Block IPs in XS 0.6

I was browsing /var/log/httpd/access_log and was freaked out to see a bunch of entries like this: - - [31/Jan/2011:13:32:34 -0600] "POST HTTP/1.0" 200 1511 "-" "-" - - [31/Jan/2011:13:32:37 -0600] "CONNECT HTTP/1.0" 405 314 "-" "-"

Someone's trying to access an IRC server from my server?  Huh?  I should probably block that.

iptables -A INPUT -s -j DROP
service iptables save

Now when I

iptables -L

I see the new entry for the culprit:

DROP       all  --  anywhere

A bit of googlefu turns up that's a well known "Problem IP."

FYI - XS 0.6 keeps its iptables rules in this file:


Leave a Reply