need to ban repeat ftp attacks from an IP

Discussion in 'Installation/Configuration' started by rlischer, Aug 17, 2009.

  1. rlischer

    rlischer HowtoForge Supporter

    fail2ban is emailing me every 10 minutes about the same ip it keeps banning for pureftp attacks. Can I ban this IP forever somewhere?



    Thanks
     
  2. till

    till Super Moderator

    Use e.g. this command:

    /sbin/route add -host 123.123.123.123 reject
     
  3. rlischer

    rlischer HowtoForge Supporter

    Thanks till
     
  4. lano

    lano New Member

    Or you can put ban in iptables for specific service.
    Here is how I do it:
    Code:
    iptables -I INPUT -p tcp -s 123.456.789.234 --dport ftp -j REJECT --reject-with tcp-reset
    
     
  5. rlischer

    rlischer HowtoForge Supporter

    Thanks! My attacks have really died down since fail2ban started working.
     

Share This Page