Block IPs in XS 0.6

I was browsing /var/log/httpd/access_log and was freaked out to see a bunch of entries like this:

77.92.85.162 - - [31/Jan/2011:13:32:34 -0600] "POST http://83.170.84.12:6667/ HTTP/1.0" 200 1511 "-" "-"
77.92.85.162 - - [31/Jan/2011:13:32:37 -0600] "CONNECT 83.170.84.12:6667 HTTP/1.0" 405 314 "-" "-"

Someone's trying to access an IRC server from my server?  Huh?  I should probably block that.

iptables -A INPUT -s 77.92.85.162 -j DROP
service iptables save

Now when I

iptables -L

I see the new entry for the culprit:

DROP       all  --  rimmer.antycip.co.uk  anywhere

A bit of googlefu turns up that's a well known "Problem IP."

FYI - XS 0.6 keeps its iptables rules in this file:

/etc/sysconfig/olpc-scripts/iptables-xs

Leave a Reply