Use IPTables to reroute or just annoy your visitors
July 15, 2008 by methode
Filed under Linux, Server Management
Yeah, I know, I’m an idiot.
So, what I wanted to do is to annoy one of my friends in a way he never observes I did something. He is a frequent visitor of one of the site’s I manage, as I couldn’t find a better way, I decided to do something with the site somehow. The site I couldn’t alter as it’s too popular. But I knew his IP from the logs so I decided to redirect him each time he tries to access the site.
Since php had the header() function disabled redirecting him via IP matching didn’t work, had to use something else. Meta refresh isn’t good, Javascript neither as he has it disabled all the time.
IPTables! Godly touch …
iptables -A PREROUTING -s HIS.IP.ADDRESS.01/255.255.255.0 -p tcp -j DNAT --to-destination 64.233.167.99
Every request from him to the server will forward him to Google search. Nice. The problem was, that I had to listen his theory of how Google bought his favorite site. 
Why is this more effective than any other script-based method?
Well, that’s obvious why is better than the client-side methods, it can’t be overridden. As of why is better than the server side codes, a valid reason would be that if you simply can not use header resetting methods.
Stop network flood in one step
July 6, 2008 by methode
Filed under Linux, Server Management
Ok, two 
First connect to your server’s private network using SSH and login as root. Your data center should provide you how can you do this, on Softlayer servers you have to create first a VPN tunnel to the Softlayer network then you can connect to the server’s private IP.
Usually a server has two network adapters: one for public traffic and one for the server’s private network. As You are smart and know the server’s configuration, must know how these adapters are named, anyway, usually eth0 for private network and eth1 for public.
If you are connected to the server’s private IP and only then, type in the command-line:
ifdown eth1
This command will shut your server’s public network down, thus closing all connections.
To fire the public network up:
ifup eth1
Why did I warn you about to not do this if you are not connected to the private network? Well, think a bit: if you close the public adapter and you manage the server through this network, how will you reconnect if the public network is shut down? 
If you can connect only through the public network, you can try to just simply restart the public network’s adapter using the following command:
/etc/init.d/network restart
To check at any time your public network adapter’s status:
ifstatus eth1
Ban and Unban IPs using IPTables
July 6, 2008 by methode
Filed under Linux, Server Management
Sometimes users come to your website with bad intentions. Say you observe that somebody tries to brute force a password or just sends unknown requests to your server in an incredibly fast rate.
A very basic solution is to just ban the IP of the remote computer using IPTables. I will try to explain in a simple manner how to ban one single IP from the entire server.
First, initiate an SSH connection to your server and login as root. In the command line type:
iptables --help
The above command will list what parameters are permitted for use with iptables. Now how to ban a specific IP:
iptables -A INPUT -s IP.ADDRESS.HERE -j DROP
Obviously, replace the “IP.ADDRESS.HERE” with the desired IP address. The above command will restrict one single IP’s access to any port on the server. But what if you want to ban an IP’s access only to the web-server, say Apache which is usually running on port 80. You can use the below command:
iptables -A INPUT -p tcp -s IP.ADDRESS.HERE --dport 80 -j DROP
One single step remained: restarting the iptables service. First, we want to save its state, then restart:
service iptables save
service iptables restart
OK, all cool. Now a bit of fairy tale: I was playing with a server which has CSF (see end of the post) installed and after 5 unsuccessful login attempts to a password protected public zone, my IP arrived in the IPTables INPUT and OUTPUT chain. Odd and lame. I had to remove somehow my IP from the chains as I was not able to use the server in any way, no SSH, no FTP, no HTTP. Practically I was locked out of the server. The solution? Well, it’s simpler than it sounds, but as the server was a Softlayer server, i was able to connect to the server’s private IP using SSH, login as root, then remove my IP from the blocked IP’s list. OK, this requires a bit of explanation, i guess. When connecting to a Softlayer server’s private network, first you have to initiate from your PC a VPN connection to the Softlayer private network. When the connection is live, it will be like a tunnel and will enable the user to connect to a server’s private IP even if the user’s IP has been blocked because the VPN tunnel will act like a proxy.
OK, so how to un-ban an IP using IPTables?
Using the below two commands, will remove the IP from the blocking list:
iptables -D INPUT -p all -s IP.ADDRESS.HERE -j DROP
iptables -D OUTPUT -p all -s IP.ADDRESS.HERE -j DROP
As usual, you save then restart IPTables service:
service iptables save
service iptables restart
CSF - ConfigServer Firewall
