willeffects - 11:17 am on Feb 28, 2008 (gmt 0)

Hello Group,

Every night from around 8pm to 5am PST I get slammed from Asia Pacific network with site rippers, spam bots, and spam mailers. A lot of the time this causes my server to run out of memory and eventually start shutting down its own services and force me to reboot it. Right now, whenever I see my load go up I am running this script:

netstat -a -n ¦ grep :80 ¦ cut -d : -f2 ¦ awk '{print $2}' ¦ sort ¦ uniq -c ¦ sort

99% of the time if an ip has more then 100 active connections it is from Asia Pacific and when I drop it with iptables things go back to normal.

I am using the following syntax:
iptables -I INPUT -s 193.61.107.151 -j DROP

Though tonight I noticed that some IP's seem to stay in the connection list and their # of connections went up even an hour or so after I added them to iptables. I even tried running the command again at a few times and keep seeing some of the bad ips.

I am not a sysadmin and more or less a linux newbie. If anyone could please verify that I am using iptables correctly and or have any suggestions for me, id greatly appreciate it.

Thanks,
Will