• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

Linux Website getting nuked

P

picachu

Member
Joined
Dec 2, 2007
Messages
970
Reaction score
11
Hi guys!
i'm using ubuntu 10.04
my website is getting down! one guy said "i'm going to shutdown your website" and it gets offline, but the server still online.
can someone give me some iptable to protect my apache against that guy, or something i can do ?
thanks
 
Sort by date Sort by votes
Lol, i dunno if this works on websites but u can try
Go to start
Search CMD, write in netstat
The ip popping up several time very often when your web gets "nuked", that ip you're gonna block. Right click and block it.
 
Upvote 0 Downvote
/etc/iptables.rules

Code: 
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [39:5923]


-A INPUT -i lo -j ACCEPT


-N ch
-A ch -m recent --name login --set -j ACCEPT


-A INPUT -m recent --name ban --rcheck --seconds 1200 -j DROP
-A INPUT -p udp ! -s 192.168.1.0/24 -j DROP -m recent --set --name ban
-A INPUT ! -p tcp -j DROP


-A INPUT -p tcp --syn ! -s 192.168.1.0/24 -m connlimit --connlimit-above 25 -j DROP -m recent --set --name ban


-A INPUT -p tcp --tcp-flags PSH,ACK PSH,ACK --dport 7171 -m length --length 191:191 -j ch
-A INPUT -p tcp --tcp-flags FIN,ACK FIN,ACK --dport 7172 -m recent --name logout --set


-A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT


-A INPUT -p tcp --syn --dport 80 -j ACCEPT
-A INPUT -p tcp --syn --dport 7171 -m connlimit ! --connlimit-above 2 -j ACCEPT
-A INPUT -p tcp --syn --dport 7172 -m recent --rcheck --seconds 30 --name logout -j ACCEPT
-A INPUT -p tcp --syn --dport 7172 -m recent --rcheck --seconds 30 --hitcount 5 --name login -j DROP
-A INPUT -p tcp --syn --dport 7172 -m recent --rcheck --seconds 30 --name login -j ACCEPT


-A INPUT -p tcp --dport 22 -j ACCEPT
-A INPUT -p tcp --dport 3306 -j ACCEPT


COMMIT

Will block connection from an IP if they send 25 or more connections in a certain amount of time.
 
Upvote 0 Downvote
SlurpDerp said:
/etc/iptables.rules

Code: 
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [39:5923]


-A INPUT -i lo -j ACCEPT


-N ch
-A ch -m recent --name login --set -j ACCEPT


-A INPUT -m recent --name ban --rcheck --seconds 1200 -j DROP
-A INPUT -p udp ! -s 192.168.1.0/24 -j DROP -m recent --set --name ban
-A INPUT ! -p tcp -j DROP


-A INPUT -p tcp --syn ! -s 192.168.1.0/24 -m connlimit --connlimit-above 25 -j DROP -m recent --set --name ban


-A INPUT -p tcp --tcp-flags PSH,ACK PSH,ACK --dport 7171 -m length --length 191:191 -j ch
-A INPUT -p tcp --tcp-flags FIN,ACK FIN,ACK --dport 7172 -m recent --name logout --set


-A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT


-A INPUT -p tcp --syn --dport 80 -j ACCEPT
-A INPUT -p tcp --syn --dport 7171 -m connlimit ! --connlimit-above 2 -j ACCEPT
-A INPUT -p tcp --syn --dport 7172 -m recent --rcheck --seconds 30 --name logout -j ACCEPT
-A INPUT -p tcp --syn --dport 7172 -m recent --rcheck --seconds 30 --hitcount 5 --name login -j DROP
-A INPUT -p tcp --syn --dport 7172 -m recent --rcheck --seconds 30 --name login -j ACCEPT


-A INPUT -p tcp --dport 22 -j ACCEPT
-A INPUT -p tcp --dport 3306 -j ACCEPT


COMMIT

Will block connection from an IP if they send 25 or more connections in a certain amount of time.
Click to expand...

Using that i can connect to the server, but not to the website! :S
 
Last edited:
Upvote 0 Downvote
bump


Those lines are bloking the access to my website:


Code: 
iptables -A INPUT -m recent --name ban --rcheck --seconds 1200 -j DROP
iptables -A INPUT -p udp ! -s 192.168.1.0/24 -j DROP -m recent --set --name ban
iptables -A INPUT ! -p tcp -j DROP

how to fix then to make it work properly?
ty
 
Last edited:
Upvote 0 Downvote

Similar threads

S
  • Question
How do I get a website for the OTX 7.6 version of Tibia???
Replies
0
Views
245
sarayapublisher
S
Acranomue
  • Question
AAC ZNOTE ACC with SHA-256.
Replies
0
Views
249
Acranomue
Acranomue
T
  • Question
OVH UBUNTU 20.04 OPEN PORTS
Replies
2
Views
637
Tellithohere
T
potinho
  • Question
OTClient [OTCv8] Android Encryption Issue
Replies
0
Views
393
potinho
potinho
B
  • Question
Running tfs issue on MacOS Build
Replies
2
Views
170
B0nuR
B
juansanchez
  • Question
TFS 0.X RSA_Decrypt issue
Replies
0
Views
203
juansanchez
juansanchez
VitoxMaster
  • Question
TFS 1.X+ Dynamic depot's depotid [8.6]
Replies
0
Views
237
VitoxMaster
VitoxMaster
Yoffaaz
  • Question
RL Tibia Map 11.5+ For Mac?
Replies
3
Views
487
Yoffaaz
Yoffaaz
Back
Top