Page 1 of 1

Fun with bots

PostPosted:Thu Nov 20, 2008 9:25 pm
by SineSwiper
So, I got tired of all of the bots, spammers, and the like invading my server. Sure, little spam is actually going through, and nobody's breaking in. However, it's taking up bandwidth and wasting my server's time.

After a few hours of installation and set up (dependency hell), I set up fail2ban. I've used it before on a file server of mine, and it works well. It basically analyzes log files for any failures and after a few mistries, it blocks the IP in iptables. I've got it pretty aggressive to block IP for a full week. Here's my list so far:
Code: Select all
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
fail2ban-Spammers  all  --  anywhere             anywhere
fail2ban-BadBots  all  --  anywhere             anywhere
fail2ban-SSH  all  --  anywhere             anywhere
fail2ban-NoScript  all  --  anywhere             anywhere
           all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain fail2ban-BadBots (1 references)
target     prot opt source               destination
DROP       all  --  WAN-PSINET-GE.iplannetworks.net  anywhere
RETURN     all  --  anywhere             anywhere

Chain fail2ban-NoScript (1 references)
target     prot opt source               destination
DROP       all  --  212.235.92.178       anywhere
DROP       all  --  127-254.nwlink.spb.ru  anywhere
DROP       all  --  c-68-40-23-222.hsd1.mi.comcast.net  anywhere
DROP       all  --  94.102.60.127        anywhere
DROP       all  --  89.113.78.135        anywhere
DROP       all  --  ppp91-122-50-24.pppoe.avangarddsl.ru  anywhere
DROP       all  --  64.254.233.2         anywhere
DROP       all  --  p5B06258F.dip.t-dialin.net  anywhere
DROP       all  --  ns.km33523.keymachine.de  anywhere
DROP       all  --  212-95-54-38.internetserviceteam.com  anywhere
DROP       all  --  ool-44c31d02.dyn.optonline.net  anywhere
DROP       all  --  212.235.92.138       anywhere
DROP       all  --  ool-457f2c5a.dyn.optonline.net  anywhere
DROP       all  --  201.205.208.138      anywhere
DROP       all  --  143-bem-3.acn.waw.pl  anywhere
DROP       all  --  87-248-169-14.starnet.md  anywhere
DROP       all  --  190.10.18.177        anywhere
DROP       all  --  220.173.107.19       anywhere
DROP       all  --  c-71-206-209-216.hsd1.pa.comcast.net  anywhere
DROP       all  --  211.239.124.90       anywhere
DROP       all  --  c-75-68-64-41.hsd1.nh.comcast.net  anywhere
DROP       all  --  94.102.60.115        anywhere
DROP       all  --  121.14.149.121       anywhere
DROP       all  --  pluton.az.pl         anywhere
DROP       all  --  CPE00095b6cf195-CM0011aea1a5ae.cpe.net.cable.rogers.com  anywhere
DROP       all  --  212.235.92.161       anywhere
DROP       all  --  194.165.42.67        anywhere
DROP       all  --  simple11.dragonara.net  anywhere
DROP       all  --  www.budgetconferencing.ca  anywhere
DROP       all  --  79.143.176.14        anywhere
DROP       all  --  maluch.pcz.pl        anywhere
DROP       all  --  78.110.175.13        anywhere
DROP       all  --  194.165.42.119       anywhere
DROP       all  --  port-87-193-248-10.static.qsc.de  anywhere
DROP       all  --  194.165.42.27        anywhere
DROP       all  --  61.7.223.6           anywhere
DROP       all  --  ns.km30734.keymachine.de  anywhere
DROP       all  --  94.102.49.81         anywhere
DROP       all  --  194.165.42.113       anywhere
DROP       all  --  92.241.168.217       anywhere
DROP       all  --  p5B060103.dip.t-dialin.net  anywhere
DROP       all  --  29-196-124-91.pool.ukrtel.net  anywhere
DROP       all  --  122.200.96.98        anywhere
DROP       all  --  61.160.213.56        anywhere
DROP       all  --  193.213.47.115       anywhere
DROP       all  --  94.180.217.211       anywhere
DROP       all  --  194.165.42.71        anywhere
DROP       all  --  ns39350.ovh.net      anywhere
DROP       all  --  night-kings.de       anywhere
DROP       all  --  194.165.42.121       anywhere
DROP       all  --  194.165.42.69        anywhere
DROP       all  --  66.223.244.87.in-addr.arpa  anywhere
DROP       all  --  94.102.60.68         anywhere
DROP       all  --  89.113.75.79         anywhere
DROP       all  --  164.61.232.72.static.reverse.ltdomains.com  anywhere
DROP       all  --  pool-96-251-128-22.lsanca.fios.verizon.net  anywhere
DROP       all  --  78.110.175.18        anywhere
DROP       all  --  94.102.60.158        anywhere
DROP       all  --  ip72-201-221-223.ph.ph.cox.net  anywhere
DROP       all  --  92.241.168.207       anywhere
DROP       all  --  ip248-10.ct.co.cr    anywhere
DROP       all  --  p5791AE8C.dip.t-dialin.net  anywhere
RETURN     all  --  anywhere             anywhere

