Hello , Some one trying to flood my server by ip 64.23.*.* . And i want to ban this ip from my server . Anybody know the command ? i am using shell access .

I don't know if adding the IP to /etc/hosts.deny will do the job, but you should really have a firewall installed that would have done the job automatically for you.

run

iptables -A INPUT -s 64.23.1.1/16 -j REJECT

could you explain to me that is the meaning of those command ?

it will block all traffic coming from 64.23.*.*

For a good description of the history of firewalling on a linux box, and iptables in particular, check this out:

http://tldp.org/LDP/nag2/x-087-2-firewall.future.html

Be careful with it though. It's possible to block all traffic (or traffic from *your* ip) with iptables.

-David

Thank you so much . How about a firewall ? Are there any kind of firewall that auto ban or stop flood ? For example , 10 peopel got 10 diference ip , they have scripts that alway conect to my sql ( Via some script in my forum ) then make a sql down. Anyway to stop that ?
Regard and sorry my bad english

Another thing you could do is:

As root,
#route add -net xxx.xxx.xxx.0 netmask 255.255.255.0 reject

Originally posted by VNPIXEL
run

iptables -A INPUT -s 64.23.1.1/16 -j REJECT

If you want to save on processing, congestion and bandwidth, use DROP instead of REJECT. REJECT generates a reply packet while DROP just ignores the connection attempt.

Note that all of this will prevent the IP from accessing your box, it will not prevent them from flooding your connection with packets. That requires blocking at the switch or router level for which you likely need to contact your host.

I have the same issue with this ip from china, 220.170.133.11
they have been trying my box the last few days, first it was the http, yesterday the ftp..not sure whats planned tonight..

i am running APF firewall..

Do I still use the iptables deny option?

Not trying to take over the thread but thought these answers would help us both :)

Thanks

how about they got hundress of ip adress and trying to connect to my sql ?
This is a Mysql processing in my server :
SELECT id FROM ibmembers WHERE LOWER(name)='be-yeu.com530804529' |
| 281236 | root | localhost | | Query | 0 | | show processlist

tons of it running in my server . What can i do to stop them ?
For example my server got 100 site with forum . Some flooder write a script that can auto run some sql query . And because they got a good connection so my server load very high about 60 .

do you really need mysql listening on an external interface ?

yes . i Need it . Because what can i do when hundress of connection connect to my sql every second . Could you show me the way ?

if your mysql database has to be connected to by lots of different servers then you'll have to just blacklist the individual ip

if its just a database server for 1 or 2 other ips you could explicitly allow only certain addresses

if its only for users that actually use that machine, it doesnt need to be listening on an external interface at all

thank , but the problem is they got thoundsand of difference ip . :( .if 1 or 2 ip only i was ban them all form iptables

if there are thousand ip access ur server at same time,first of all , i would worry about my bandwidth ,then block them follow the code which VNPIXEL has told u if they are violent in my server

Originally posted by VNPIXEL
run

iptables -A INPUT -s 64.23.1.1/16 -j REJECT

64.23.1.1/16 is an invalid aggregate.

What you want here is

iptables -A INPUT -s 64.23.0.0/16 -j DROP

-Bob