История изменений
Исправление
Shulman,
(текущая версия)
:
root@vesta4:/home/nommaner# cat ~/iptables-save
# Generated by iptables-save v1.6.0 on Wed Nov 20 09:08:15 2019
*filter
:INPUT ACCEPT [122:34064]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [109:86746]
:f2b-sshd - [0:0]
:fail2ban-FTP - [0:0]
:fail2ban-MAIL - [0:0]
:fail2ban-SSH - [0:0]
:fail2ban-VESTA - [0:0]
:vesta - [0:0]
-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
-A INPUT -p tcp -m tcp --dport 22 -j fail2ban-SSH
-A f2b-sshd -j RETURN
-A fail2ban-SSH -s 41.214.138.178/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -s 106.12.208.211/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -s 118.24.149.248/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -s 91.207.40.45/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -s 112.85.42.171/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -s 116.196.80.104/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -s 112.217.225.61/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -s 165.169.241.28/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -s 103.110.89.148/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -s 150.109.52.25/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -s 83.221.222.251/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -s 185.232.67.5/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -s 61.157.78.29/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -s 222.186.175.220/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -s 118.25.126.32/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -j RETURN
COMMIT
# Completed on Wed Nov 20 09:08:15 2019
Но в этот раз метод описанный выше не помог. Я прибил один процесс апача, и сервер ожил... странно что один процесс мог повесить всю веб подсистему...
Исходная версия
Shulman,
:
root@vesta4:/home/nommaner# cat ~/iptables-save
# Generated by iptables-save v1.6.0 on Wed Nov 20 09:08:15 2019
*filter
:INPUT ACCEPT [122:34064]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [109:86746]
:f2b-sshd - [0:0]
:fail2ban-FTP - [0:0]
:fail2ban-MAIL - [0:0]
:fail2ban-SSH - [0:0]
:fail2ban-VESTA - [0:0]
:vesta - [0:0]
-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
-A INPUT -p tcp -m tcp --dport 22 -j fail2ban-SSH
-A f2b-sshd -j RETURN
-A fail2ban-SSH -s 41.214.138.178/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -s 106.12.208.211/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -s 118.24.149.248/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -s 91.207.40.45/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -s 112.85.42.171/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -s 116.196.80.104/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -s 112.217.225.61/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -s 165.169.241.28/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -s 103.110.89.148/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -s 150.109.52.25/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -s 83.221.222.251/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -s 185.232.67.5/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -s 61.157.78.29/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -s 222.186.175.220/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -s 118.25.126.32/32 -j REJECT --reject-with icmp-port-unreachable
-A fail2ban-SSH -j RETURN
COMMIT
# Completed on Wed Nov 20 09:08:15 2019