LinuxQuestions.org - Please help asap. How do I prevent spamm comming to my server?

- Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)

- - Please help asap. How do I prevent spamm comming to my server? (https://www.linuxquestions.org/questions/linux-server-73/please-help-asap-how-do-i-prevent-spamm-comming-to-my-server-741780/)

MiKANiSe

07-21-2009 03:42 PM

Please help asap. How do I prevent spamm comming to my server?

Hey! I have a gaming server set up on linux and one guy keeps spamming it with bots (no players can connect). He has a dinamic IP so I fail to ban him. All I know is that he makes up to 300 connections from his IP per second (from logs). Is there a way to ban him automaticly anytime he tries to connect like that? I heard you can use iptables for such tasks, but I am really not that good in linux to figure out how to do it by myself. Please help asap, because we have a donation-based funding system and we're loosing much money, since if players can't play, they won't donate. Thanks in advance. :)

foodown

07-21-2009 05:01 PM

You can filter out the guy's MAC address and drop all of his packets.

Here is an article on the subject with examples:

http://www.cyberciti.biz/tips/iptabl...filtering.html

Berhanie

07-21-2009 07:24 PM

Quote:

You can filter out the guy's MAC address and drop all of his packets.

You mean IP address, right? MAC addresses don't travel across the internet.

chrism01

07-22-2009 01:23 AM

Have you tried http://www.fail2ban.org/wiki/index.php/Main_Page

MiKANiSe

07-22-2009 02:27 AM

Can I use fail2ban to ban people that are just connecting to the server (not via SSH and they don't actually need a password)?

MiKANiSe

07-22-2009 08:27 AM

Sorry for the bump, but please help.

deadeyes

07-22-2009 10:44 AM

I think you can use iptables to limit the connection attempts to a few per second
(I will look it up and let you know)
http://www.debian-administration.org/articles/187 explains how to do this

Please let me know if you have any problems in applying this (be sure to save it so the changes are persistent.)

MiKANiSe

07-22-2009 11:30 AM

Quote:

Originally Posted by deadeyes (Post 3616529)

Thanks, Deadeyes.

However, I fail to apply it:

when I type (testing the example):

Code:

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \ --set

I get

Code:

iptables: No chain/target/match by that name

deadeyes

07-25-2009 06:32 AM

Quote:

Originally Posted by MiKANiSe (Post 3616586)

Thanks, Deadeyes.

However, I fail to apply it:

when I type (testing the example):

Code:

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \ --set

I get

Code:

iptables: No chain/target/match by that name

I think this is due a module not loaded:
ipt_recent

Look if you can find it in the output of lsmod after issueing the iptables command.

If not load it manually
modprobe ipt_recent

Another one that could be necessary:
ipt_REJECT
xt_tcpudp
x_tables

What distro are you using?

For me this worked instantaneously.

deadeyes

07-25-2009 07:04 PM

Also try this:
http://hostingfu.com/article/ssh-dic...-with-iptables
Just rename the service and correct the port number.

Someone told me you can only have one -m (which does not seem to be true for CentOS). But in the link above you can find an example with one -m in a line.

Please respond if anything here resolves your problem (also if it does not).

I opened a thread here about the -m issue:
http://www.linuxquestions.org/questi...nt-set-742801/
What I can see as a difference between gentoo and centos is that gentoo is using 1.4.x.x and centos 1.3.x.x
Maybe the syntax has changed and that is the cause of this problem. In this guide you can find it for 1.4.x.x:
http://www.geocities.com/youssef116/...g/ratelim.html

All times are GMT -5. The time now is 07:05 AM.