Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 07-12-2012, 12:29 PM   #1
Registered: Jun 2012
Posts: 118
Blog Entries: 1

Rep: Reputation: Disabled
How to block a single ipaddress using TCP Wrappers

Dear All
Today i found in my apache logs that my server was flooded with a single ipaddress in access.log.I could find my server is keep on accessed the remote server and there accessed url are been reflecting on my access log of my server.Any suggestion how the accessed url of remote server reflect on my server apache access log

http://clientip/~admin/a-poster/proxy.php HTTP/1.1" -- Its shows my server ipaddress.

Thus i tried out blocking of server ipaddress using tcp wrapper

vi /etc/hosts.deny


But i could found the server ipaddress in my apache access.log
Old 07-12-2012, 12:34 PM   #2
Senior Member
Registered: Mar 2012
Distribution: Red Hat
Posts: 1,604

Rep: Reputation: 415Reputation: 415Reputation: 415Reputation: 415Reputation: 415
Forget apache, you don't want the connection to get tor your application layer if it's a security issue. You would want to block this on the OS or network layer.

For iptables, here ya go:

iptables -A INPUT -s -j DROP
iptables -A OUTPUT -d -j DROP
Just run those commands as root, replace the with the IP and BAM!

The good thing about this is it's a drop rule, different from a reject rule in the fact that your server sends no response at all to the originating connection, a reject will send a response back telling them its rejected. This indicates the server is still up to the remote attacker and they keep trying to get in. If it's a drop, they get no responses, connection just times out as if the IP of your server had changed or the server itself is down.
1 members found this post helpful.
Old 07-12-2012, 03:27 PM   #3
Senior Member
Registered: Mar 2012
Distribution: Red Hat
Posts: 1,604

Rep: Reputation: 415Reputation: 415Reputation: 415Reputation: 415Reputation: 415
Just a follow up when I am referring to layers I am referring to the OSI Model:

The lower down in the layers you get the more you are isolating your system/application. So if you prevent it on layer 1, the physical layer, with a hardware firewall that is outside your internal network it would be the most advised solution. OSI model is something good to look over if you've never heard of it.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
TCP wrappers purpman Linux - Security 3 07-01-2012 07:08 PM
[SOLVED] tcp wrappers devilboy09 Linux From Scratch 5 11-21-2011 09:13 AM
how to block POP and IMAP through TCP wrappers justsimran Linux - General 3 05-17-2007 12:02 PM
Tcp wrappers sysconfig Linux - Security 4 09-08-2006 08:20 AM
TCP Wrappers ltrain Linux - Security 6 05-31-2001 10:40 PM > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 12:03 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration