Block an IP from access to your server with IPtable
Use the command netstat -n command to see the IP addresses connected to your server. Once you have found the IP address you want to block you can use the following below command to block them from accessing your server using iptables.
-I INPUT 1 means to insert the rule at the top of the INPUT table (which means it will get looked at first)
-s IP-ADDRESSS is the source address of the packets we want to deal with
-j DROP means dump the packets into the void, and forget they ever happened.
iptables -I INPUT 1 -s IP-ADDRESSS -j DROP
Limit SSH access By IP Address
Secure your server more, and prevent brute force attacks, you can limit SSHd to certain IP addresses by manipulating the /etc/hosts.allow file and the /etc/hosts.deny file.
Open /etc/hosts.allow
Use the following command to open the hosts.allow file:
Once this file is open, add the following line:
Open /etc/hosts.deny
Use the following command to open the hosts.deny file:
Once it opens, add the following line to the file:
Save and exit, and you have successfully limited SSH access by IP address.
Tcpdump to monitor SMTP activity from a IP or range of IP
The tcpdump is a useful utility to monitor the network activity in the server.
tcpdump -i eth0 -n src 192.168.1.22 \or dst 192.168.1.22 -w smtp.tcpdump -s 2048
You can monitor the SMTP activity to find out the mail account used by spammer.
The above command will monitor the SMTP activity from the IP address 192.168.1.4 and will log to the file smtp.tcpdump.
Use the following command to monitor a range of IP
tcpdump -i eth0 -n src net 119.91.0.0/16 \or dst net 119.91.0.0/16 -w smtp.tcpdump -s 2048
The above command will monitor the range of IP starting with 119.91. You can use Wireshark to analyze the dump file.
For VPS you need to use venet0:0
tcpdump [ -AdDeflLnNOpqRStuUvxX ] [ -c count ]
[ -C file_size ] [ -F file ]
[ -i interface ] [ -m module ] [ -M secret ]
[ -r file ] [ -s snaplen ] [ -T type ] [ -w file ]
[ -W filecount ]
[ -E spi@ipaddr algo:secret,... ]
[ -y datalinktype ] [ -Z user ]
Upcp Error Message for changing host IP to 0.0.0.0
Error Message
The hostname (domain.server.com) resolves to xxx.xxx.xxx.xxx. It should resolve to 0.0.0.0 Please be sure to correct /etc/hosts as well as the ‘A’entry in zone file for the domain. Some are all of these problems can be caused by /etc/resolv.conf being setup incorrectly. Please check this file if you believe everything else is correct.
Issue is due to wrong ethernet interface specified in “WHM >> Basic cPanel/WHM Setup”.
In order to resolve this check the ethernet configuration file for the value “IPADDR” and add this interface in “WHM >> Basic cPanel/WHM Setup”
Now for crosschecking take the option “Add an A Entry for your Hostname” in WHM.
Finally start “ipaliases” (/etc/rc.d/init.d/ipaliases) service for the new interface.
How To Unblock IP address from command line in CSF Firewall
In order Unblock IP address from CSF Firewall at command line you need to execute below mentioned commands.
Login into the server via shell access and go to the path of CSF firewall.
Edit the file csf.deny.
Remove the IP address from the list and save the file.
Once the IP address removed we need to restart the Firewall.
To Restart Firewall one need to execute below mentioned command.
