Hello
Thanks for your attention.
I am using a cload to prevent DDOs attacks on my site and it is supposed just I see the IP of my cload on my server but when I check it with
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
I see many strange IPs and when I Google them I find they are attacker IPs.
- I am using centos web panel (CWP).
Now I wonder:
- Why they come to my site directly and do not go through the cload to prevent them? (I do not think they have my IP, I have used 2 different cloads)
- I ban them manually, can it becomes an auto action?
- Are they doing Slowris attack on my site? (Because I receive for example 335 load average and database error sometime or even 3 times a day with low bandwith)
- Is it a good job to ban the most famous attacker IPs ? If yes how can I get the list?
Thanks
Attacker IPs
Re: Attacker IPs
Off topic here, please see viewtopic.php?f=12&t=66365- I am using centos web panel (CWP).
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 1521
- Joined: 2014/05/21 20:16:00
- Location: Central New York, USA
Re: Attacker IPs
For the most part "they" are bots that bang-away at IPs. They don't have yours until they get to it and your machine responds - then they have it.
I use fail2ban as I must use passwords, with retrys set really low. It's a little bit to set up but works nicely.
I use fail2ban as I must use passwords, with retrys set really low. It's a little bit to set up but works nicely.