Keeping the Botters, China and miscreants away.

On a daily basis I troll my FAIL2BAN mail folder to see who is "ding-dong diving", "n*gger knocking" or what-ever the term of the day is.

My Fail2Ban is setup to send me mail every-time it bans an IP. Repeat offenders get the firewall treatment. I run a filter to move the to a separate folder of the same name.

I end up using IP tables to block the repeat offenders. They are just wasting your precious resources.

This is what I use so far:

iptables -I INPUT -m iprange --src-range 107.160.0.0-107.160.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 111.72.0.0-111.79.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 114.96.0.0-114.103.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 120.192.0.0-120.255.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 121.254.128.0-121.254.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 163.177.0.0-163.177.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 183.0.0.0-183.63.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 185.60.229.0-185.60.229.255 -j DROP
iptables -I INPUT -m iprange --src-range 187.1.16.0-187.1.31.255 -j DROP
iptables -I INPUT -m iprange --src-range 189.213.72.1-189.213.79.254 -j DROP
iptables -I INPUT -m iprange --src-range 194.63.142.0-194.63.142.255 -j DROP
iptables -I INPUT -m iprange --src-range 219.234.174.0-219.234.174.191 -j DROP
iptables -I INPUT -m iprange --src-range 222.184.0.0-222.191.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 27.255.64.0-27.255.95.255 -j DROP
iptables -I INPUT -m iprange --src-range 59.99.0.0-59.99.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 60.166.0.0-60.175.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 61.176.0.0-61.176.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 80.82.64.0-80.82.79.255 -j DROP
iptables -I INPUT -m iprange --src-range 81.17.88.0-81.17.95.255 -j DROP
iptables -I INPUT -m iprange --src-range 89.248.174.0-89.248.174.127 -j DROP
iptables -I INPUT -m iprange --src-range 93.174.88.0-93.174.95.255 -j DROP
iptables -I INPUT -m iprange --src-range 192.99.0.0-192.99.255.255 -j DROP
iptables -I INPUT -m iprange --src-range 122.228.228.0-122.228.228.15 -j DROP
This has reduced my Fail2Ban folder from 45+ emails a day to 10 at most.

I still get the occasional flurry, but you firewall the IP range and your done.

I can handle sending out 10 abuse mail forwards a day.

The Debian Linux Experience - Howtos, guides and tweaks

Thursday, May 14, 2015

Keeping the Botters, China and miscreants away.

No comments:

Post a Comment

About Me

Blog Archive