Chris Andrews
asked on
Having trouble denying an ip.
I'm running linux/apache, and I'm using this to block an ip
iptables -A INPUT -s 85.158 -j DROP
But my mail filter program still says it's still getting connections from that ip, and it overwhelms the system:
Mar 31 08:37:19 [1267]: Rejected connection from 85.158.138.179:11449 (busy), ceiling is 5 slots
Mar 31 08:37:19 [1267]: Rejected connection from 85.158.138.179:55879 (busy), ceiling is 5 slots
I also use apf, and have blocked it through that,
/usr/local/sbin/apf -d 85.158.
but it's still getting through.
Any ideas on what to do or why this isn't working?
Does iptables have to be restarted or anything? If so, how?
thanks, Chris
iptables -A INPUT -s 85.158 -j DROP
But my mail filter program still says it's still getting connections from that ip, and it overwhelms the system:
Mar 31 08:37:19 [1267]: Rejected connection from 85.158.138.179:11449 (busy), ceiling is 5 slots
Mar 31 08:37:19 [1267]: Rejected connection from 85.158.138.179:55879 (busy), ceiling is 5 slots
I also use apf, and have blocked it through that,
/usr/local/sbin/apf -d 85.158.
but it's still getting through.
Any ideas on what to do or why this isn't working?
Does iptables have to be restarted or anything? If so, how?
thanks, Chris
ASKER
Thank you, how do I do that?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ah, thank you, that seems to have done it! dam spammers!
are you trying to add those Ip one by one by hand ??
then you will go mad!!
use fail2ban, or portsentry
any attemept more then 3 or 4 times, those will block those Ip automaticaly
then you will go mad!!
use fail2ban, or portsentry
any attemept more then 3 or 4 times, those will block those Ip automaticaly
ASKER
Thank you, normally I don't have to, my spam program, mailstripper, takes care of things pretty well. This was move of a denial of service type thing (I guess), just overwhelming my server with junk mail, more than it could handle, so legit mails couldn't get through.
I'll take a look at these programs right now.
I'll take a look at these programs right now.
ASKER
Not saying it was a dos attack on purpose, but the amount of spam coming from that ip had that effect on my mail services.
then restart the iptables