If you're going to monitor and block these, I would recommend using a tool such as
fail2ban, with the corresponding Wordpress plugin. After the nth blocked ip, it really
does get boring, and these attacks will be (and are) never ending.
.
On 6 Jul 2013, at 19:00, Keith Williams <keithwilliamsnp(a)gmail.com> wrote:
Thank you Ashley. Yes, I have researched the IP. It is
from a block of IPs based in France and most of the block are listed in a number of
blacklists and other reputation sites. There are other blocks, associated with this one
all have a dodgy reputation. At the moment, I have set up a chain in iptables to label,
log and dump these blocks.
A new one has appeared today, it was reported in the log as attempting to use a known
hack on Apache. It only tried once, but it was hardly a friendly act. Research on it
showed that it is in the range of IPs used by a certain UK SEO company, scraping sites for
information to sell to its clients. This one was interesting though as it had no reports
of actual harm except, one well respected RBL database noted that it had appeared
yesterday linked to a malware installer. Hence, I suppose, the attempted hack attack. More
blocking and monitoring!
On 6 July 2013 18:04, Ashley Norris <ashley(a)norris.org.au> wrote:
On 05/07/2013 11:24, Daniel Case wrote:
Why not just null route the IP address
Just a quick note on this if you are doing it for the first time.
Some addresses can have thousands of NATed computers behind them. Or, if
the address is a VPN provider end point, then it will mean your system
can not be reached by many many people.
Just remember this when you block an IP, as six months from now you may
be chasing some other connectivity issue caused by the block, or the
next one, and so on...
Some simple checks before doing this might involve a reverse domain
lookup on the address or a GeoIP on the address. Finally, simply
remember that you did it, and maybe consider always removing bans after
a certain amount of time: 3-6 months, perhaps, hopefully after the idiot
harassing your server has moved on to doing something else...
Just my $0.02 worth,
Ash
--
---
Ashley Norris
Oxford, UK
+44 7414 661 023
----------------
_______________________________________________
users mailing list
users(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users
--
Keith Williams
Keith's Place
www.keiths-place.co.uk
Tailor Made English
www.tmenglish.org
West Norfolk RSPCA
www.westnorfolkrspca.org.uk
_______________________________________________
users mailing list
users(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users