A customer emailed in today had noticed somebody trying to hack or crash his VPS. He tracked it down to one particular IP address but didnt know how to block him.
There are several things you can do to block him, the long term solution and better option is probably using a firewall like iptables.
To block a single IP address with iptables you run the following
iptables -A INPUT -s offendingip -j DROP
This simply drops all packets from that source ip address. This will not be saved at all when you reboot so to do that, you can run the following comands
This saves your rules all into that file, now you just need a way of importing those rules which would be as follows
iptables-restore < /etc/iptables-save
By adding this to your network up scripts this will auto import them every reboot when your network comes up.
Under RHEL/Centos you can use following commands:
To Save the rules to /etc/sysconfig/iptables file:
# /etc/init.d/iptables save
To Restore the rules from /etc/sysconfig/iptables file:
# /etc/init.d/iptables start
If you are using Debian Linux open /etc/network/interfaces:
# vi /etc/network/interfaces
Append the line to eth0 section:
post-up iptables-restore < /etc/iptables-save
As always, if you get stuck at all, just drop us an email at support, we are only too happy to help out.