Fun with bots
PostPosted:Thu Nov 20, 2008 9:25 pm
So, I got tired of all of the bots, spammers, and the like invading my server. Sure, little spam is actually going through, and nobody's breaking in. However, it's taking up bandwidth and wasting my server's time.
After a few hours of installation and set up (dependency hell), I set up fail2ban. I've used it before on a file server of mine, and it works well. It basically analyzes log files for any failures and after a few mistries, it blocks the IP in iptables. I've got it pretty aggressive to block IP for a full week. Here's my list so far:
After a few hours of installation and set up (dependency hell), I set up fail2ban. I've used it before on a file server of mine, and it works well. It basically analyzes log files for any failures and after a few mistries, it blocks the IP in iptables. I've got it pretty aggressive to block IP for a full week. Here's my list so far:
Code: Select all
This just goes to show exact how many are out there. My website hits and mail have dropped quite a bit since I've installed it.Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-Spammers all -- anywhere anywhere
fail2ban-BadBots all -- anywhere anywhere
fail2ban-SSH all -- anywhere anywhere
fail2ban-NoScript all -- anywhere anywhere
all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain fail2ban-BadBots (1 references)
target prot opt source destination
DROP all -- WAN-PSINET-GE.iplannetworks.net anywhere
RETURN all -- anywhere anywhere
Chain fail2ban-NoScript (1 references)
target prot opt source destination
DROP all -- 212.235.92.178 anywhere
DROP all -- 127-254.nwlink.spb.ru anywhere
DROP all -- c-68-40-23-222.hsd1.mi.comcast.net anywhere
DROP all -- 94.102.60.127 anywhere
DROP all -- 89.113.78.135 anywhere
DROP all -- ppp91-122-50-24.pppoe.avangarddsl.ru anywhere
DROP all -- 64.254.233.2 anywhere
DROP all -- p5B06258F.dip.t-dialin.net anywhere
DROP all -- ns.km33523.keymachine.de anywhere
DROP all -- 212-95-54-38.internetserviceteam.com anywhere
DROP all -- ool-44c31d02.dyn.optonline.net anywhere
DROP all -- 212.235.92.138 anywhere
DROP all -- ool-457f2c5a.dyn.optonline.net anywhere
DROP all -- 201.205.208.138 anywhere
DROP all -- 143-bem-3.acn.waw.pl anywhere
DROP all -- 87-248-169-14.starnet.md anywhere
DROP all -- 190.10.18.177 anywhere
DROP all -- 220.173.107.19 anywhere
DROP all -- c-71-206-209-216.hsd1.pa.comcast.net anywhere
DROP all -- 211.239.124.90 anywhere
DROP all -- c-75-68-64-41.hsd1.nh.comcast.net anywhere
DROP all -- 94.102.60.115 anywhere
DROP all -- 121.14.149.121 anywhere
DROP all -- pluton.az.pl anywhere
DROP all -- CPE00095b6cf195-CM0011aea1a5ae.cpe.net.cable.rogers.com anywhere
DROP all -- 212.235.92.161 anywhere
DROP all -- 194.165.42.67 anywhere
DROP all -- simple11.dragonara.net anywhere
DROP all -- www.budgetconferencing.ca anywhere
DROP all -- 79.143.176.14 anywhere
DROP all -- maluch.pcz.pl anywhere
DROP all -- 78.110.175.13 anywhere
DROP all -- 194.165.42.119 anywhere
DROP all -- port-87-193-248-10.static.qsc.de anywhere
DROP all -- 194.165.42.27 anywhere
DROP all -- 61.7.223.6 anywhere
DROP all -- ns.km30734.keymachine.de anywhere
DROP all -- 94.102.49.81 anywhere
DROP all -- 194.165.42.113 anywhere
DROP all -- 92.241.168.217 anywhere
DROP all -- p5B060103.dip.t-dialin.net anywhere
DROP all -- 29-196-124-91.pool.ukrtel.net anywhere
DROP all -- 122.200.96.98 anywhere
DROP all -- 61.160.213.56 anywhere
DROP all -- 193.213.47.115 anywhere
DROP all -- 94.180.217.211 anywhere
DROP all -- 194.165.42.71 anywhere
DROP all -- ns39350.ovh.net anywhere
DROP all -- night-kings.de anywhere
DROP all -- 194.165.42.121 anywhere
DROP all -- 194.165.42.69 anywhere
DROP all -- 66.223.244.87.in-addr.arpa anywhere
DROP all -- 94.102.60.68 anywhere
