Sean Sheridan on 7 Mar 2011 15:26:20 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] preventing access


Over the last month I've been attacked by robots.  These robots appear to
want to post spam through contact forms on my website, they've hit several

So they head to my contact page and fill in the html contact form which
processes and sends mail.  I record the client IP address when they

This is the attacker:

      IP Address:
      Browser: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

So I do two things to fend off this bot:
1) I block anyone posting as and log the event.
(Today they moved to "")
2) I thought I was blocking future contact with:

iptables -A INPUT -s -j DROP
service iptables save

This appears to do nothing as the bot keeps on filling in the forms day
after day.  So my question is, why does this iptables command seem to not

A better question is, what is the best way to prevent a specific ip
address from connecting short of having to add each IP addy to a table?

Should I be thinking about some kind of fail2ban recipe?

Sean C. Sheridan
Campus Party, Inc.
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --