Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
03-01-2006, 04:05 PM
|
#1
|
|
Member
Registered: Mar 2005
Location: Alphen aan den Rijn , netherlands
Distribution: core
Posts: 57
Rep: 
|
Block country's with hosts.deny
Is there a way to black complete country's
I get on some servers many and i mean MANY hack attempts of example korea russia etc.
Is there a script that checks http://www.apnic.net/ and takes the new ip's of the country and blocks them.
The info is free to download so i asume that anyone has already invented this script.
If you have other suggestions plz share it.
For the record my servers are save but this saves lots of bandwith plus it is a secure way.
My customers dont have clients in russia and korea etc.
thnx in advance |
|
|
|
|
03-01-2006, 07:08 PM
|
#2
|
|
Senior Member
Registered: Aug 2005
Posts: 1,755
Rep:
|
denyhosts is a program that automatically checks your ssh logs and blocks IPs that try to repeatedly log in or something, many distros have a package for it
|
|
|
|
|
03-01-2006, 07:11 PM
|
#3
|
|
Senior Member
Registered: May 2004
Location: Leipzig/Germany
Distribution: Arch
Posts: 1,687
Rep:
|
even with:
ALL: PARANIOD
in /etc/hosts.deny
you would still get connection attempts!?
Maybe review the services which you offer to the net - and how they are set up - to make you appear less attractive?
|
|
|
|
|
03-01-2006, 10:49 PM
|
#4
|
|
Member
Registered: Dec 2005
Location: Chicago
Distribution: Fedora and Redhat
Posts: 86
Rep:
|
HAHAHA , i was just working on this hosts.deny
remove comments to countries you want to say
"NO INTERWEB FOR YOU!!"
Code:
#
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow. In particular
# you should know that NFS uses portmap!
#ALL:ALL
#ALL:ALL: .ac
#ALL:ALL: .ad
#ALL:ALL: .ae
#ALL:ALL: .af
#ALL:ALL: .ag
#ALL:ALL: .ai
#ALL:ALL: .al
#ALL:ALL: .am
#ALL:ALL: .an
#ALL:ALL: .ao
#ALL:ALL: .aq
#ALL:ALL: .ar
#ALL:ALL: .as
#ALL:ALL: .at
#ALL:ALL: .au
#ALL:ALL: .aw
#ALL:ALL: .az
#ALL:ALL: .ax
#ALL:ALL: .ba
#ALL:ALL: .bb
#ALL:ALL: .bd
#ALL:ALL: .be
#ALL:ALL: .bf
#ALL:ALL: .bg
#ALL:ALL: .bh
#ALL:ALL: .bi
#ALL:ALL: .bj
#ALL:ALL: .bm
#ALL:ALL: .bn
#ALL:ALL: .bo
#ALL:ALL: .br
#ALL:ALL: .bs
#ALL:ALL: .bt
#ALL:ALL: .bv
#ALL:ALL: .bw
#ALL:ALL: .by
#ALL:ALL: .bz
#ALL:ALL: .ca
#ALL:ALL: .cc
#ALL:ALL: .cd
#ALL:ALL: .cf
#ALL:ALL: .cg
#ALL:ALL: .ch
#ALL:ALL: .ci
#ALL:ALL: .ck
#ALL:ALL: .cl
#ALL:ALL: .cm
#ALL:ALL: .cn
#ALL:ALL: .co
#ALL:ALL: .cr
#ALL:ALL: .cs
#ALL:ALL: .cu
#ALL:ALL: .cv
#ALL:ALL: .cx
#ALL:ALL: .cy
#ALL:ALL: .cz
#ALL:ALL: .de
#ALL:ALL: .dj
#ALL:ALL: .dk
#ALL:ALL: .dm
#ALL:ALL: .do
#ALL:ALL: .dz
#ALL:ALL: .ec
#ALL:ALL: .ee
#ALL:ALL: .eg
#ALL:ALL: .eh
#ALL:ALL: .er
#ALL:ALL: .es
#ALL:ALL: .et
#ALL:ALL: .eu
#ALL:ALL: .fi
#ALL:ALL: .fj
#ALL:ALL: .fk
#ALL:ALL: .fm
#ALL:ALL: .fo
#ALL:ALL: .fr
#ALL:ALL: .ga
#ALL:ALL: .gb
#ALL:ALL: .gd
#ALL:ALL: .ge
#ALL:ALL: .gf
#ALL:ALL: .gg
#ALL:ALL: .gh
#ALL:ALL: .gi
#ALL:ALL: .gl
#ALL:ALL: .gm
#ALL:ALL: .gn
#ALL:ALL: .gp
#ALL:ALL: .gq
#ALL:ALL: .gr
#ALL:ALL: .gs
#ALL:ALL: .gt
#ALL:ALL: .gu
#ALL:ALL: .gw
#ALL:ALL: .gy
#ALL:ALL: .hk
#ALL:ALL: .hm
#ALL:ALL: .hn
#ALL:ALL: .hr
#ALL:ALL: .ht
#ALL:ALL: .hu
#ALL:ALL: .id
#ALL:ALL: .ie
#ALL:ALL: .il
#ALL:ALL: .im
#ALL:ALL: .in
#ALL:ALL: .io
#ALL:ALL: .iq
#ALL:ALL: .ir
#ALL:ALL: .is
#ALL:ALL: .it
#ALL:ALL: .je
#ALL:ALL: .jm
#ALL:ALL: .jo
#ALL:ALL: .jp
#ALL:ALL: .ke
#ALL:ALL: .kg
#ALL:ALL: .kh
#ALL:ALL: .ki
#ALL:ALL: .km
#ALL:ALL: .kn
#ALL:ALL: .kp
#ALL:ALL: .kr
#ALL:ALL: .kw
#ALL:ALL: .ky
#ALL:ALL: .kz
#ALL:ALL: .la
#ALL:ALL: .lb
#ALL:ALL: .lc
#ALL:ALL: .li
#ALL:ALL: .lk
#ALL:ALL: .lr
#ALL:ALL: .ls
#ALL:ALL: .lt
#ALL:ALL: .lu
#ALL:ALL: .lv
#ALL:ALL: .ly
#ALL:ALL: .ma
#ALL:ALL: .mc
#ALL:ALL: .md
#ALL:ALL: .mg
#ALL:ALL: .mh
#ALL:ALL: .mk
#ALL:ALL: .ml
#ALL:ALL: .mm
#ALL:ALL: .mn
#ALL:ALL: .mo
#ALL:ALL: .mp
#ALL:ALL: .mq
#ALL:ALL: .mr
#ALL:ALL: .ms
#ALL:ALL: .mt
#ALL:ALL: .mu
#ALL:ALL: .mv
#ALL:ALL: .mw
#ALL:ALL: .mx
#ALL:ALL: .my
#ALL:ALL: .mz
#ALL:ALL: .na
#ALL:ALL: .nc
#ALL:ALL: .ne
#ALL:ALL: .nf
#ALL:ALL: .ng
#ALL:ALL: .ni
#ALL:ALL: .nl
#ALL:ALL: .no
#ALL:ALL: .np
#ALL:ALL: .nr
#ALL:ALL: .nu
#ALL:ALL: .nz
