How to disable, disable, and unban IP addresses in Centos

How to disable, disable, and unban IP addresses in Linux

Recently, the server's memory resources were temporarily used. After checking the logs, the VPN password was originally cracked. Currently, IP address segments are blocked. For the method, see the following,

Now we will announce the IP address used to crack the VPN: 118.249.110.115 in Changsha, Hunan Province. You only use numbers and letters for my passwords.

1234567891011121314151617181920212223242526Mar 11 14:53:52 My Server03 pure-ftpd :(? @ 118.249.110.115) [INFO] new connection from 118.249.110.115 Mar 11 14:53:57 My Server03 pure-ftpd :(? @ 118.249.110.115) [WARNING] user [126cm123456] Verification Failed Mar 11 14:53:57 My Server03 pure-ftpd :(? @ 118.249.110.115) [INFO] logout. Mar 11 14:54:06 My Server03 pure-ftpd :(? @ 118.249.110.115) [INFO] new connection from 118.249.110.115 Mar 11 14:54:09 My Server03 pure-ftpd :(? @ 118.249.110.115) [WARNING] user [126cm2009] failed to verify Mar 11 14:54:09 My Server03 pure-ftpd :(? @ 118.249.110.115) [INFO] logout. Mar 11 14:54:24 My Server03 pure-ftpd :(? @ 118.249.110.115) [INFO] new connection from 118.249.110.115 Mar 11 14:54:29 My Server03 pure-ftpd :(? @ 118.249.110.115) [WARNING] user [126cm2010] Verification Failed Mar 11 14:54:29 My Server03 pure-ftpd :(? @ 118.249.110.115) [INFO] logout. Mar 11 14:54:44 My Server03 pure-ftpd :(? @ 118.249.110.115) [INFO] new connection from 118.249.110.115 Mar 11 14:54:49 My Server03 pure-ftpd :(? @ 118.249.110.115) [WARNING] user [126cm2011] failed to verify Mar 11 14:54:50 My Server03 pure-ftpd :(? @ 118.249.110.115) [INFO] logout. Mar 11 14:55:20 My Server03 pure-ftpd :(? @ 118.249.110.115) [INFO] new connection from 118.249.110.115 Mar 11 14:55:25 My Server03 pure-ftpd :(? @ 118.249.110.115) [WARNING] user [126cm2012] failed to verify Mar 11 14:55:25 My Server03 pure-ftpd :(? @ 118.249.110.115) [INFO] logout. Mar 11 14:56:08 My Server03 pure-ftpd :(? @ 118.249.110.115) [INFO] new connection from 118.249.110.115 Mar 11 14:56:12 My Server03 pure-ftpd :(? @ 118.249.110.115) [WARNING] user [126cm2013] Verification Failed Mar 11 14:56:12 My Server03 pure-ftpd :(? @ 118.249.110.115) [INFO] logout. Mar 11 14:56:36 My Server03 pure-ftpd :(? @ 118.249.110.115) [INFO] new connection from 118.249.110.115 Mar 11 14:56:41 My Server03 pure-ftpd :(? @ 118.249.110.115) [WARNING] user [126cm2014] Verification Failed Mar 11 14:56:42 My Server03 pure-ftpd :(? @ 118.249.110.115) [INFO] logout. Mar 11 14:57:04 My Server03 pure-ftpd :(? @ 118.249.110.115) [INFO] new connection from 118.249.110.115 Mar 11 14:57:08 My Server03 pure-ftpd :(? @ 118.249.110.115) [WARNING] user [126cm666] failed to verify Mar 11 14:57:08 My Server03 pure-ftpd :(? @ 118.249.110.115) [INFO] logout. Mar 11 14:57:24 My Server03 pure-ftpd :(? @ 118.249.110.115) [INFO] new connection from 118.249.110.115 Mar 11 14:57:28 My Server03 pure-ftpd :(? @ 118.249.110.115) [WARNING] user [126cm888] Verification Failed

The method is as follows:

When a Linux server is attacked, there may be several major IP addresses. If the attacks against these IP addresses can be rejected, the pressure on the server will be greatly reduced, and the server may be able to recover to normal.

In Linux, you can block or block a single IP address. In general, today's attackers will not use an IP address in a CIDR block to attack (too shaken), and the IP addresses are generally hashed. The command for blocking a single IP address and command for unblocking a single IP address are described below.

In Linux, ipteables is used to maintain the IP rule table. To stop or unseal an IP address, you must add inbound rules in the IP rule table.

To stop an IP address, run the following command:

1 # iptables-I INPUT-s ***. ***-j DROP

To unseal an IP address, run the following command:

1 # iptables-d input-s ***. ***-j DROP

The-I parameter indicates Insert (ADD), and the-D parameter indicates Delete (Delete ). The following is a rule. INPUT indicates the inbound traffic, **. ** indicates the IP address to be blocked, and DROP indicates that the connection is abandoned.

In addition, you can use the following command to view the current IP rule table:

1234 # iptables-list </code> for example, if you want to block the 118.249.110.115 IP address, enter: 1 # iptables-I INPUT-s 118.249.110.115-j DROP

To unseal the table, replace-I with-D, provided that iptables already has this record. To clear the blocked IP address, enter:

1 # iptables-flush

To add an IP segment to the shutdown list, run the following command:

# Iptables-I INPUT-s 121.0.0.0/8-j DROP
In fact, the IP part of a single IP address is replaced by the Linux IP segment expression. There are a lot of detailed explanations about IP segment expressions on the Internet, so I won't mention it here.

I believe that with the help of iptables, it is easy to solve small DDoS attacks!

Add this command to disable ping, modify the port, and disable the root user.

1. ping prohibited by the System

1 [root @ linu *** ~] # Echo 1>/proc/sys/net/ipv4/icmp_echo_ignore_all

　　
2. The system allows ping

1 [root @ linu *** ~] # Echo 0>/proc/sys/net/ipv4/icmp_echo_ignore_all

The effect of the above two commands takes effect in real time. You can use another machine to ping the command to test whether the command takes effect.
Bytes ----------------------------------------------------------------------------------------------------------

12/etc/rc. d/rc. local add a line echo 1>/proc/sys/net/ipv4/icmp_echo_ignore_all

0 indicates allow
1 indicates prohibited