Linux Few questions about security: iptables etc.

[Hermes]

Hi!

I have a question, concerned with Linux. I am (still) a happy user of this os, but still many of its functions are mystery to me.

1. How can I block everything from IP 11.111.111.11? And this ip won't be able to receive anything but `gtfo` from the server?

2. Is there any way to automatically give permanent banishment to ip of someone who's ddosing me? For example if there's too much received packets == ban, gl & hf.

3. I heard about (and even played with) slowloris. Is there any way to prevent this type of attack?

4. My friend's server was hacked in about 10 minutes. How?! He had secured Gęsior's AAC (with blocked guilds leak etc.), shadow password and phpMyAdmin with pma user removed. It's not really possible even with PHP shell :f (so far I know )

Thanks in advance,
Hermes

 

[Hermes]

refresh?

 

[Alana]

1 and 2 - read iptables manual.
1 is easy - iptables -I INPUT -s 1.2.3.4 -j DROP
2 is bit tricky - read about limit and hashlimit in iptables. And i'm afraid i cannot give any ready to use answers.
3 ever tried to use google? first hit: How to best defend against a "slowloris" DOS attack against an Apache web server? - Server Fault
4 if you suspect some website stuff was used to hack your site running apache in chrooted environment may be an option to you but i'd examine system logs first to find WHAT exacly happened

 

[Hermes]

Thanks for your answer, +20