Hello Sir, I am facing attack on server. 1 109.107.233.75 1 112.110.159.62 1 114.77.133.38 1 115.241.207.28 1 117.199.186.161 1 120.72.95.27 1 122.174.118.195 1 123.252.135.2 1 124.125.41.162 1 125.161.107.126 1 164.100.80.37 1 203.197.142.39 1 220.227.141.114 1 59.181.114.55 1 64.255.164.84 1 66.249.71.9 1 74.125.152.80 1 78.173.28.211 1 89.204.137.137 2 122.170.64.42 2 124.123.126.225 2 195.142.101.2 2 201.81.19.215 2 38.105.109.12 2 59.99.130.70 2 60.243.48.7 2 77.255.7.153 2 80.191.93.129 3 67.195.114.229 4 119.153.141.133 5 110.226.41.77 5 67.195.112.47 6 112.110.176.9 6 124.125.154.100 6 217.219.118.197 6 59.177.129.123 6 59.92.124.179 6 86.96.227.89 8 119.151.70.16 8 119.235.54.105 8 59.160.71.226 8 64.86.73.208 8 76.66.209.35 9 118.101.190.158 9 174.101.116.21 9 58.181.103.93 10 27.248.120.150 11 119.152.134.85 19 91.201.66.86 1021 180.149.49.229 1057 213.0.89.9 1462 62.140.196.147 root@dc21 [~]# You can see the last three. how can i block them. I have csf. And when i tried to block an ip its already blocked by the csf root@dc21 [~]# csf -d 62.140.196.147 deny failed: 62.140.196.147 is in already in the deny file /etc/csf/csf.deny root@dc21 [~]# but the server down and in browser it shows Unable to connect when some one try to open the web site. Any one have some solution? please tell Thank You Very Much
You need DDOS protection, from what company you have got server? CSF automatically blacklist Ips but when the attack is more you need hardware firewall protection.
You can try 'route' to block those IPs. If that doesn't help, have your Data Center to block the IPs on the router itself. BTW, you can use the command 'route' to block the IPs on your server where, 1.1.1.1 is the IP you want to block.
Sir, please clear one thing. If add the ip with this way "route add 62.140.196.147 reject" and than or later I restart the server will it save automatically, or something else command for save the ip that always put the the reject list. If I add the ip. Will that ip can attack on the server again and again or block permanently. Thank You.
They will be blocked permanently unless you unblock them with the command: You can check the blocked IPs with the command: The IP you block will have !H in front of it.