How to ban ip addresses, how does netstat -npla work?

I

Ivan Ivanov2017-12-15 01:32:47

Debian

Ivan Ivanov, 2017-12-15 01:32:47

netstat -npla | grep :80 | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -rn
209 95.213.4.228
155 68.180.229.169
137 95.213.4.229
122 93.190.143.112
9 176.9.120.48
6 188.40.65.132
5 176.9.137.118
4 46.229.168.70
4 0.0.0.0
2 46.229.168.78
2 46.229.168.68
2 109.254.76.27
1 92.177.114.31
1 82.146.57.90
1 66.249.64.137
1 66.249.64.133
1 46.229.168.77
1 46.229.168.76
1 46.229.168.67
1 46.229.168.66

The first digit is the number of connections to the ip address, as far as I understand.
This means that the server receives requests on the 80th port from these ip addresses, right? Or does it mean that requests are coming from the server to these ip-addresses?
How to block these two ip
95.213.4.228 and 95.213.4.229
in Vesta CP?
I tried to do this https://1drv.ms/i/s!AocHKko7YOW_i6gYxzB6S29KrZiY9g - but the number of connections for these ip does not decrease (I use the code above netstat -npla... to check).

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

Z

Ziptar, 2017-12-21
@Ziptar

Well, generally speaking, there is fail2ban, use it for such purposes. Manually ban everyone who tries to guess the password to the admin panel - you will go crazy.