I’m having some bot(s) trying to bruteforce my server, how can I block these IP-addresses in an easy way?
I know that this is automated, but I still want them gone to not fill up my logs.
Any advice? Can I go into the firewall and block them there without having the firewall running?
Feb 11 05:13:09 boxname sshd[27919]: Failed password for root from 189.136.243.242 port 48690 ssh2
Feb 11 05:13:12 boxname sshd[27972]: Failed password for root from 189.136.243.242 port 48748 ssh2
Feb 11 05:13:14 boxname sshd[28020]: Failed password for root from 189.136.243.242 port 48808 ssh2
BFD (Brute Force Detection) is not included in your Interworx Panel, but you can easely install it by yourself. See the How To under the line in this message. If you wan’t block manual an IP Just go into Interworx/Nodeworx and goto “server” in your menu and then to you “Firewall” Under the most right section in you panel now you see the second box with: Blocked IP’s insert here you IP that you whish to block. Push update and then you are ready.
[U][B]NOTE! a Brute Force Atack without a script like above will NOT block the IP’s automaticly !!!
Thank you very much for this information, Rone! However, I am hesitant to install it because I don’t want any compability issues, especially not with the upgrade coming - sometime.
Confirmed! There shouldn’t be any problems with having BFD installed. Unless of course it somehow ends up blocking the updates server, but I can’t see how that would happen.