Please help asap. How do I prevent spamm comming to my server?

MiKANiSe · 07-21-2009, 03:42 PM

Hey! I have a gaming server set up on linux and one guy keeps spamming it with bots (no players can connect). He has a dinamic IP so I fail to ban him. All I know is that he makes up to 300 connections from his IP per second (from logs). Is there a way to ban him automaticly anytime he tries to connect like that? I heard you can use iptables for such tasks, but I am really not that good in linux to figure out how to do it by myself. Please help asap, because we have a donation-based funding system and we're loosing much money, since if players can't play, they won't donate. Thanks in advance.

foodown · 07-21-2009, 05:01 PM

You can filter out the guy's MAC address and drop all of his packets.

Here is an article on the subject with examples:

http://www.cyberciti.biz/tips/iptabl...filtering.html

Berhanie · 07-21-2009, 07:24 PM

Quote:

You can filter out the guy's MAC address and drop all of his packets.

You mean IP address, right? MAC addresses don't travel across the internet.

chrism01 · 07-22-2009, 01:23 AM

Have you tried http://www.fail2ban.org/wiki/index.php/Main_Page

MiKANiSe · 07-22-2009, 02:27 AM

Can I use fail2ban to ban people that are just connecting to the server (not via SSH and they don't actually need a password)?

MiKANiSe · 07-22-2009, 08:27 AM

Sorry for the bump, but please help.

deadeyes · 07-22-2009, 10:44 AM

I think you can use iptables to limit the connection attempts to a few per second
(I will look it up and let you know)
http://www.debian-administration.org/articles/187 explains how to do this

Please let me know if you have any problems in applying this (be sure to save it so the changes are persistent.)

MiKANiSe · 07-22-2009, 11:30 AM

Quote:

Originally Posted by deadeyes

I think you can use iptables to limit the connection attempts to a few per second
(I will look it up and let you know)
http://www.debian-administration.org/articles/187 explains how to do this

Please let me know if you have any problems in applying this (be sure to save it so the changes are persistent.)

Thanks, Deadeyes.

However, I fail to apply it:

when I type (testing the example):

Code:

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \ --set

I get

Code:

iptables: No chain/target/match by that name

deadeyes · 07-25-2009, 06:32 AM

Quote:

Originally Posted by MiKANiSe

Thanks, Deadeyes.

However, I fail to apply it:

when I type (testing the example):

Code:

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \ --set

I get

Code:

iptables: No chain/target/match by that name

I think this is due a module not loaded:
ipt_recent

Look if you can find it in the output of lsmod after issueing the iptables command.

If not load it manually
modprobe ipt_recent

Another one that could be necessary:
ipt_REJECT
xt_tcpudp
x_tables

What distro are you using?

For me this worked instantaneously.

deadeyes · 07-25-2009, 07:04 PM

Also try this:
http://hostingfu.com/article/ssh-dic...-with-iptables
Just rename the service and correct the port number.

Someone told me you can only have one -m (which does not seem to be true for CentOS). But in the link above you can find an example with one -m in a line.

Please respond if anything here resolves your problem (also if it does not).

I opened a thread here about the -m issue:
http://www.linuxquestions.org/questi...nt-set-742801/
What I can see as a difference between gentoo and centos is that gentoo is using 1.4.x.x and centos 1.3.x.x
Maybe the syntax has changed and that is the cause of this problem. In this guide you can find it for 1.4.x.x:
http://www.geocities.com/youssef116/...g/ratelim.html