AAO25.com

Assist => Support => Server Support => Topic started by: WraShadow on Monday, October 02, 2017, 11:27:18 AM

Title: IPS to block
Post by: WraShadow on Monday, October 02, 2017, 11:27:18 AM: Hi. Just yesterday my server expiration date came to pass but I've learned how to deal with the attacks. The first rules I applied made so my server would never go down when under attack but we still experienced a lot of lag when it was under. That is, until I blocked most of the IP's doing it.

The list of IPS under were blocked over 3.000.000 times in the last 10-11 days. I hope the list helps. If you need rules to batch, lemme know.

190.129.105.104
183.239.183.68
74.83.81.167
201.254.154.55
190.129.105.124
59.127.32.176
191.80.173.130
202.198.72.253
201.254.21.63
205.209.65.66
216.58.36.108
201.179.209.97
218.111.133.17
190.51.32.131
201.254.191.76
144.92.44.100
191.82.223.38
46.10.56.27
183.237.118.143
181.20.147.98
201.254.181.2
186.61.157.128
190.50.248.211
123.135.226.183
201.178.126.171
27.219.2.201
120.236.136.227
181.27.225.59
190.129.101.42
191.82.200.27
24.97.239.214
216.67.91.94
191.80.143.196
181.20.140.228
59.127.59.53
200.68.73.141
190.129.100.12
191.84.68.202
153.35.85.34
190.175.165.135
191.85.140.24
Title: Re: IPS to block
Post by: Koden on Monday, October 02, 2017, 15:09:42 PM: That little amount of IPs? Well, thanks for letting people know.
Title: Re: IPS to block
Post by: WraShadow on Monday, October 02, 2017, 15:47:09 PM: They needed a lot to even try to break my VPS lol
Title: Re: IPS to block
Post by: Possessed on Monday, October 02, 2017, 21:23:57 PM: sometimes REJECT is better than DROP, but it means sending a "replying" to the source.
Title: Re: IPS to block
Post by: WraShadow on Tuesday, October 03, 2017, 06:44:30 AM: Quote from: Possessed on Monday, October 02, 2017, 21:23:57 PM
sometimes REJECT is better than DROP, but it means sending a "replying" to the source.
I really dont know. Maybe its the best choice. For the record, I dropped and worked fine. Maybe it had worked even better if I rejected. Never tried that.
Title: Re: IPS to block
Post by: [SWISS]Merlin on Tuesday, October 03, 2017, 08:01:30 AM: when my servers are under attack, then 10'000 different IP's are involved. if someone want a log about, let me know.
Title: Re: IPS to block
Post by: ~=W!CK!D=~ on Tuesday, October 03, 2017, 10:45:00 AM: Question is pancio.... still able to play????
Title: Re: IPS to block
Post by: WraShadow on Tuesday, October 03, 2017, 13:39:10 PM: Quote from: [SWISS]Merlin on Tuesday, October 03, 2017, 08:01:30 AM
when my servers are under attack, then 10'000 different IP's are involved. if someone want a log about, let me know.
I'm not saying it was just those IP's. Those stood out the most. I couldnt be bothered to look at 10 connections per IP per attack. The amount of connections that little list of IPs made feels like Amplified. I've theorized it was happening a couple months ago, therefore blocking those IP's. On top of the general rules, it seems to have stopped.

I've never had the time to configure something but, if you can, you should try. Its easy. Having an echo of the output of the attacks into txt file. Create a bot to run every 60 seconds. This bot could use a regular expression to find lines with the IP's and create queries. Have the bot trigger shellscript batch with the instructions.