How can I blacklist IP addresses from accessing any web sites?

14 posts / 0 new
Last post
#1 Tue, 10/27/2009 - 14:32
jflesher

How can I blacklist IP addresses from accessing any web sites?

How can I blacklist IP addresses from accessing any web sites?

I'm getting tired (as I'm sure everyone else is) of getting spammed thru our contact forms for various sites; mostly Joomla, even though it has a CAPTCHA form.

What I've like to do is just do a redirect for all know spammers to keep them from posting to any of my sites.

Tue, 10/27/2009 - 14:38
andreychek

There's various tools and methods you can use to block hosts, IP's, and the like.

A nice and simple one you can use on the command line that would completely block them from your server would be to use the nifty iproute2 tools, and run this command:

ip ro add blackhole IP.ADDRESS.TO.BLACKLIST

To later remove it, you can type:

ip ro del IP.ADDRESS.TO.BLACKLIST

There's also some Joomla and Apache tools for doing that too, some examples are here:

http://forum.joomla.org/viewtopic.php?f=267&t=314285

Wed, 11/04/2009 - 07:34
tpnsolutions
tpnsolutions's picture

You can block them via the linux firewall.

  1. Login to Virtualmin

  2. Click on "Webmin" > "Networking" > "Linux Firewall"

  3. Click on "Add Rule"

  4. Check "Drop" or "Reject" under "Action to take"

  5. Enter the IP Address or Network under "Source address or network"

  6. Click "Save"

  7. Use the arrows under the "Move" column to move the rule to the top so it's processed first.

  8. Click "Apply Configuration"

That's it, the IP address or network in question will now be blocked from accessing your server period!

If you wish to allow them to access certain services, you can edit the rule to block them from or allow them into specific ports as needed.

-- Peter

Best Regards,
Peter Knowles | TPN Solutions
Email: pknowles@tpnsolutions.com | Skype: tpnassist
Fri, 05/08/2015 - 18:31
robbrandt

Note that step 5 should include "set selector to 'Equals"".

This is obvious in hindsight, but I had never done this before with Webmin and followed it step by step without really thinking about it too much, and the result was getting locked out of the server.

Sat, 05/23/2015 - 09:45
tpnsolutions
tpnsolutions's picture

Hi,

Good catch! I almost forgot I wrote that comment, been over 5 years :-)

Best Regards,
Peter Knowles
TPN Solutions

Email: pknowles@tpnsolutions.com
Phone: 604-782-9342
Skype: tpnsupport
Website: http://www.tpnsolutions.com

Ask me about my new support plans which include a FREE copy of Virtualmin Pro!!!

Best Regards,
Peter Knowles | TPN Solutions
Email: pknowles@tpnsolutions.com | Skype: tpnassist
Sun, 05/24/2015 - 04:59
Welshman
Welshman's picture

iptables -I INPUT -s IPADDRESS -j DROP

Great for WP xmlrpc.php flood attacks.

Chaos Reigns Within, Reflect, Repent and Reboot, Order Shall Return.

Fri, 07/03/2015 - 09:29
siteXmedia

I have a script I use that blocks IP addresses listed on stopforumspam, After moving a WP site to my server, in May, these were the Askimet stats

March 2015 38,101 spam stopped
April 2015 48,458 spam stopped
May 2015 2,992 spam stopped
June 2015 9 spam stopped

Whilst Askimet was doing a great job stopping spam posts the script saved Askimet the work by blocking the ip address as soon as it connected to the server

This same script could be used for any ip blacklist you can import, I will be working on improving it

You need to have root access to install / set it up

Fri, 07/03/2015 - 10:01
Welshman
Welshman's picture

Use wordfence premium.

Chaos Reigns Within, Reflect, Repent and Reboot, Order Shall Return.

Fri, 07/03/2015 - 10:31 (Reply to #8)
siteXmedia

wordfence does not do it for joomla
..........................................
I'm getting tired (as I'm sure everyone else is) of getting spammed thru our contact forms for various sites; mostly Joomla, even though it has a CAPTCHA form.
..........................................
But I agree if you have WP then install Wordfence,

My script is free and stops 90% of spammers.

Fri, 07/03/2015 - 10:50
Welshman
Welshman's picture

:( it's a pain I know.

Honeypot?

Chaos Reigns Within, Reflect, Repent and Reboot, Order Shall Return.

Wed, 05/10/2017 - 21:45
begin0617

I need to blacklist an IP address. 34.206.194.207 zxjkoods.net An intrusion was blocked by Norton.com...

Mr. James C. Begin

Wed, 12/27/2017 - 08:04
Hybrids

How do we add a commercial IP address to a blacklist from displaying on the web or YouTube for instance.

This person has over 1.3M subscribers and she blocks every single person that doesn't completely fit the bill with her or lasts too long in her courses.

Yet she's making money off of her YouTube and her coursework.

Id like to know how to block her ads. IP address: 198.185.159.144.

Thanks.

Thu, 12/28/2017 - 11:33
Diabolico
Diabolico's picture

Wait, did i get it right - you want to block someone else IP to access the web?

- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.

Thu, 01/04/2018 - 19:21
Matth
Matth's picture

What i would recommend to start is for you to setup fail2ban and have it scanning you apache/ngnix logs. With fail2ban, what I'm doing IP that have been ban 2 times in a week get then banned for a year. Then you can also use fail2ban in combination with abuseipdb.com to verify if the ip is known for abuse and the have it banned if it's the case.

Matth

Topic locked