• Dear Pleskians! The Plesk Forum will be undergoing scheduled maintenance on Monday, 7th of July, at 9:00 AM UTC. The expected maintenance window is 2 hours.
    Thank you in advance for your patience and understanding on the matter.

Automatically block attacking ips

Y

ylon

Basic Pleskian
I'm getting a whole lot of attacks it appears and I'd like to automatically perform an nslookup or if it is an ip add it directly to the firewall to block all incoming traffic from these attackers. What is available to allow this type of functionality?

Here is a sample of what I've been seeing in my logs:
Mar 24 06:57:55 domain sshd(pam_unix)[10608]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=61-218-49-243.hinet-ip.hinet.net
Mar 24 06:57:55 domain sshd(pam_unix)[10612]: check pass; user unknown
Mar 24 06:57:55 domain sshd(pam_unix)[10612]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=210.0.201.11
Mar 24 06:57:58 domain sshd(pam_unix)[10619]: check pass; user unknown
Mar 24 06:57:58 domain sshd(pam_unix)[10619]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=210.0.201.11
Mar 24 06:57:59 domain sshd(pam_unix)[10621]: check pass; user unknown
Mar 24 06:57:59 domain sshd(pam_unix)[10621]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=210.0.201.11
Mar 24 06:58:01 domain sshd(pam_unix)[10623]: check pass; user unknown
Mar 24 06:58:01 domain sshd(pam_unix)[10623]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=61-218-49-243.hinet-ip.hinet.net
Mar 24 06:58:02 domain sshd(pam_unix)[10628]: check pass; user unknown
Mar 24 06:58:02 domain sshd(pam_unix)[10628]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=210.0.201.11
Mar 24 06:58:02 domain sshd(pam_unix)[10631]: check pass; user unknown
Mar 24 06:58:02 domain sshd(pam_unix)[10631]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=210.0.201.11
Mar 24 06:58:06 domain sshd(pam_unix)[10643]: check pass; user unknown
Mar 24 06:58:06 domain sshd(pam_unix)[10643]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=210.0.201.11
Mar 24 06:58:06 domain sshd(pam_unix)[10645]: check pass; user unknown
Mar 24 06:58:06 domain sshd(pam_unix)[10645]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=210.0.201.11
Mar 24 06:58:07 domain sshd(pam_unix)[10640]: check pass; user unknown
Mar 24 06:58:07 domain sshd(pam_unix)[10640]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=61-218-49-243.hinet-ip.hinet.net
Mar 24 06:58:10 domain sshd(pam_unix)[10649]: check pass; user unknown
Mar 24 06:58:10 domain sshd(pam_unix)[10649]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=210.0.201.11
Mar 24 06:58:10 domain sshd(pam_unix)[10650]: check pass; user unknown
Mar 24 06:58:10 domain sshd(pam_unix)[10650]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=210.0.201.11
Mar 24 06:58:13 domain sshd(pam_unix)[10654]: check pass; user unknown
Mar 24 06:58:13 domain sshd(pam_unix)[10654]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=61-218-49-243.hinet-ip.hinet.net
Mar 24 06:58:14 domain sshd(pam_unix)[10657]: check pass; user unknown
Mar 24 06:58:14 domain sshd(pam_unix)[10657]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=210.0.201.11
Mar 24 06:58:14 domain sshd(pam_unix)[10659]: check pass; user unknown
Mar 24 06:58:14 domain sshd(pam_unix)[10659]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=210.0.201.11
Mar 24 06:58:18 domain sshd(pam_unix)[10664]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=210.0.201.11 user=mysql
Mar 24 06:58:18 domain sshd(pam_unix)[10666]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=210.0.201.11 user=mysql
Mar 24 06:58:18 domain sshd(pam_unix)[10662]: check pass; user unknown
Mar 24 06:58:18 domain sshd(pam_unix)[10662]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=61-218-49-243.hinet-ip.hinet.net
Mar 24 06:58:22 domain sshd(pam_unix)[10669]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=210.0.201.11 user=operator
Mar 24 06:58:22 domain sshd(pam_unix)[10670]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=210.0.201.11 user=operator
Mar 24 06:58:24 domain sshd(pam_unix)[10673]: check pass; user unknown
Mar 24 06:58:24 domain sshd(pam_unix)[10673]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=61-218-49-243.hinet-ip.hinet.net
Mar 24 06:58:26 domain sshd(pam_unix)[10675]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=210.0.201.11 user=adm
Mar 24 06:58:26 domain sshd(pam_unix)[10676]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=210.0.201.11 user=adm
Mar 24 06:58:30 domain sshd(pam_unix)[10682]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=210.0.201.11 user=apache
Mar 24 06:58:30 domain sshd(pam_unix)[10684]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=210.0.201.11 user=apache
 
I apologize, I had not seen this answer previously that I was given to the same question some time ago:

http://forum.sw-soft.com/showthread.php?s=&threadid=21927&highlight=attacking+ips
 
You must log in or register to reply here.

Similar threads

wakabayashi
Resolved Fail2Ban - Postfix not working for SASL (bug?)
Replies
4
Views
2K
mizar
mizar
W
Issue Mail forwarded on the server in the target mailbox is delivered to the SPAM folder
Replies
0
Views
781
W4ru
W
D
Question receiving phishing emails
Replies
2
Views
2K
Kaspar
K
Mike23
Resolved Server Error 500 Zend_Db_Adapter_Exception SQLSTATE[HY000] [2002] No such file or directory
Replies
1
Views
2K
Mike23
Mike23
A
Resolved Unable to start Apache
Replies
1
Views
2K
menderes
menderes
Back
Top