LinuxQuestions.org - Attacker IPs

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - Attacker IPs (https://www.linuxquestions.org/questions/linux-security-4/attacker-ips-4175633883/)

Hello

Thanks for your attention.
I am using a cload to prevent DDOs attacks on

my site and it is supposed just I see the IP of

my cload on my server but when I check it with

netstat -ntu | awk '{print $5}' | cut -d: -f1 |

sort | uniq -c | sort -n

I see many strange IPs and when I Google them I

find they are attacker IPs.

- I am using centos web panel (CWP).

Now I wonder:
- Why they come to my site directly and do not

go through the cload to prevent them? (I do not

think they have my IP, I have used 2 different

cloads)

- I ban them manually, can it becomes an auto

action?
- Are they doing Slowris attack on my site?

(Because I receive for example 335 load average

and database error sometime or even 3 times a

day with low bandwith)

- Is it a good job to ban the most famous

attacker IPs ? If yes how can I get the list?

Thanks

Please post your thread in only one forum. Posting a single thread in the most relevant forum will make it easier for members to help you and will keep the discussion in one place. This thread is being closed because it is a duplicate.

https://www.linuxquestions.org/quest...ad-4175633884/

Sorry
I didn't do it on purpose.

OK no problem, see if the other thread gets any replies. :) Hopefully.

Quote:

Originally Posted by jefro (Post 5878970)

OK no problem, see if the other thread gets any replies. :) Hopefully.

I replied at length and w\good "manners" ;)

There are many IP blacklists available if you google for them.