ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

Block IP login to SSH from China

https://mail.forum.configserver.com/viewtopic.php?t=8199

Page 1 of 1

Block IP login to SSH from China

Posted: 22 Oct 2014, 09:16
by jason_man
Hi all!

I am come from Hong Kong. After I install the csf, it show that many ip from China try to login to my sever by ssh. How can I block the ip from China to login to my SSH but they can visit my website?( but don't block Hong Kong, otherwise I cannot login :eek: )

122.225.109.208 # lfd: (sshd) Failed SSH login from 122.225.109.208 (CN/China/-): 5 in the last 3600 secs - Mon Oct 20 18:46:28 2014
122.225.97.72 # lfd: (sshd) Failed SSH login from 122.225.97.72 (CN/China/-): 5 in the last 3600 secs - Mon Oct 20 19:49:17 2014
203.170.193.136 # lfd: (sshd) Failed SSH login from 203.170.193.136 (TH/Thailand/-): 5 in the last 3600 secs - Mon Oct 20 20:11:54 2014
192.237.215.178 # lfd: (cpanel) Failed cPanel login from 192.237.215.178 (US/United States/-): 5 in the last 3600 secs - Mon Oct 20 23:08:41 2014
122.225.97.85 # lfd: (sshd) Failed SSH login from 122.225.97.85 (CN/China/huzhou.ctc. mx.fund123 .cn): 5 in the last 3600 secs - Mon Oct 20 23:43:49 2014
199.89.54.108 # lfd: (cpanel) Failed cPanel login from 199.89.54.108 (US/United States/-): 5 in the last 3600 secs - Tue Oct 21 00:29:35 2014
183.110.253.233 # lfd: (sshd) Failed SSH login from 183.110.253.233 (KR/Korea, Republic of/-): 5 in the last 3600 secs - Tue Oct 21 03:25:27 2014
122.225.97.101 # lfd: (sshd) Failed SSH login from 122.225.97.101 (CN/China/mx4.fund123 .cn): 5 in the last 3600 secs - Tue Oct 21 05:20:55 2014
222.136.71.19 # lfd: (sshd) Failed SSH login from 222.136.71.19 (CN/China/hn.kd.ny .adsl): 5 in the last 3600 secs - Tue Oct 21 06:00:21 2014
58.18.172.171 # lfd: (sshd) Failed SSH login from 58.18.172.171 (CN/China/-): 5 in the last 3600 secs - Tue Oct 21 15:07:27 2014
122.225.109.102 # lfd: (sshd) Failed SSH login from 122.225.109.102 (CN/China/-): 5 in the last 3600 secs - Tue Oct 21 17:03:08 2014
61.174.51.205 # lfd: (sshd) Failed SSH login from 61.174.51.205 (CN/China/205.51.174.61.dial.wz.zj.dynamic. 163data. com .cn): 5 in the last 3600 secs - Tue Oct 21 17:16:08 2014
222.186.34.121 # lfd: (sshd) Failed SSH login from 222.186.34.121 (CN/China/-): 5 in the last 3600 secs - Tue Oct 21 23:18:12 2014
61.174.51.222 # lfd: (sshd) Failed SSH login from 61.174.51.222 (CN/China/222.51.174.61.dia l.wz.zj .dynamic. 163data. com .cn): 5 in the last 3600 secs - Wed Oct 22 00:02:33 2014
122.225.109.220 # lfd: (sshd) Failed SSH login from 122.225.109.220 (CN/China/-): 5 in the last 3600 secs - Wed Oct 22 00:56:18 2014
117.27.158.88 # lfd: (sshd) Failed SSH login from 117.27.158.88 (CN/China/-): 5 in the last 3600 secs - Wed Oct 22 01:05:30 2014
122.225.109.194 # lfd: (sshd) Failed SSH login from 122.225.109.194 (CN/China/-): 5 in the last 3600 secs - Wed Oct 22 01:15:19 2014
103.22.188.164 # lfd: (sshd) Failed SSH login from 103.22.188.164 (CN/China/htuidc. bgp.ip): 5 in the last 3600 secs - Wed Oct 22 05:26:42 2014
91.194.254.145 # lfd: (sshd) Failed SSH login from 91.194.254.145 (RU/Russian Federation/hosted-by .dimline. org): 5 in the last 3600 secs - Wed Oct 22 06:38:43 2014
122.225.97.96 # lfd: (sshd) Failed SSH login from 122.225.97.96 (CN/China/-): 5 in the last 3600 secs - Wed Oct 22 08:17:25 2014
95.225.143.1 # lfd: (smtpauth) Failed SMTP AUTH login from 95.225.143.1 (IT/Italy/host1-143-static.225-95-b.business. telecomitalia .it): 5 in the last 3600 secs - Wed Oct 22 08:21:52 2014
222.186.130.185 # lfd: (sshd) Failed SSH login from 222.186.130.185 (CN/China/-): 5 in the last 3600 secs - Wed Oct 22 09:03:54 2014
122.225.109.200 # lfd: (sshd) Failed SSH login from 122.225.109.200 (CN/China/-): 5 in the last 3600 secs - Wed Oct 22 11:14:44 2014
122.225.97.111 # lfd: (sshd) Failed SSH login from 122.225.97.111 (CN/China/-): 5 in the last 3600 secs - Wed Oct 22 13:42:57 2014

Thanks all!

Re: Block IP login to SSH from China

Posted: 22 Oct 2014, 12:18
by open6hosting
If you ban it using "csf -dr IP" , that IP never could login ssh, or httpd..

you can check it using: iptables -nL |grep IP

With that command, you will see that IP has been banned.

Re: Block IP login to SSH from China

Posted: 23 Oct 2014, 09:39
by jason_man
Thank for your reply!

Because many IP come from China try to login SSH, how can I only block the IP from China to login SSH? There are many different IP, I cannot only set the IP. Can I block it by country?

218.2.0.129 # lfd: (sshd) Failed SSH login from 218.2.0.129 (CN/China/-): 5 in the last 3600 secs - Thu Oct 23 00:43:47 2014
122.225.109.101 # lfd: (sshd) Failed SSH login from 122.225.109.101 (CN/China/-): 5 in the last 3600 secs - Thu Oct 23 05:40:43 2014
198.27.108.174 # lfd: (sshd) Failed SSH login from 198.27.108.174 (US/United States/-): 5 in the last 3600 secs - Thu Oct 23 06:03:28 2014
122.225.109.218 # lfd: (sshd) Failed SSH login from 122.225.109.218 (CN/China/-): 5 in the last 3600 secs - Thu Oct 23 08:11:47 2014
218.2.0.130 # lfd: (sshd) Failed SSH login from 218.2.0.130 (CN/China/-): 5 in the last 3600 secs - Thu Oct 23 09:38:11 2014
117.27.158.104 # lfd: (sshd) Failed SSH login from 117.27.158.104 (CN/China/-): 5 in the last 3600 secs - Thu Oct 23 10:47:32 2014
61.174.51.223 # lfd: (sshd) Failed SSH login from 61.174.51.223 (CN/China/223.51.174.61.dial.wz.zj.dynamic .163data .com .cn): 5 in the last 3600 secs - Thu Oct 23 15:07:52 2014
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited