Summary Use AWS CloudTrail as the basis for a simple Intrusion Detection System to monitor your AWS account for unwanted activity. Background While I follow best practices for security, it is always possible that a bad actor could obtain my credentials and gain access to my AWS account. Once access is gained, such criminals could […]
All credit to Matt Wilcox for this excellent article, for which this post is based – thank you, Matt! https://mattwilcox.net/web-development/unexpected-ddos-blocking-china-with-ipset-and-iptables/ All commands run as root!
1
2
3
4
yum install-yipset
vi blockchina(see below forcontents)
chmod755blockchina
./blockchina
Do this once only:
1
iptables-AINPUT-ptcp-mset--match-set china src-jDROP;service iptables save
Then add blockchina to the root cron
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
#!/bin/sh
#
# blockchina
#
DIR=/etc
# Create the ipset list
ipset-Nchina hash:net
# remove any old list that might exist from previous runs of this script
I was getting tired of using iptables to block the various hackers and bots constantly slamming my servers (the Chinese are the worst offenders by far – curse them!). I found the Apache module mod_evasive and installed it. Here are links to various articles about mod_evasive: http://www.zdziarski.com/blog/?page_id=442 https://coderwall.com/p/eouy3g http://www.crucialp.com/resources/tutorials/server-administration/flood-protection-dos-ddos-protection-apache-1.3-2.0-mod_dosevasive-avoiding-denial-of-service-attacks.php Add the Module to Apache I […]
erics, December 30th, 2022 
Categories: Technology Attack, AWS, Bad Actor, Cloud, CloudTrail, CloudWatch, Compromise, Crypto, DDOS, Detection, dos, howto, IDS, Intrusion, Intrusion Detection, Mining, tips, Vector
| 
No comments 