#ALL:ALL: .om
#ALL:ALL: .pa
#ALL:ALL: .pe
#ALL:ALL: .pf
#ALL:ALL: .pg
#ALL:ALL: .ph
#ALL:ALL: .pk
#ALL:ALL: .pl
#ALL:ALL: .pm
#ALL:ALL: .pn
#ALL:ALL: .pr
#ALL:ALL: .ps
#ALL:ALL: .pt
#ALL:ALL: .pw
#ALL:ALL: .py
#ALL:ALL: .qa
#ALL:ALL: .re
#ALL:ALL: .ro
#ALL:ALL: .ru
#ALL:ALL: .rw
#ALL:ALL: .sa
#ALL:ALL: .sb
#ALL:ALL: .sc
#ALL:ALL: .sd
#ALL:ALL: .se
#ALL:ALL: .sg
#ALL:ALL: .sh
#ALL:ALL: .si
#ALL:ALL: .sj
#ALL:ALL: .sk
#ALL:ALL: .sl
#ALL:ALL: .sm
#ALL:ALL: .sn
#ALL:ALL: .so
#ALL:ALL: .sr
#ALL:ALL: .st
#ALL:ALL: .sv
#ALL:ALL: .sy
#ALL:ALL: .sz
#ALL:ALL: .tc
#ALL:ALL: .td
#ALL:ALL: .tf
#ALL:ALL: .tg
#ALL:ALL: .th
#ALL:ALL: .tj
#ALL:ALL: .tk
#ALL:ALL: .tl
#ALL:ALL: .tm
#ALL:ALL: .tn
#ALL:ALL: .to
#ALL:ALL: .tp
#ALL:ALL: .tr
#ALL:ALL: .tt
#ALL:ALL: .tv
#ALL:ALL: .tw
#ALL:ALL: .tz
#ALL:ALL: .ua
#ALL:ALL: .ug
#ALL:ALL: .uk
#ALL:ALL: .um
#.us . United States
#ALL:ALL: .uy
#ALL:ALL: .uz
#ALL:ALL: .va
#ALL:ALL: .vc
#ALL:ALL: .ve
#ALL:ALL: .vg
#ALL:ALL: .vi
#ALL:ALL: .vn
#ALL:ALL: .vu
#ALL:ALL: .wf
#ALL:ALL: .ws
#ALL:ALL: .ye
#ALL:ALL: .yt
#ALL:ALL: .yu
#ALL:ALL: .za
#ALL:ALL: .zm
#ALL:ALL: .zw
|
|
|
|
|
03-02-2006, 09:32 AM
|
#5
|
|
Member
Registered: Mar 2005
Location: Alphen aan den Rijn , netherlands
Distribution: core
Posts: 57
Original Poster
Rep:
|
wow didnt know we had this much.
great file
where did u get the .xx information from.
|
|
|
|
|
03-02-2006, 09:36 AM
|
#6
|
|
Member
Registered: Mar 2005
Location: Alphen aan den Rijn , netherlands
Distribution: core
Posts: 57
Original Poster
Rep:
|
Quote:
|
Originally Posted by sipsipi
HAHAHA , i was just working on this hosts.deny
remove comments to countries you want to say
"NO INTERWEB FOR YOU!!"
Just udate the countries information
Code:
#
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow. In particular
# you should know that NFS uses portmap!
#ALL:ALL
#ALL:ALL: .ac
#ALL:ALL: .ad
#ALL:ALL: .ae
#ALL:ALL: .af
#ALL:ALL: .ag
#ALL:ALL: .ai
#ALL:ALL: .al
#ALL:ALL: .am
#ALL:ALL: .an
#ALL:ALL: .ao
#ALL:ALL: .aq
#ALL:ALL: .ar
#ALL:ALL: .as
#ALL:ALL: .at
#ALL:ALL: .au
#ALL:ALL: .aw
