How to Block Malicious IPs on Your Dedicated Server

Protecting your dedicated server from malicious IP addresses is crucial to maintaining security and performance. Blocking suspicious IPs can help prevent unauthorized access, safeguard sensitive data, and maintain server stability. Follow this step-by-step guide to block malicious IPs effectively.

Step 1: Identify Suspicious IPs on Your Server

Before blocking, it’s essential to identify the IP addresses causing potential harm:

  • Monitor login attempts:

    • For Ubuntu/Debian: 
      sudo grep "Failed password" /var/log/auth.log
    • For CentOS: 
      sudo grep "Failed password" /var/log/secure

  • Use server analytics tools:
    Check your server logs and tools for abnormal traffic patterns, repeated access attempts, or known attack vectors.

  • Verify IP reputation:
    Use online services like AbuseIPDB or IPvoid to confirm if an IP is malicious.

Step 2: Block IPs Using Your Server's Firewall

You can block IPs manually using a firewall. Here’s how:

For UFW (Ubuntu/Debian Systems)

  • Block a specific IP address: 
    sudo ufw deny from [malicious_IP]
  • Block an IP range: 
    sudo ufw deny from [IP_range]

For iptables (Linux Systems)

  • Block a specific IP address:

    sudo iptables -A INPUT -s [malicious_IP] -j DROP

  • Block an IP range:

    sudo iptables -A INPUT -s [IP_range] -j DROP

  • Save the iptables configuration to ensure it persists after a reboot:

    • Ubuntu/Debian: 
      sudo iptables-save > /etc/iptables/rules.v4
    • CentOS: 
      sudo service iptables save

Step 3: Automate IP Blocking with Fail2Ban

Manually blocking IPs can be time-consuming. Fail2Ban automates this process:

  • Install Fail2Ban:

    • Ubuntu/Debian: 
      sudo apt install fail2ban -y
    • CentOS: 
      sudo yum install fail2ban -y

  • Configure Fail2Ban:

    • Open the configuration file: 
      sudo nano /etc/fail2ban/jail.local
    • Add settings to protect services like SSH: 
      [sshd]  
enabled = true  
port = ssh  
logpath = /var/log/auth.log  
maxretry = 5  
bantime = 3600
    • Save the changes and restart Fail2Ban: 
      sudo systemctl restart fail2ban

  • Check Banned IPs:
    View the list of currently banned IPs:

    sudo fail2ban-client status sshd

Step 4: Regularly Monitor and Update Firewall Rules

Blocking malicious IPs is an ongoing task. Regularly:

  • Review your server logs for new suspicious activity.
  • Adjust firewall and Fail2Ban rules as necessary.
  • Keep your server software and security tools updated.

Conclusion

Blocking malicious IPs is a fundamental security step for any dedicated server owner. By actively monitoring, using firewall rules, and automating with tools like Fail2Ban, you can significantly reduce the risk of unauthorized access and protect your server.

For more insights or to explore secure hosting solutions, visit QuickServers.net.

Was this answer helpful? 0 Users Found This Useful (0 Votes)

Most Popular Articles

How to Set Up a Firewall to Protect Your Dedicated Server

How to Set Up a Firewall to Protect Your Dedicated ServerSecuring your dedicated server with a...
How to Secure Your Dedicated Server Against Brute Force Attacks

How to Secure Your Dedicated Server Against Brute Force AttacksBrute force attacks are a common...
How to Install and Configure Fail2Ban on Your Dedicated Server

How to Install and Configure Fail2Ban on Your Dedicated ServerFail2Ban is an essential tool for...
How to Enable Two-Factor Authentication (2FA) for Your Server Login

How to Enable Two-Factor Authentication (2FA) for Your Server Login Two-Factor Authentication...
How to Secure Your Dedicated Server: A Beginner’s Guide

How to Secure Your Dedicated Server: A Beginner’s Guide A dedicated server provides full...