Am having some form of brute force attack being done to my server and I have a screenshot of what's happening below. Remote Address 121.14.154.206 is somehow abusing all of my ports and burning through my bandwidth at an incredible rate.
Does anyone know how to directly combat this problem even if I were to not know the IP address as I do now?
I tried blocking the address via iptables
like:
iptables -A OUTPUT -s 121.14.154.206 -j DROP
but the it still continues. Maybe I'm missing something but I'm pretty desperate because I can't afford to pay the bandwidth overage charges at this rate.
EDIT
Blocked all output destination port 53 traffic iptables -I INPUT 0 --dport 53 -j DROP
as I use cloudflare and don't need to resolve my own DNS. I'm seeing some weird things in iptraf still
The amount of traffic has drastically reduced but I'm still getting a solid amount and there's source/destination IP addresses still coming in that are not my ip address. I'm completely baffled as to why they're even showing up because none of them are 173.234.60.106