#ALL:ALL: .az
#ALL:ALL: .ax
#ALL:ALL: .ba
#ALL:ALL: .bb
#ALL:ALL: .bd
# .be Belgium
#ALL:ALL: .be
#ALL:ALL: .bf
#ALL:ALL: .bg
#ALL:ALL: .bh
#ALL:ALL: .bi
#ALL:ALL: .bj
#ALL:ALL: .bm
#ALL:ALL: .bn
#ALL:ALL: .bo
#ALL:ALL: .br
#ALL:ALL: .bs
#ALL:ALL: .bt
#ALL:ALL: .bv
#ALL:ALL: .bw
#ALL:ALL: .by
#ALL:ALL: .bz
#ALL:ALL: .ca
#ALL:ALL: .cc
#ALL:ALL: .cd
#ALL:ALL: .cf
#ALL:ALL: .cg
#ALL:ALL: .ch
#ALL:ALL: .ci
#ALL:ALL: .ck
#ALL:ALL: .cl
#ALL:ALL: .cm
#ALL:ALL: .cn
#ALL:ALL: .co
#ALL:ALL: .cr
#ALL:ALL: .cs
#ALL:ALL: .cu
#ALL:ALL: .cv
#ALL:ALL: .cx
#ALL:ALL: .cy
#ALL:ALL: .cz
#ALL:ALL: .de
#ALL:ALL: .dj
#ALL:ALL: .dk
#ALL:ALL: .dm
#ALL:ALL: .do
#ALL:ALL: .dz
#ALL:ALL: .ec
#ALL:ALL: .ee
#ALL:ALL: .eg
#ALL:ALL: .eh
#ALL:ALL: .er
#ALL:ALL: .es
#ALL:ALL: .et
# .eu europe
#ALL:ALL: .eu
#ALL:ALL: .fi
#ALL:ALL: .fj
#ALL:ALL: .fk
#ALL:ALL: .fm
#ALL:ALL: .fo
# .fr france
#ALL:ALL: .fr
#ALL:ALL: .ga
#ALL:ALL: .gb
#ALL:ALL: .gd
#ALL:ALL: .ge
#ALL:ALL: .gf
#ALL:ALL: .gg
#ALL:ALL: .gh
#ALL:ALL: .gi
#ALL:ALL: .gl
#ALL:ALL: .gm
#ALL:ALL: .gn
#ALL:ALL: .gp
#ALL:ALL: .gq
# .gr greece
#ALL:ALL: .gr
#ALL:ALL: .gs
#ALL:ALL: .gt
#ALL:ALL: .gu
#ALL:ALL: .gw
#ALL:ALL: .gy
#ALL:ALL: .hk
#ALL:ALL: .hm
#ALL:ALL: .hn
#ALL:ALL: .hr
#ALL:ALL: .ht
#ALL:ALL: .hu
#ALL:ALL: .id
#ALL:ALL: .ie
#ALL:ALL: .il
#ALL:ALL: .im
#ALL:ALL: .in
#ALL:ALL: .io
#ALL:ALL: .iq
#ALL:ALL: .ir
#ALL:ALL: .is
# .it italy
#ALL:ALL: .it
#ALL:ALL: .je
#ALL:ALL: .jm
#ALL:ALL: .jo
#ALL:ALL: .jp
#ALL:ALL: .ke
#ALL:ALL: .kg
#ALL:ALL: .kh
#ALL:ALL: .ki
#ALL:ALL: .km
#ALL:ALL: .kn
#ALL:ALL: .kp
# .kr kroatie
#ALL:ALL: .kr
#ALL:ALL: .kw
#ALL:ALL: .ky
#ALL:ALL: .kz
#ALL:ALL: .la
#ALL:ALL: .lb
#ALL:ALL: .lc
#ALL:ALL: .li
#ALL:ALL: .lk
#ALL:ALL: .lr
#ALL:ALL: .ls
#ALL:ALL: .lt
#ALL:ALL: .lu
#ALL:ALL: .lv
#ALL:ALL: .ly
#ALL:ALL: .ma
#ALL:ALL: .mc
#ALL:ALL: .md
#ALL:ALL: .mg
#ALL:ALL: .mh
#ALL:ALL: .mk
#ALL:ALL: .ml
#ALL:ALL: .mm
#ALL:ALL: .mn
#ALL:ALL: .mo
#ALL:ALL: .mp
#ALL:ALL: .mq
#ALL:ALL: .mr
#ALL:ALL: .ms
#ALL:ALL: .mt
#ALL:ALL: .mu
#ALL:ALL: .mv
#ALL:ALL: .mw
#ALL:ALL: .mx
#ALL:ALL: .my
#ALL:ALL: .mz
