We are using nginx and seem flooded by an IP address that that's not going away even after putting it in firewall and usng tcpkill
.
$ netstat -tn 2>/dev/null | grep :80 | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr | head
22 66.135.60.154
4 104.25.218.111
3 66.249.64.6
$ sudo iptables -I INPUT -m iprange --src-range 66.135.60.0-66.135.60.255 -j DROP
$ sudo tcpkill -i eth0 host 66.135.60.154
After thus netstat
still shows the IP address. Have tries restarting nginx several times but not helping.
Any idea?