As a Linux administrator in a big webhosting company ... I face this problem from time to time ..
Recently on one of our servers there was a spam attack on one of its accounts ... The attack raised the load too much some times and caused things to be slow ...
I was planning to do script that scans for incoming connection and block IP exceeding specific number of connections but it's not that effective idea and I've shot it already ...
I did want something to limit number of connection per IP per minutes on a specific port and yes!! The wonderful amazing "iptables" can do it!! ...
For the issue I faced on ... The following rules are the true to prevent spam attack
iptables -A INPUT -p tcp --dport 25 -m state --state NEW -m recent --set --name recentsmtp
iptables -A INPUT -p tcp --dport 25 -m state --state NEW -m recent --name recentsmtp --update --seconds 60 --hitcount 4 -j REJECT
iptables -A INPUT -j ACCEPT -p tcp --destination-port 25
If you are using apf ... you should add the following two line in /etc/apf/firewall just after this section "# Allow all traffic on the loopback interface" for this to take effect
#Prevent Spam attack // Added By You
iptables -A INPUT -p tcp --dport 25 -m state --state NEW -m recent --set --name recentsmtp
iptables -A INPUT -p tcp --dport 25 -m state --state NEW -m recent --name recentsmtp --update --seconds 60 --hitcount 4 -j REJECT
Then save and restart apf ... it should work fine then ..
0 التعليقات:
إرسال تعليق