ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

Blocking IP ranges

https://mail.forum.configserver.com/viewtopic.php?t=7856

Page 1 of 1

Blocking IP ranges

Posted: 18 May 2014, 09:07
by kapkan
Hi CSF community...

This will be my first question in here. I hope that I am asking to right place.

I have been getting error emails like this:

Code: Select all

Time:     Sun May 18 07:45:11 2014 +0000
IP:       115.238.236.85 (CN/China/-)
Failures: 5 (sshd)
Interval: 3600 seconds
Blocked:  Permanent Block

Log entries:

May 18 07:45:01 ** sshd[25068]: Failed password for root from 115.238.236.85 port 53445 ssh2
May 18 07:45:03 ** sshd[25078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.238.236.85  user=root
May 18 07:45:05 ** sshd[25078]: Failed password for root from 115.238.236.85 port 54812 ssh2
May 18 07:45:06 ** sshd[25081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.238.236.85  user=root
May 18 07:45:06 ** sshd[25082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.238.236.85  user=root
I want to block them and some other IP ranges which are on my htaccess file.

What is the best way to do this on CSF?

Maybe the answer is simple for you, but I am a newbie, am trying to learn VPS and CSF. I've just rented a VPS this week as first time.

Re: Blocking IP ranges

Posted: 18 May 2014, 18:25
by frustrated
Here's a good primer on IP range blocks: https://www.mediawiki.org/wiki/Help:Range_blocks

For your IP example, 115.238.236.0/24 would block 256 addresses, ending from 0 to 255.

Re: Blocking IP ranges

Posted: 18 May 2014, 20:08
by wm0000
Just be careful not to block too many ... iptables freaks out after 1k or so rules. ;)
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited