How to Detect and Block Malicious IPs on Your Ubuntu Linux Server in Real Time

28.04.2025 11 views

Member-only story

Intro:

If your Linux server is exposed to the internet, someone is scanning it right now. Most attackers don’t even need to break in — they just look for a weak point, like an open port or forgotten app. In this post, I’ll show you how to detect suspicious IPs in real time and block them automatically using tools built right into your Linux system.

1. Monitor Access Logs for Abuse

For Nginx:

sudo tail -f /var/log/nginx/access.log

For Apache:

sudo tail -f /var/log/apache2/access.log

Watch for:

Repeated requests from the same IP
Access to unusual URLs (/wp-login.php, /admin, /phpmyadmin)
Bots with weird user-agents

2. Use awk to Flag Suspicious IPs

awk '{print $1}' /var/log/nginx/access.log | sort | uniq -c | sort -nr | head

This gives you the top IPs hitting your server.

How to Detect and Block Malicious IPs on Your Ubuntu Linux Server in Real Time | by Faruk Ahmed | Apr, 2025

How to Detect and Block Malicious IPs on Your Ubuntu Linux Server in Real Time

🧠 Article Outline:

Intro:

1. Monitor Access Logs for Abuse

2. Use awk to Flag Suspicious IPs

3. Block Bad IPs with iptables or ufw

With iptables:

👉 Read Full Blog on Medium Here

Comments (0)

Read More

#reading

#popular

How to Detect and Block Malicious IPs on Your Ubuntu Linux Server in Real Time | by Faruk Ahmed | Apr, 2025

How to Detect and Block Malicious IPs on Your Ubuntu Linux Server in Real Time

🧠 Article Outline:

Intro:

1. Monitor Access Logs for Abuse

2. Use awk to Flag Suspicious IPs

3. Block Bad IPs with iptables or ufw

With iptables:

👉 Read Full Blog on Medium Here

Comments (0)

Read More

My Development Favorite Commands Cheatsheet

🏰 Blog – Privileged Access Management (PAM): Locking Down the Keys to the Kingdom

Como começar em Cloud e DevOps? Um guia direto pra iniciantes

The 90% Makefile

#reading

#popular