1

It seems that some script kiddie started attacking one of my servers by trying to fetch all sorts of URLs that may be related to Wordpress vulnerabilities. I don't even have WP installed on the server, and all these cause is a bunch of 404 errors.

Since I have my server set up to email me for each 404 error (which until now, for years, has worked very well to catch an occasional broken link), these attacks not only put load on the server but also flood my inbox.

Is there some reliable software that can block IPs that display a malicious behavior? Hopefully, at the iptables or nginx level...

Even better, is there some service that plugs into a community database that can preemptively block an IP that has recently been detected by another server as having malicious activity originating from it?

GJ.
  • 529
  • 1
  • 7
  • 21
  • possible duplicate of [Where to find and how to block blacklisted IPs and proxies?](http://serverfault.com/questions/289785/where-to-find-and-how-to-block-blacklisted-ips-and-proxies) – mailq Oct 02 '11 at 15:07
  • [Fail2Ban with a bit of customisation](http://www.barbarycodes.com/2010/10/06/automated-banning-of-script-kiddies-with-fail2ban/) could do the job. It would block IPs at the iptables level. – nrolans Oct 02 '11 at 15:21

1 Answers1

6

You can use fail2ban to monitor your logs and create custom iptables rules that deny access from specific hosts - you should find this in your distro's repository.

user9517
  • 115,471
  • 20
  • 215
  • 297