Home /
Bad IPs and Bad Stuff on Net/
Chat
[#--USER--]
Login
More
Bad IPs use or programs or users. Normaly you find them in server logs. Here i will write down bad ips that do strange stuff on my server.
On linux you can use console/terminal program whois 170.64.237.55 and it will return you information on ips provider and more.

Normaly bad programs/users use VPNs / virtual private networks to hide their ugly ass. Networks like DigitalOcean and similar cheap providers!

Here will write all what get in/out about bad ips/programs/users/providers.

Hear you people ***

BAD IPS:

- ...
Last days have problems with kind of ddos attack that use spoofed ips. It is trying to attack my web http server. Working on script to prevent this trash.

Noticing about*

BAD USER AGENTS and BAD MOTHER FUCKERS:

- libredtail-http
- Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/)

DIRC

QUICK HELP:

# drop bad things
iptables -L -n
iptables -L -n --line-numbers
iptables -A INPUT -s 138.221.1.0/22 -j DROP
iptables -A FORWARD -s 138.221.1.0/22 -j DROP    # use forward if router -> switch
iptables -D INPUT -s 138.221.1.0/22 -j DROP      # delete row
iptables -D INPUT 4
                              # delete row by line number
# sniff bad things
# 10.0.5.10 is your local network IP that run server and is getting attacked
tcpdump -i enp1s0 -nn -s 0 -W 99 'tcp and dst 10.0.5.10 and (port 80 or port 443)'

# etc...