+ Post New Thread
Results 1 to 5 of 5
Internet Related/Filtering/Firewall Thread, Ubuntu 12.04 LTS , GeoIP, IPTables & UFW in Technical; Hi, My Ubuntu webserver is getting lots of unwanted attention. I enabled UFW and started blocking individual IP addresses, this ...
  1. #1

    Join Date
    May 2010
    Location
    Stoke on Trent
    Posts
    91
    Thank Post
    10
    Thanked 4 Times in 4 Posts
    Rep Power
    10

    Ubuntu 12.04 LTS , GeoIP, IPTables & UFW

    Hi,

    My Ubuntu webserver is getting lots of unwanted attention. I enabled UFW and started blocking individual IP addresses, this was OK for a while but soon became a chore & wasn't really working.

    Looking for something better, I installed the xtables-addons / GeoIP databases. It all installed fine. To block all traffic from outside of the UK (I know this seems extreme but it's where I want to start) I ran this command:

    iptables -A INPUT -m geoip ! --src-cc GB -j DROP


    Running iptables -L , it definitely looks like the rules are being applied but I'm not 100% sure. Looking at my Apache logs it looks like I'm still getting traffic from Iran/China/Russia etc. Is there anyway to test this? (I thought about asking my boss to fly somewhere but I don't think he'd be agreeable) - I haven't touched UFW, could it's rules conflict with the iptables rules?

    I'd be grateful for any pointers...

  2. #2

    Join Date
    May 2010
    Location
    Stoke on Trent
    Posts
    91
    Thank Post
    10
    Thanked 4 Times in 4 Posts
    Rep Power
    10
    Ah... well after some digging it seemed that having rules in iptables and UFW was causing a conflict, so I disabled UFW, flushed the iptables rules and started again.

    Blocking traffic from everywhere but the UK slowed my webserver to a crawl so now I'm just blocking countries were I'm getting a high volume of suspect traffic.

    Seems OK now.

  3. #3

    ZeroHour's Avatar
    Join Date
    Dec 2005
    Location
    Edinburgh, Scotland
    Posts
    5,832
    Thank Post
    971
    Thanked 1,385 Times in 849 Posts
    Blog Entries
    1
    Rep Power
    457
    Take a look at CSF, it can do what you want and it makes setting up iptables a breeze.
    ConfigServer Security & Firewall

  4. #4

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,850
    Thank Post
    110
    Thanked 598 Times in 514 Posts
    Blog Entries
    1
    Rep Power
    227
    Fail2ban can help you with this.

    Apache - Fail2ban

  5. #5

    Join Date
    May 2010
    Location
    Stoke on Trent
    Posts
    91
    Thank Post
    10
    Thanked 4 Times in 4 Posts
    Rep Power
    10
    Hi folks - thanks for the tips. I've actually got the iptables rules working fine. I'm blocking a number of countries and it's definitely made managing the server easier. Obviously IP blocking isn't the solution but it does give me a bit of breathing space. I've inherited an old Joomla website (LOTS of extensions) - holes aplenty. Now I've got things under control I can start planning migrating the site over to the latest Joomla (with as few extensions as possible!)



SHARE:
+ Post New Thread

Similar Threads

  1. [Ubuntu] Centralised Logging on Ubuntu 12.04 Laptops
    By mrcrazy04 in forum *nix
    Replies: 0
    Last Post: 21st May 2013, 06:40 PM
  2. [Ubuntu] Adito on Ubuntu 12.04
    By mdench in forum *nix
    Replies: 9
    Last Post: 31st October 2012, 08:16 PM
  3. [Ubuntu] Ubuntu 12.04 407 Proxy
    By JJonas in forum *nix
    Replies: 1
    Last Post: 19th October 2012, 03:46 PM
  4. [Ubuntu] Ubuntu 12.04 LTS (Precise Pangolin) Released
    By Arthur in forum *nix
    Replies: 18
    Last Post: 10th May 2012, 10:29 PM
  5. [Ubuntu] Ubuntu 10.04 LTS is here!
    By mikeglover in forum *nix
    Replies: 29
    Last Post: 18th May 2010, 07:49 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •