IP Blocking

Posted on August 10, 2009 | Category: Informational, Linux, Networking, Scripts, Security, Server, bash

If you operate a web server and actually look at your logs, you probably notice the majority of hack attempts derive from Russia, Libya, Iran, China, and Taiwan. There are several methods of thwarting exploitation attacks by blocking certain countries all together. For instance, GPLUG has blocked all countries except the United States from accessing the pages using a .htaccess file uploaded from http://www.blockacountry.com/. You select the country(s) and either copy/paste the ip ranges in your own file, or download the file they produce for you.

The next method involves applying specific rules to your UFW firewall. Edit your /etc/ufw/before.rules after the following lines to includes specific ip rules.

#-A ufw-before-input -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW BLOCK INVALID]: "
-A ufw-before-input -m conntrack --ctstate INVALID -j DROP

Insert each desired ip below the above before.rules code

#BLOCK CUSTOM IP ADDRESSES
-A ufw-before-input -s 82.210.188.182 -j DROP

NixCraft also published a fairly good article on additional methods of ip blocking by country using a custom script and third party ip block website here: http://www.cyberciti.biz/faq/block-entier-country-using-iptables/

Either way, you need to make sure that your firewall does not have unnecessary open ports, and that your passwords are strong.  Any password that you use that is in the dictionary is no good!

HAPPY IP BLOCKING

Similar Articles

• » Verizon MiFi
• » Adding hard drive fans is worth the money
• » Introducing the iPad from Apple - maybe...
• » Web Browser usage statistics
• » Add programs to Ubuntu using Firefox

Leave a Reply

Name (required)

Mail (will not be published) (required)

Website

CAPTCHA Code

Notify me of followup comments via e-mail