How to ban ip addresses, how does netstat-npla?

netstat-npla | grep :80 | awk '{print $5}' | cut-d: -f1 | sort | uniq -c | sort-rn
209 95.213.4.228
155 68.180.229.169
137 95.213.4.229
122 93.190.143.112
9 176.9.120.48
6 188.40.65.132
5 176.9.137.118
4 46.229.168.70
4 0.0.0.0
2 46.229.168.78
2 46.229.168.68
2 109.254.76.27
1 92.177.114.31
1 82.146.57.90
1 66.249.64.137
1 66.249.64.133
1 46.229.168.77
1 46.229.168.76
1 46.229.168.67
1 46.229.168.66


The first digit is the number of ports with an ip address, as I understand it.

This means that the server requests received on the 80th port with these ip addresses, right? Or it could mean that servers are at these ip addresses?

How can I block these two ip
95.213.4.228 and 95.213.4.229
in Vesta CP?
I tried to do so https://1drv.ms/i/s!AocHKko7YOW_i6gYxzB6S29KrZiY9g - but the number of connections to these IPS is not reduced (for testing use above code netstat-npla...).
June 10th 19 at 15:01
1 answer
June 10th 19 at 15:03
Well, generally speaking there is fail2ban, use it for such purposes. Manually ban anyone who tries to crack the password to the admin interface - go crazy.

Find more questions by tags DDoSDebianNetwork administrationVesta