0
0 0 DROP all -- * * 183.7.90.131 0.0.0.0/0
0 0 DROP all -- * * 183.7.96.116 0.0.0.0/0
0 0 DROP all -- * * 183.7.122.87 0.0.0.0/0
0 0 DROP all -- * * 183.7.88.183 0.0.0.0/0
0 0 DROP all -- * * 121.12.119.222 0.0.0.0/0
0 0 DROP all -- * * 113.118.47.23 0.0.0.0/0
0 0 DROP all -- * * 113.110.133.225 0.0.0.0/0
0 0 DROP all -- * * 183.7.130.141 0.0.0.0/0
0 0 DROP all -- * * 180.156.169.94 0.0.0.0/0
0 0 DROP all -- * * 183.7.135.197 0.0.0.0/0
0 0 DROP all -- * * 183.7.98.82 0.0.0.0/0
0 0 DROP all -- * * 183.32.187.46 0.0.0.0/0
0 0 DROP all -- * * 183.7.128.186 0.0.0.0/0
0 0 DROP all -- * * 183.7.133.230 0.0.0.0/0
0 0 DROP all -- * * 174.48.105.192 0.0.0.0/0
0 0 DROP all -- * * 124.229.6.195 0.0.0.0/0
0 0 DROP all -- * * 124.229.16.59 0.0.0.0/0
0 0 DROP all -- * * 183.7.94.3 0.0.0.0/0
0 0 DROP all -- * * 14.145.66.27 0.0.0.0/0
0 0 DROP all -- * * 124.229.2.234 0.0.0.0/0
0 0 DROP all -- * * 183.7.90.106 0.0.0.0/0
0 0 DROP all -- * * 183.4.51.23 0.0.0.0/0
0 0 DROP all -- * * 183.7.123.106 0.0.0.0/0
0 0 DROP all -- * * 183.7.90.88 0.0.0.0/0
0 0 DROP all -- * * 14.145.67.24 0.0.0.0/0
0 0 DROP all -- * * 183.4.37.82 0.0.0.0/0
0 0 DROP all -- * * 175.143.53.113 0.0.0.0/0
0 0 DROP all -- * * 61.91.65.131 0.0.0.0/0
0 0 DROP all -- * * 72.158.123.40 0.0.0.0/0
0 0 DROP all -- * * 206.169.78.154 0.0.0.0/0
0 0 DROP all -- * * 74.95.117.9 0.0.0.0/0
0 0 DROP all -- * * 183.7.121.82 0.0.0.0/0
0 0 DROP all -- * * 183.7.131.81 0.0.0.0/0
0 0 DROP all -- * * 183.7.132.99 0.0.0.0/0
0 0 DROP all -- * * 183.7.128.245 0.0.0.0/0
0 0 DROP all -- * * 183.7.130.189 0.0.0.0/0
0 0 DROP all -- * * 184.22.83.168 0.0.0.0/0
0 0 DROP all -- * * 183.7.122.111 0.0.0.0/0
0 0 DROP all -- * * 183.7.133.190 0.0.0.0/0
0 0 DROP all -- * * 183.7.128.105 0.0.0.0/0
0 0 DROP all -- * * 183.7.128.193 0.0.0.0/0
0 0 DROP all -- * * 183.7.132.71 0.0.0.0/0
0 0 DROP all -- * * 183.7.128.252 0.0.0.0/0
0 0 DROP all -- * * 183.7.96.160 0.0.0.0/0
23 952 DROP all -- * * 183.7.123.123 0.0.0.0/0
111 9060 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
85167 9528K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
1 60 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5525
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2222
135 6536 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 flags:0x17/0x02 limit: avg 1/sec burst 10
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 flags:0x17/0x02
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:465
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:587
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
355 25183 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
5102 288K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:995
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:993
556 32225 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
9 360 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:3306
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:783
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:6277
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:6276
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2703
4 172 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1433 limit: avg 3/hour burst 5 LOG flags 0 level 4 prefix `Firewalled packet: MSSQL '
4 172 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1433
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6670 limit: avg 3/hour burst 5 LOG flags 0 level 4 prefix `Firewalled packet: Deepthrt '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6670
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6711 limit: avg 3/hour burst 5 LOG flags 0 level 4 prefix `Firewalled packet: Sub7 '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6711
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6712 limit: avg 3/hour burst 5 LOG flags 0 level 4 prefix `Firewalled packet: Sub7 '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6712
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6713 limit: avg 3/hour burst 5 LOG flags 0 level 4 prefix `Firewalled packet: Sub7 '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6713
2 120 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:12345 limit: avg 3/hour burst 5 LOG flags 0 level 4 prefix `Firewalled packet: Netbus '
2 120 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:12345
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:12346 limit: avg 3/hour burst 5 LOG flags 0 level 4 prefix `Firewalled packet: Netbus '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:12346
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20034 limit: avg 3/hour burst 5 LOG flags 0 level 4 prefix `Firewalled packet: Netbus '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20034
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:31337 limit: avg 3/hour burst 5 LOG flags 0 level 4 prefix `Firewalled packet: BO '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:31337
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6000 limit: avg 3/hour burst 5 LOG flags 0 level 4 prefix `Firewalled packet: XWin '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6000
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:33434:33523
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 reject-with icmp-port-unreachable
0 0 REJECT 2 -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 reject-with icmp-port-unreachable
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 reject-with icmp-port-unreachable
99 5004 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 5/min burst 5 LOG flags 0 level 4 prefix `Firewalled packet:'
108 5436 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
212 26807 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 5/min burst 5 LOG flags 0 level 4 prefix `Firewalled packet:'
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
3 132 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:6660:6669
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:7000
60055 143M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
 
firewall rules will get flushed out anytime you restart your server or restart iptables.

You will have to find where your ruleset is and manually add the deny rule.

The file may be:

/etc/sysconfig/iptables

of if you are using the directadmin iptables the rules are loaded from /etc/init.d/iptables

That seems like a pretty advanced set of rules are you sure you dont use csf or apf or something?

You should look into using csf firewall though it works pretty well but does take some tweaking.

http://configserver.com/cp/csf.html
 
I manually updated /etc/init.d/iptables and it seems to be working.

I'm just using the standard DirectAdmin stuff with the Brute Force auto-add script.

Thanks,
-Joe
 
That rule will block anything that starts with 183.7.x.x so you actually could remove any other line that has a 183.7 if you wanted.
 
Thanks... I did remove the other 183.7.x.x entries.

A welcome relief now that their all blocked. My next step is to block the rest of China.

-Joe
 
One of the reasons I like csf firewall is because you can easily block countrys based on their country codes without having to add all their netblocks. However there may be easy ways to do it with iptables.
 
You must log in or register to reply here.
Back
Top