Chain fail2ban-SSH (1 references)
target     prot opt source               destination
DROP       all  --  211.214.161.93       anywhere
RETURN     all  --  anywhere             anywhere

Chain fail2ban-Spammers (1 references)
target     prot opt source               destination
DROP       all  --  pop-252-26.mailmx.hosterim.info  anywhere
DROP       all  --  dslb-088-072-207-154.pools.arcor-ip.net  anywhere
DROP       all  --  88-123-187-98.rev.libertysurf.net  anywhere
DROP       all  --  elb158.neoplus.adsl.tpnet.pl  anywhere
DROP       all  --  cbv249.neoplus.adsl.tpnet.pl  anywhere
DROP       all  --  chello089173141060.chello.sk  anywhere
DROP       all  --  encouraged-diffuser.volia.net  anywhere
DROP       all  --  11-151-124-91.pool.ukrtel.net  anywhere
DROP       all  --  c-82-192-250-118.customer.ggaweb.ch  anywhere
DROP       all  --  pool-68-237-189-167.pghk.east.verizon.net  anywhere
DROP       all  --  dry224.neoplus.adsl.tpnet.pl  anywhere
DROP       all  --  aafw168.neoplus.adsl.tpnet.pl  anywhere
DROP       all  --  119-054-123.adsl.szeptel.net.pl  anywhere
DROP       all  --  host-91-195-158-33.leon.pl  anywhere
DROP       all  --  port-196-dialup-pool33.infonet.by  anywhere
DROP       all  --  agf92.neoplus.adsl.tpnet.pl  anywhere
DROP       all  --  bl7-163-207.dsl.telepac.pt  anywhere
DROP       all  --  127.97.broadband11.iol.cz  anywhere
DROP       all  --  77-254-2-102.adsl.inetia.pl  anywhere
DROP       all  --  dsl85-104-2337.ttnet.net.tr  anywhere
DROP       all  --  adjw151.neoplus.adsl.tpnet.pl  anywhere
DROP       all  --  civ90.neoplus.adsl.tpnet.pl  anywhere
DROP       all  --  host2-170-dynamic.32-79-r.retail.telecomitalia.it  anywhere
DROP       all  --  pppoe-71-94.elsv-v.ru  anywhere
DROP       all  --  adsl-dynamic-pool-xxx.fpt.vn  anywhere
DROP       all  --  217.147.161.89.intersv.com  anywhere
DROP       all  --  dsl88-226-33071.ttnet.net.tr  anywhere
DROP       all  --  chello089077002018.chello.pl  anywhere
DROP       all  --  p4FCADF9B.dip.t-dialin.net  anywhere
DROP       all  --  84-50-190-32-dsl.noe.estpak.ee  anywhere
DROP       all  --  sger.dialup.corbina.ru  anywhere
DROP       all  --  ABTS-NCR-Dynamic-082.131.163.122.airtelbroadband.in  anywhere
DROP       all  --  static-94-37-7-45.clienti.tiscali.it  anywhere
DROP       all  --  dslb-088-073-127-172.pools.arcor-ip.net  anywhere
DROP       all  --  68-114-92-93.static.oxfr.ma.charter.com  anywhere
DROP       all  --  pc-19-153-214-201.cm.vtr.net  anywhere
DROP       all  --  pc-178-200-47-190.cm.vtr.net  anywhere
DROP       all  --  i59F4FC31.versanet.de  anywhere
DROP       all  --  mn-67-233-247-186.dyn.embarqhsd.net  anywhere
DROP       all  --  201-13-197-40.dial-up.telesp.net.br  anywhere
DROP       all  --  noname.slan.ru       anywhere
DROP       all  --  cbv128.neoplus.adsl.tpnet.pl  anywhere
DROP       all  --  34.246.broadband2.iol.cz  anywhere
DROP       all  --  chello089079110150.chello.pl  anywhere
DROP       all  --  20129095159.user.veloxzone.com.br  anywhere
DROP       all  --  mm-104-90-84-93.dynamic.pppoe.mgts.by  anywhere
DROP       all  --  dsl88-229-22202.ttnet.net.tr  anywhere
DROP       all  --  h83-174-230-88.adsl.ufamts.ru  anywhere
DROP       all  --  relay.abn.ru         anywhere
DROP       all  --  pool-77-222-113-200.is74.ru  anywhere
DROP       all  --  89-110-34-26.static.avangarddsl.ru  anywhere
DROP       all  --  dsl.static.85-105-34963.ttnet.net.tr  anywhere
DROP       all  --  asi119.neoplus.adsl.tpnet.pl  anywhere
DROP       all  --  host-79.173.8.217.tesatnet.pl  anywhere
DROP       all  --  89-178-207-88.broadband.corbina.ru  anywhere
DROP       all  --  81.95.185.188.freenet.com.ua  anywhere
DROP       all  --  adsl1500-102.dyn87.pacific.net.sg  anywhere
DROP       all  --  host-81-190-126-122.szczecin.mm.pl  anywhere
DROP       all  --  d90-141-40-65.cust.tele2.pl  anywhere
RETURN     all  --  anywhere             anywhere
This just goes to show exact how many are out there. My website hits and mail have dropped quite a bit since I've installed it.