LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 07-21-2009, 03:42 PM   #1
MiKANiSe
LQ Newbie
 
Registered: Mar 2009
Posts: 13

Rep: Reputation: 1
Exclamation Please help asap. How do I prevent spamm comming to my server?


Hey! I have a gaming server set up on linux and one guy keeps spamming it with bots (no players can connect). He has a dinamic IP so I fail to ban him. All I know is that he makes up to 300 connections from his IP per second (from logs). Is there a way to ban him automaticly anytime he tries to connect like that? I heard you can use iptables for such tasks, but I am really not that good in linux to figure out how to do it by myself. Please help asap, because we have a donation-based funding system and we're loosing much money, since if players can't play, they won't donate. Thanks in advance.
 
Old 07-21-2009, 05:01 PM   #2
foodown
Member
 
Registered: Jun 2009
Location: Texas
Distribution: Slackware
Posts: 609

Rep: Reputation: 218Reputation: 218Reputation: 218
You can filter out the guy's MAC address and drop all of his packets.

Here is an article on the subject with examples:

http://www.cyberciti.biz/tips/iptabl...filtering.html
 
Old 07-21-2009, 07:24 PM   #3
Berhanie
Senior Member
 
Registered: Dec 2003
Location: phnom penh
Distribution: Fedora
Posts: 1,625

Rep: Reputation: 165Reputation: 165
Quote:
You can filter out the guy's MAC address and drop all of his packets.
You mean IP address, right? MAC addresses don't travel across the internet.
 
Old 07-22-2009, 01:23 AM   #4
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,242

Rep: Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024Reputation: 2024
Have you tried http://www.fail2ban.org/wiki/index.php/Main_Page
 
Old 07-22-2009, 02:27 AM   #5
MiKANiSe
LQ Newbie
 
Registered: Mar 2009
Posts: 13

Original Poster
Rep: Reputation: 1
Can I use fail2ban to ban people that are just connecting to the server (not via SSH and they don't actually need a password)?
 
Old 07-22-2009, 08:27 AM   #6
MiKANiSe
LQ Newbie
 
Registered: Mar 2009
Posts: 13

Original Poster
Rep: Reputation: 1
Sorry for the bump, but please help.
 
Old 07-22-2009, 10:44 AM   #7
deadeyes
Member
 
Registered: Aug 2006
Posts: 605

Rep: Reputation: 78
I think you can use iptables to limit the connection attempts to a few per second
(I will look it up and let you know)
http://www.debian-administration.org/articles/187 explains how to do this

Please let me know if you have any problems in applying this (be sure to save it so the changes are persistent.)

Last edited by deadeyes; 07-22-2009 at 10:55 AM.
 
Old 07-22-2009, 11:30 AM   #8
MiKANiSe
LQ Newbie
 
Registered: Mar 2009
Posts: 13

Original Poster
Rep: Reputation: 1
Quote:
Originally Posted by deadeyes View Post
I think you can use iptables to limit the connection attempts to a few per second
(I will look it up and let you know)
http://www.debian-administration.org/articles/187 explains how to do this

Please let me know if you have any problems in applying this (be sure to save it so the changes are persistent.)

Thanks, Deadeyes.

However, I fail to apply it:

when I type (testing the example):
Code:
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \ --set
I get
Code:
iptables: No chain/target/match by that name
 
Old 07-25-2009, 06:32 AM   #9
deadeyes
Member
 
Registered: Aug 2006
Posts: 605

Rep: Reputation: 78
Quote:
Originally Posted by MiKANiSe View Post
Thanks, Deadeyes.

However, I fail to apply it:

when I type (testing the example):
Code:
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \ --set
I get
Code:
iptables: No chain/target/match by that name
I think this is due a module not loaded:
ipt_recent

Look if you can find it in the output of lsmod after issueing the iptables command.

If not load it manually
modprobe ipt_recent

Another one that could be necessary:
ipt_REJECT
xt_tcpudp
x_tables

What distro are you using?

For me this worked instantaneously.
 
Old 07-25-2009, 07:04 PM   #10
deadeyes
Member
 
Registered: Aug 2006
Posts: 605

Rep: Reputation: 78
Also try this:
http://hostingfu.com/article/ssh-dic...-with-iptables
Just rename the service and correct the port number.

Someone told me you can only have one -m (which does not seem to be true for CentOS). But in the link above you can find an example with one -m in a line.

Please respond if anything here resolves your problem (also if it does not).

I opened a thread here about the -m issue:
http://www.linuxquestions.org/questi...nt-set-742801/
What I can see as a difference between gentoo and centos is that gentoo is using 1.4.x.x and centos 1.3.x.x
Maybe the syntax has changed and that is the cause of this problem. In this guide you can find it for 1.4.x.x:
http://www.geocities.com/youssef116/...g/ratelim.html

Last edited by deadeyes; 07-25-2009 at 07:17 PM.
 
  


Reply

Tags
attack, dos, spam, spamming


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
DNS Error cannot find server asap reymon Linux - Server 2 07-01-2009 10:50 PM
prevent using server IP tieuquaybk Linux - Networking 2 01-16-2007 03:47 PM
How to have prevent X server to... melopll *BSD 4 08-29-2005 05:45 PM
how to prevent x server from starting? iansworld Fedora 5 02-20-2005 03:40 AM
Prevent other to ping the server kelper Linux - Security 2 09-04-2003 04:50 AM


All times are GMT -5. The time now is 11:41 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration