Recent Posts
Tags
 

Webmin, Linux Firewall, and China

Webmin, Linux Firewall, and China

08:00 02 May in Firewall, Linux, Security, Thomas' Toolkit
0 Comments

Here was the situation. Our server got hit by multiple login attempts from China about a week ago. Our security of course keeps these attempts from being successful, but the shear volume of attempts slowed us right down. After dealing with the immediate attempts to get in, and restoring service, I had to find a more permanent way of dealing with the attacks.

Since the time of the attack, I’ve been reviewing access logs on a daily basis.  Access attempts continue, with 5-6 machines attempting 1000’s of times each to get in, guessing usernames and passwords.  Over 85% of the attempts originate from China…

I’m not a UNIX Guru by any means.  Thankfully I have a friend who is, and he pointed me in the right direction.  My server is a CentOs box, managed using the Webmin console software.  We have Linux Firewall installed, but the interface only allows for so much.

My friend pointed me to http://www.ipdeny.com/ where I picked up the IP blocks for China.  To get them into the iptables, I wrote a quick program and generated this file.

After that, I edited the following file on our server: /etc/sysconfig/iptables

I just added the lines from my file to that one, and applied the configuration after saving.

I hope this helps someone else.
update
I’ve updated the file with more addresses. The first file didn’t include Shanghai… Can’t have that apparently.

No Comments

Post A Comment

%d bloggers like this: