Results 1 to 5 of 5

Thread: UFW to block a domain name?

  1. #1
    Join Date
    Feb 2007
    Location
    Nagoya, Japan
    Beans
    343
    Distro
    Xubuntu 11.10 Oneiric Ocelot

    Question UFW to block a domain name?

    Hello!

    I have seen in my logs that "someone" is trying to access my server from several IP addresses like this:

    220-139-127-188.dynamic.hinet.net[220.139.127.188]
    220-136-24-124.dynamic.hinet.net[220.136.24.124]
    118-167-134-115.dynamic.hinet.net[118.167.134.115]
    118-169-205-95.dynamic.hinet.net[118.169.205.95]
    and so on...

    I could just block each IP, but as you can see, all have in common: "dynamic.hinet.net".

    So, is there any way I can block all the domain without having to take care of the IPs (or subdomains)?

    Thank you!

  2. #2
    Join Date
    Oct 2005
    Location
    Al Ain
    Beans
    8,123

    Re: UFW to block a domain name?

    Install BIND, make a zone for that domain and make a wildcard entry with IP address 127.0.0.1.

    You can also try putting it in /etc/hosts.

    Cheers,

    Herman

  3. #3
    Join Date
    Mar 2007
    Location
    UK, Staffordshire
    Beans
    348
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: UFW to block a domain name?

    Why not give denyhosts or fail2ban a go they will stop these intrusion attempts.
    Box 1 | Xubuntu 12.10 64 bit | Gigabyte GA-MA78GM-S3H rev2 / AMD 5900+ | 250Gb Hitachi SATA / 4Gb RAM
    Ubuntu User #14507[/U] | GPG Key 0xBE7E87FD

  4. #4
    Join Date
    Feb 2007
    Location
    Nagoya, Japan
    Beans
    343
    Distro
    Xubuntu 11.10 Oneiric Ocelot

    Re: UFW to block a domain name?

    HermanAB, thank you but I was looking for something simple... I mean, I already have a script to effectively block IPs with UFW so I can just add each IP and thats all...

    Thank you ushills, I will give a look to those scripts.

    If someone know how to do this using only UFW post it here please.

  5. #5
    Join Date
    Mar 2008
    Location
    Stockholm, Sweden
    Beans
    8
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Re: UFW to block a domain name?

    Hello LepeKaname,

    You don't mention what services you are running on your server. The ones using tcp-wrapping (like SSH) can be domain-blocked.

    Configure /etc/hosts.deny and /etc/hosts.allow accordingly.

    Cheers!

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •