I've had a dedicated server for about 5 years. One of my forums is getting hit by spambots from certain (Eastern European) servers that are rife with spambots and I have just started working with the apf firewall to block these servers.
I looked at my existing iptables rules and discovered that I have 109 different ip addresses already being blocked. LP has contacted me three times over the past five years to let me know that my server was being attacked and that they had added an ip address to my firewall to bock these attacks. Good work by LP and I appreciate it. But my question is how did all these 109 ip address DROPs get added to my iptables rules? Does LP or an automated script do this on my behalf?
I also looked at my deny_hosts file and it shows three ip address DROPs. I assume that these are the three ip addresses that were added by LP when they contacted me about attacks on my server. Is there an automated script that also adds DROPs to my iptables rules?
I'm not complaining, just wondering what is happening. I realize that I could contact LP support but I thought that adding a question in this forum might alert other dedicated owners about this.