IpTables, GeoIP, anything else I can try ?

[sOliver]

I'm already working 10h+ on this, it's ridiculous.

Finally found out why my server is dying from time to time.
Chinese IP's are spamming my server, once I restart they will eat up 100% of all resources.

Tried installing
GeoIP - not working,
IpTables - Getting memory allocation error and I would have too many IP's to handle anyway

Now I will try to simply add some rules to httpd.conf to deny huge IP ranges.

Can't access SSH and WHM most of the time ..


For people with similar problems, checkout this here too

http://www.apnic.net/apnic-bin/ipv4-by-country.pl?country=cn
http://www.okean.com/antispam/iptables/rc.firewall.sinokorea


Someone knows a foolproof way to get rid of chinese people spamming my server ? Maybe APF could help but I doubt that my vps can handle a firewall, and I read that it's using iptables so it wont work anyway.


Thanks,
Oliver

 

[BeZazz]

mod security maybe

 

[sOliver]

mod security maybe

will try to get some details on that,
thanks


i installed apf in the meantime and its now working but I get (like I predicted)
a memory allocation error, because numiptent is limited to 128

Ok just check this table with around 500 entries
http://www.apnic.net/apnic-bin/ipv4-by-country.pl?country=cn

How am I supposed to setup any apf rules if I can only add 128 IP's ?


I'm pretty confused but I'm one step closer I can feel it ^^

 

[Kate]

http://blockacountry.com/

 

[sOliver]

http://blockacountry.com/

Yea already know that one but I wasn't looking for rewrite rules.. but will try it out again

Thanks!

 

[BeZazz]

numiptent is limited to 128

you really need to contact your host and ask for that to be raised i honestly dont think they would have an issue raising that to a more realistic level

 

[squatter]

Where in cpanel do you check your numiptent?

 

[BeZazz]

you would need to check that either via SSH and the command line, the VPS's Control Panel or use a script to get that value for you

 

[iHubNet-Matt]

Only your host can get this value changed for you.
This is not a big deal for your host and they will probably increase this for you on request.

You can see that value from the /proc/user_beancounters file.

 

[mellow-h]

GeoIP - not working,

If you failed, try re-installing or pay someone to install it. Cause mod_geoip is the best way to do this job, if you use .htaccess IP banning, it will take too much load with extra memory on your server/vps, which wont be good for you i assume.