Ok, so we know that there are several ip’s that have attempted to hack the blog.

We know they try different urls looking for a exploit, or they try to hack a password by brute force…

We are using Amazon EC2 and the old infrastructure, not a VPC Network, so we cannot block a specific Ip to our Web Server.

In an article from 2015 I explained How to Stop a BitTorrent based DDoS attack, and was using iptables for that.

In this example I will show how to use ufw to block tow specific Ip’s, execute as root or with sudo:

ufw insert 1 deny from 89.35.39.60 to any
ufw insert 2 deny from 85.204.246.240 to any
ufw allow OpenSSH
ufw allow 22/tcp
ufw allow "Apache Full"
ufw enable
ufw status numbered

You can do ufw status numbered to see the status of ufw and the rules order.

root@ip-111-111-111-111:/home/ubuntu# ufw status numbered
 Status: active
  To                         Action      From
 --                         ------      ----
 [ 1] Anywhere                   DENY IN     89.35.39.60               
 [ 2] Anywhere                   DENY IN     85.204.246.240            
 [ 3] Apache Full                ALLOW IN    Anywhere                  
 [ 4] OpenSSH                    ALLOW IN    Anywhere                  
 [ 5] 22/tcp                     ALLOW IN    Anywhere                  
 [ 6] Apache Full (v6)           ALLOW IN    Anywhere (v6)             
 [ 7] OpenSSH (v6)               ALLOW IN    Anywhere (v6)             
 [ 8] 22/tcp (v6)                ALLOW IN    Anywhere (v6)             
 root@ip-111-111-111-111:/home/ubuntu# 

If you need to delete a rule, use the number on the left and, just type:

sudo ufw delete 2