How to stop an attack permanently ??

[mr-cracker]

Hi all, i want to stop an attack from an ip which is really annoying me,

i started a thread about this before,
http://www.directadmin.com/forum/showthread.php?t=33245
and at the end i found that one ip is attacking my server and causing 100% cpu load,
i have banned the ip from iptables and from my forum software (vbulletin) but still when i run "top" on ssh there some connections starting to mysql that take many cpu usage and last for 1-2 seconds then close, can i know please how to block this ip permanently

is there anywhere to report about this?? http://93.190.138.226/
its not attacking my server only, many servers are attacked by this ip

any help will be appreciated
regards

 

[RHS-Chris]

Even though you have blocked the IP on your server, the IP is still able to get to your server, and will cause some load because the kernel still needs to read the connection and determine whether to block the IP of allow it. To stop this IP from getting to your server completely, have your server provider block it upstream, possibly at one of their routers. This will stop the ip from even getting to your server.

 

[mr-cracker]

i wil contact them and tell them about this,
but if they didn't agree what can i do??

 

[mr-cracker]

How to i see all ip connections to my server please, what command shall i use to see all ips and how much reources they are taking??

regards

 

[mr-cracker]

any help please??

 

[tillo]

Use "iptraf" for stateful statistics. It's simple and very powerful, but it won't manage to see application-level DoSs (small or slow rate packets that manage to block your services using a vulnerability).

 

[mr-cracker]

hi there

# iptraf
-bash: iptraf: command not found

what is wrong??

 

[massive]

install it

 

[mr-cracker]

how can i install it please

 

[massive]

it depends the type of your os. eg for centos type :
yum install iptraf*