Attacker IPs

Support for security such as Firewalls and securing linux
Post Reply
Posts: 3
Joined: 2018/07/12 21:13:09

Attacker IPs

Post by yeknafar » 2018/07/12 22:05:58


Thanks for your attention.
I am using a cload to prevent DDOs attacks on my site and it is supposed just I see the IP of my cload on my server but when I check it with

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

I see many strange IPs and when I Google them I find they are attacker IPs.

- I am using centos web panel (CWP).

Now I wonder:
- Why they come to my site directly and do not go through the cload to prevent them? (I do not think they have my IP, I have used 2 different cloads)

- I ban them manually, can it becomes an auto action?
- Are they doing Slowris attack on my site? (Because I receive for example 335 load average and database error sometime or even 3 times a day with low bandwith)

- Is it a good job to ban the most famous attacker IPs ? If yes how can I get the list?


User avatar
Forum Moderator
Posts: 28875
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Attacker IPs

Post by TrevorH » 2018/07/13 06:20:19

- I am using centos web panel (CWP).
Off topic here, please see viewtopic.php?f=12&t=66365
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

Posts: 1154
Joined: 2014/05/21 20:16:00
Location: Central New York, USA

Re: Attacker IPs

Post by lightman47 » 2018/07/13 11:33:53

For the most part "they" are bots that bang-away at IPs. They don't have yours until they get to it and your machine responds - then they have it.

I use fail2ban as I must use passwords, with retrys set really low. It's a little bit to set up but works nicely.
Remember - importing/building packages will likely "byte you in the butt" come update time, long after you'd forgotten you did that! Use repos whenever possible.

Post Reply

Return to “CentOS 7 - Security Support”