John Bokma

Blocking unwelcome site traffic using iptables

August 28, 2016

After having generated an HTML report with GoAccess of this web site's current access log I noticed two IPs that had made a lot of requests to my site; and The top search in Google for the first IP address led to IP Reports for The origin of the IP address is the Russian Federation, and the page warns "Lots of activity from this IP in the last few days."

I used SpamCop to look up an abuse email address for The page lists one reporting address: seodedic at An abuse address referring to search engine optimization (SEO) for an IP address that's suspiciously active on my site; pointless to complain.

A whois look up showed that both IP addresses belong to the range - with a netname of "seodedic". Time to block this range using iptables.

So I accessed the VPS which hosts this site, changed to the root account and used vi to add the following line to /etc/iptables.up.rules:

-A INPUT -p tcp -s -j REJECT

This rule rejects all TCP traffic with a source IP address in range -, inclusive.

After I had written the change back to the file and quit vi I updated the current firewall rules using:

iptables-restore < /etc/iptables.up.rules

A few hours later I generated a new HTML report from the current Apache web server access log using GoAccess. The hit counts for both IP addresses hadn't changed; good.

home - blog - email

I am a freelance Perl programmer for hire, download my up-to-date resume (PDF).