LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-12-2018, 05:08 PM   #1
yeknafar
LQ Newbie
 
Registered: Jul 2018
Posts: 10

Rep: Reputation: Disabled
Attacker IPs


Hello

Thanks for your attention.
I am using a cload to prevent DDOs attacks on

my site and it is supposed just I see the IP of

my cload on my server but when I check it with

netstat -ntu | awk '{print $5}' | cut -d: -f1 |

sort | uniq -c | sort -n

I see many strange IPs and when I Google them I

find they are attacker IPs.


- I am using centos web panel (CWP).

Now I wonder:
- Why they come to my site directly and do not

go through the cload to prevent them? (I do not

think they have my IP, I have used 2 different

cloads)

- I ban them manually, can it becomes an auto

action?
- Are they doing Slowris attack on my site?

(Because I receive for example 335 load average

and database error sometime or even 3 times a

day with low bandwith)

- Is it a good job to ban the most famous

attacker IPs ? If yes how can I get the list?


Thanks
 
Old 07-13-2018, 04:17 PM   #2
jefro
Moderator
 
Registered: Mar 2008
Posts: 18,248

Rep: Reputation: 2727Reputation: 2727Reputation: 2727Reputation: 2727Reputation: 2727Reputation: 2727Reputation: 2727Reputation: 2727Reputation: 2727Reputation: 2727Reputation: 2727
Please post your thread in only one forum. Posting a single thread in the most relevant forum will make it easier for members to help you and will keep the discussion in one place. This thread is being closed because it is a duplicate.

https://www.linuxquestions.org/quest...ad-4175633884/
 
Old 07-13-2018, 04:52 PM   #3
yeknafar
LQ Newbie
 
Registered: Jul 2018
Posts: 10

Original Poster
Rep: Reputation: Disabled
Sorry
I didn't do it on purpose.
 
Old 07-13-2018, 06:40 PM   #4
jefro
Moderator
 
Registered: Mar 2008
Posts: 18,248

Rep: Reputation: 2727Reputation: 2727Reputation: 2727Reputation: 2727Reputation: 2727Reputation: 2727Reputation: 2727Reputation: 2727Reputation: 2727Reputation: 2727Reputation: 2727
OK no problem, see if the other thread gets any replies. Hopefully.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Attacker IPs do not go through my cload yeknafar Linux - Server 1 07-13-2018 08:17 PM
iptables blocking all ips except US & US Amazon. Can't log dropped IPs. mcginlej Linux - Networking 3 10-08-2013 12:18 PM
Getting things straight: Apache, SSL, Multiple External IPs / Internal IPs robin.com.au Linux - Server 21 10-13-2007 11:39 PM
how to define a specific range of IPs and/or multiple IPs in an iptables rule?... TheHellsMaster Linux - Security 9 09-20-2004 10:06 AM
How about this attacker? pe2338 Debian 5 09-03-2003 05:43 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:45 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration