Earlier today, I noticed a bunch of weird requests to one of my Rails apps. I’m not sure what their intention was but I didn’t want to take the chance since the IP traced back to somewhere in China which meant if something went bad, I’d have little recourse.

So I decided to block their IP. Doing this is pretty easy using iptables on Ubuntu. I just entered this in my terminal after logging in via ssh:

iptables -I INPUT -s 59.56.108.202 -j DROP

I’m not sure if this is the best defense but it’s what was suggested by the support rep at Mosso. And yes, that is the IP I blocked. It was creating requests that looked like this in the access.log:

sitespress.com:80 59.56.108.202 - - [27/May/2009:17:32:25 +0000]
"GET http://116.0.22.245/prxjdg.cgi?en HTTP/1.0" 404 947 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705)"