Blocking IP ranges

[kapkan]

Hi CSF community...

This will be my first question in here. I hope that I am asking to right place.

I have been getting error emails like this:

Code: Select all

Time:     Sun May 18 07:45:11 2014 +0000
IP:       115.238.236.85 (CN/China/-)
Failures: 5 (sshd)
Interval: 3600 seconds
Blocked:  Permanent Block

Log entries:

May 18 07:45:01 ** sshd[25068]: Failed password for root from 115.238.236.85 port 53445 ssh2
May 18 07:45:03 ** sshd[25078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.238.236.85  user=root
May 18 07:45:05 ** sshd[25078]: Failed password for root from 115.238.236.85 port 54812 ssh2
May 18 07:45:06 ** sshd[25081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.238.236.85  user=root
May 18 07:45:06 ** sshd[25082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.238.236.85  user=root

I want to block them and some other IP ranges which are on my htaccess file.

What is the best way to do this on CSF?

Maybe the answer is simple for you, but I am a newbie, am trying to learn VPS and CSF. I've just rented a VPS this week as first time.

[frustrated]

Here's a good primer on IP range blocks: https://www.mediawiki.org/wiki/Help:Range_blocks

For your IP example, 115.238.236.0/24 would block 256 addresses, ending from 0 to 255.

[wm0000]

Just be careful not to block too many ... iptables freaks out after 1k or so rules.