Назад | Перейти на главную страницу

iptables не блокирует IP-адреса

Я испытываю DDOS-атаку на свой сервер. Я узнал, что кто-то очень старался на одном из сайтов Wordpress. Я временно отключил этот виртуальный хост. Сейчас я пытаюсь заблокировать их IP-адреса с помощью iptables. Но я все еще вижу журналы запросов, поступающих с этих IP-адресов в Apache.

команды, которые я использовал:

iptables -A INPUT -s 185.62.189.92 -j DROP
iptables -A OUTPUT -d 185.62.189.92 -j DROP

вот мои iptables:

# iptables -nvL --line-numbers
Chain INPUT (policy ACCEPT 5146 packets, 553K bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 DROP       all  --  *      *       185.62.189.98        0.0.0.0/0           
2        0     0 DROP       all  --  *      *       185.62.189.91        0.0.0.0/0           
3        0     0 DROP       all  --  *      *       185.62.189.92        0.0.0.0/0           
4        0     0 DROP       all  --  *      *       5.196.18.195         0.0.0.0/0           
5        0     0 DROP       all  --  *      *       185.62.188.98        0.0.0.0/0           
6        0     0 DROP       all  --  *      *       185.11.144.82        0.0.0.0/0           
7        0     0 DROP       all  --  *      *       185.11.144.82        0.0.0.0/0           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 6497 packets, 7556K bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 DROP       all  --  *      *       0.0.0.0/0            185.62.189.98       
2        0     0 DROP       all  --  *      *       0.0.0.0/0            185.62.189.91       
3        0     0 DROP       all  --  *      *       0.0.0.0/0            185.62.189.92       
4        0     0 DROP       all  --  *      *       0.0.0.0/0            5.196.18.195        
5        0     0 DROP       all  --  *      *       0.0.0.0/0            185.62.188.98       
6        0     0 DROP       all  --  *      *       0.0.0.0/0            185.11.144.82       
7        0     0 DROP       all  --  *      *       0.0.0.0/0            185.11.144.82

До сих пор получаю тонны запросов с заблокированных адресов:

tail -f error.log
[Thu May 14 03:35:40.483899 2015] [authz_core:error] [pid 11474] [client 5.196.18.195:48105] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:40.920629 2015] [authz_core:error] [pid 11526] [client 185.62.189.92:17158] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:41.343127 2015] [authz_core:error] [pid 11526] [client 185.62.189.92:17158] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:41.830613 2015] [authz_core:error] [pid 11511] [client 185.62.189.92:46302] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:42.387676 2015] [authz_core:error] [pid 11501] [client 185.62.189.92:40100] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:43.362905 2015] [authz_core:error] [pid 11508] [client 185.62.189.92:16423] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:44.487948 2015] [authz_core:error] [pid 11501] [client 185.62.189.92:40100] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:46.066769 2015] [authz_core:error] [pid 11508] [client 185.62.189.92:16423] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:47.908027 2015] [authz_core:error] [pid 11527] [client 5.196.18.195:54456] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:47.938903 2015] [authz_core:error] [pid 11501] [client 5.196.18.195:9522] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:48.014147 2015] [authz_core:error] [pid 11487] [client 5.196.18.195:25948] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:48.118337 2015] [authz_core:error] [pid 11445] [client 185.62.189.92:23557] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:49.381834 2015] [authz_core:error] [pid 11510] [client 185.62.189.92:14750] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:51.074766 2015] [authz_core:error] [pid 11445] [client 185.62.189.92:23557] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:51.338875 2015] [authz_core:error] [pid 11487] [client 5.196.18.195:25948] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php
[Thu May 14 03:35:51.602580 2015] [authz_core:error] [pid 11445] [client 185.62.189.92:23557] AH01630: client denied by server configuration: /var/www/html/xmlrpc.php

Вы можете просто отклонить запрос этих ip от виртуального хоста с помощью перезаписи.

RewriteEngine On
RewriteCond %{REMOTE_ADDR} ^185\.62\.189\.92 [OR]
RewriteCond %{REMOTE_ADDR} ^186\.62\.189\.92 [OR]
RewriteRule ^(.*)$ - [F,L]

Попробуйте добавить название интерфейса в Ваши правила:

-i eth0 для правила INPUT
и
-o eth0 для правила ВЫХОДА.

Найти собственное имя интерфейса Вы можете с помощью команды:
ifconfig