Ok, so we know that there are several ip’s that have attempted to hack the blog.
We know they try different urls looking for a exploit, or they try to hack a password by brute force…
We are using Amazon EC2 and the old infrastructure, not a VPC Network, so we cannot block a specific Ip to our Web Server.
In an article from 2015 I explained How to Stop a BitTorrent based DDoS attack, and was using iptables for that.
In this example I will show how to use ufw to block tow specific Ip’s, execute as root or with sudo:
ufw insert 1 deny from 18.104.22.168 to any ufw insert 2 deny from 22.214.171.124 to any ufw allow OpenSSH ufw allow 22/tcp ufw allow "Apache Full" ufw enable ufw status numbered
You can do ufw status numbered to see the status of ufw and the rules order.
root@ip-111-111-111-111:/home/ubuntu# ufw status numbered
If you need to delete a rule, use the number on the left and, just type:
sudo ufw delete 2