I detect poneytelecom connections using iftop, but how to block them?

P

postcd

Guest
I see the http connections using iftop linux tool:

vps:http => 212-129-28-14.rev.poneytelecom.eu:49265 0b 0b 0b
<= 208b 104b 104b
vps:http => 212-129-28-14.rev.poneytelecom.eu:38081 0b 0b 0b
<= 0b 104b 104b
vps:http => 212-129-28-14.rev.poneytelecom.eu:33793 0b 0b 0b
<= 208b 104b 104b
vps:http => 212-129-28-14.rev.poneytelecom.eu:25905 0b 0b 0b
<= 208b 104b 104b
vps:http => 212-129-28-14.rev.poneytelecom.eu:61101 0b 0b 0b
<= 208b 104b 104b
vps:http => 212-129-28-14.rev.poneytelecom.eu:56018 0b 0b 0b
<= 208b 104b 104b
vps:http => 212-129-28-14.rev.poneytelecom.eu:34651 .......

i checked my httpd log folder and found no connections by that IP:
grep -Ril "212.129.28.14|14.28.129.212" /var/zpanel/logs/domains/admin/

Im seeing these connections even i added 212.129.28.14,14.28.129.212 IPs into /etc/hosts.deny which confusing me asking for help what is wrong and how to block it properly. Was looking up if i can block it in iptables according to hostname partial match, but no luck.
 


- why not in hosts.deny file (as i did already with no effect)
- how to do iptables block using partial hostname match. (Im asking because this spider using several IPs)
 
Did you try
sudo iptables -A INPUT -s 212.129.22.0/16 -j DROP
sudo iptables -A INPUT -s 14.16.0.0/16 -j DROP

You can check the block count with
sudo watch -d iptables -L -nv
 


Top