Using Iptables To Block Bot Scans


Article thumb. I get the occasional bot scan searching for PMA, etc.. Fairly routine and harmless if you don't use PhpMyAdmin. It takes up log space though and is unnecessary work for the server. Redirecting and telling Apache not to log the hit was an option, but I really wanted to stop the scan before it reached the web server.

The string-match module for iptables can do just that. Each hit in the log from a scan usually has some string in common, which can identity it to iptables to drop. For instance, each hit might have "ZmEu" in common, even if the originating IP changes.
Posted in Server on May 18th 2012.


recent

Using Iptables To Block Bot Scans
Beta Testing The New CMS And Other Updates

tags

Beta CMS Site Updates Iptables