#ALL:ALL: .na
#ALL:ALL: .nc
#ALL:ALL: .ne
#ALL:ALL: .nf
#ALL:ALL: .ng
#ALL:ALL: .ni
#ALL:ALL: .nl
#ALL:ALL: .no
#ALL:ALL: .np
#ALL:ALL: .nr
#ALL:ALL: .nu
#ALL:ALL: .nz
#ALL:ALL: .om
#ALL:ALL: .pa
#ALL:ALL: .pe
#ALL:ALL: .pf
#ALL:ALL: .pg
#ALL:ALL: .ph
#ALL:ALL: .pk
# .pl poland
#ALL:ALL: .pl
#ALL:ALL: .pm
#ALL:ALL: .pn
#ALL:ALL: .pr
#ALL:ALL: .ps
#ALL:ALL: .pt
#ALL:ALL: .pw
#ALL:ALL: .py
#ALL:ALL: .qa
#ALL:ALL: .re
#ALL:ALL: .ro
# .ru russia
#ALL:ALL: .ru
#ALL:ALL: .rw
#ALL:ALL: .sa
#ALL:ALL: .sb
#ALL:ALL: .sc
#ALL:ALL: .sd
#ALL:ALL: .se
#ALL:ALL: .sg
#ALL:ALL: .sh
#ALL:ALL: .si
#ALL:ALL: .sj
#ALL:ALL: .sk
#ALL:ALL: .sl
#ALL:ALL: .sm
#ALL:ALL: .sn
#ALL:ALL: .so
#ALL:ALL: .sr
#ALL:ALL: .st
#ALL:ALL: .sv
#ALL:ALL: .sy
#ALL:ALL: .sz
#ALL:ALL: .tc
#ALL:ALL: .td
#ALL:ALL: .tf
#ALL:ALL: .tg
#ALL:ALL: .th
#ALL:ALL: .tj
#ALL:ALL: .tk
#ALL:ALL: .tl
#ALL:ALL: .tm
#ALL:ALL: .tn
#ALL:ALL: .to
#ALL:ALL: .tp
#ALL:ALL: .tr
#ALL:ALL: .tt
#ALL:ALL: .tv
#ALL:ALL: .tw
#ALL:ALL: .tz
#ALL:ALL: .ua
#ALL:ALL: .ug
#ALL:ALL: .uk
#ALL:ALL: .um
#.us . United States
#ALL:ALL: .uy
#ALL:ALL: .uz
#ALL:ALL: .va
#ALL:ALL: .vc
#ALL:ALL: .ve
#ALL:ALL: .vg
#ALL:ALL: .vi
#ALL:ALL: .vn
#ALL:ALL: .vu
#ALL:ALL: .wf
#ALL:ALL: .ws
#ALL:ALL: .ye
#ALL:ALL: .yt
#ALL:ALL: .yu
#ALL:ALL: .za
#ALL:ALL: .zm
#ALL:ALL: .zw
|
Am i nuts or where is .com .net .org etc
or blocks .co .ne .or this ?
? |
|
|
|
|
03-02-2006, 09:48 AM
|
#7
|
|
Member
Registered: Dec 2005
Location: Chicago
Distribution: Fedora and Redhat
Posts: 86
Rep:
|
I think I just googled for it or something. Try this out, let me know how it works.
|
|
|
|
|
03-02-2006, 10:01 AM
|
#8
|
|
Member
Registered: Mar 2005
Location: Alphen aan den Rijn , netherlands
Distribution: core
Posts: 57
Original Poster
Rep:
|
Am i nuts or where is .com .net .org etc
or blocks .co .ne .or this ?
?
Quote:
|
Originally Posted by sipsipi
I think I just googled for it or something. Try this out, let me know how it works.
|
|
|
|
|
All times are GMT -5. The time now is 02:52 PM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