DROP all -- 89.113.75.79 anywhere
DROP all -- 164.61.232.72.static.reverse.ltdomains.com anywhere
DROP all -- pool-96-251-128-22.lsanca.fios.verizon.net anywhere
DROP all -- 78.110.175.18 anywhere
DROP all -- 94.102.60.158 anywhere
DROP all -- ip72-201-221-223.ph.ph.cox.net anywhere
DROP all -- 92.241.168.207 anywhere
DROP all -- ip248-10.ct.co.cr anywhere
DROP all -- p5791AE8C.dip.t-dialin.net anywhere
RETURN all -- anywhere anywhere
Chain fail2ban-SSH (1 references)
target prot opt source destination
DROP all -- 211.214.161.93 anywhere
RETURN all -- anywhere anywhere
Chain fail2ban-Spammers (1 references)
target prot opt source destination
DROP all -- pop-252-26.mailmx.hosterim.info anywhere
DROP all -- dslb-088-072-207-154.pools.arcor-ip.net anywhere
DROP all -- 88-123-187-98.rev.libertysurf.net anywhere
DROP all -- elb158.neoplus.adsl.tpnet.pl anywhere
DROP all -- cbv249.neoplus.adsl.tpnet.pl anywhere
DROP all -- chello089173141060.chello.sk anywhere
DROP all -- encouraged-diffuser.volia.net anywhere
DROP all -- 11-151-124-91.pool.ukrtel.net anywhere
DROP all -- c-82-192-250-118.customer.ggaweb.ch anywhere
DROP all -- pool-68-237-189-167.pghk.east.verizon.net anywhere
DROP all -- dry224.neoplus.adsl.tpnet.pl anywhere
DROP all -- aafw168.neoplus.adsl.tpnet.pl anywhere
DROP all -- 119-054-123.adsl.szeptel.net.pl anywhere
DROP all -- host-91-195-158-33.leon.pl anywhere
DROP all -- port-196-dialup-pool33.infonet.by anywhere
DROP all -- agf92.neoplus.adsl.tpnet.pl anywhere
DROP all -- bl7-163-207.dsl.telepac.pt anywhere
DROP all -- 127.97.broadband11.iol.cz anywhere
DROP all -- 77-254-2-102.adsl.inetia.pl anywhere
DROP all -- dsl85-104-2337.ttnet.net.tr anywhere
DROP all -- adjw151.neoplus.adsl.tpnet.pl anywhere
DROP all -- civ90.neoplus.adsl.tpnet.pl anywhere
DROP all -- host2-170-dynamic.32-79-r.retail.telecomitalia.it anywhere
DROP all -- pppoe-71-94.elsv-v.ru anywhere
DROP all -- adsl-dynamic-pool-xxx.fpt.vn anywhere
DROP all -- 217.147.161.89.intersv.com anywhere
DROP all -- dsl88-226-33071.ttnet.net.tr anywhere
DROP all -- chello089077002018.chello.pl anywhere
DROP all -- p4FCADF9B.dip.t-dialin.net anywhere
DROP all -- 84-50-190-32-dsl.noe.estpak.ee anywhere
DROP all -- sger.dialup.corbina.ru anywhere
DROP all -- ABTS-NCR-Dynamic-082.131.163.122.airtelbroadband.in anywhere
DROP all -- static-94-37-7-45.clienti.tiscali.it anywhere
DROP all -- dslb-088-073-127-172.pools.arcor-ip.net anywhere
DROP all -- 68-114-92-93.static.oxfr.ma.charter.com anywhere
DROP all -- pc-19-153-214-201.cm.vtr.net anywhere
DROP all -- pc-178-200-47-190.cm.vtr.net anywhere
DROP all -- i59F4FC31.versanet.de anywhere
DROP all -- mn-67-233-247-186.dyn.embarqhsd.net anywhere
DROP all -- 201-13-197-40.dial-up.telesp.net.br anywhere
DROP all -- noname.slan.ru anywhere
DROP all -- cbv128.neoplus.adsl.tpnet.pl anywhere
DROP all -- 34.246.broadband2.iol.cz anywhere
DROP all -- chello089079110150.chello.pl anywhere
DROP all -- 20129095159.user.veloxzone.com.br anywhere
DROP all -- mm-104-90-84-93.dynamic.pppoe.mgts.by anywhere
DROP all -- dsl88-229-22202.ttnet.net.tr anywhere
DROP all -- h83-174-230-88.adsl.ufamts.ru anywhere
DROP all -- relay.abn.ru anywhere
DROP all -- pool-77-222-113-200.is74.ru anywhere
DROP all -- 89-110-34-26.static.avangarddsl.ru anywhere
DROP all -- dsl.static.85-105-34963.ttnet.net.tr anywhere
DROP all -- asi119.neoplus.adsl.tpnet.pl anywhere
DROP all -- host-79.173.8.217.tesatnet.pl anywhere
DROP all -- 89-178-207-88.broadband.corbina.ru anywhere
DROP all -- 81.95.185.188.freenet.com.ua anywhere
DROP all -- adsl1500-102.dyn87.pacific.net.sg anywhere
DROP all -- host-81-190-126-122.szczecin.mm.pl anywhere
DROP all -- d90-141-40-65.cust.tele2.pl anywhere
RETURN all -- anywhere anywhere