How to Detect and Block Malicious IPs on Your Ubuntu Linux Server in Real Time | by Faruk Ahmed | Apr, 2025

#ips #log #block #linux

Member-only story

How to Detect and Block Malicious IPs on Your Ubuntu Linux Server in Real Time

Intro:

If your Linux server is exposed to the internet, someone is scanning it right now. Most attackers don’t even need to break in — they just look for a weak point, like an open port or forgotten app. In this post, I’ll show you how to detect suspicious IPs in real time and block them automatically using tools built right into your Linux system.

1. Monitor Access Logs for Abuse

For Nginx:

sudo tail -f /var/log/nginx/access.log

For Apache:

sudo tail -f /var/log/apache2/access.log

Watch for:

Repeated requests from the same IP
Access to unusual URLs (/wp-login.php, /admin, /phpmyadmin)
Bots with weird user-agents

2. Use awk to Flag Suspicious IPs

awk '{print $1}' /var/log/nginx/access.log | sort | uniq -c | sort -nr | head

DEV Community

How to Detect and Block Malicious IPs on Your Ubuntu Linux Server in Real Time | by Faruk Ahmed | Apr, 2025

How to Detect and Block Malicious IPs on Your Ubuntu Linux Server in Real Time

🧠 Article Outline:

Intro:

1. Monitor Access Logs for Abuse

2. Use awk to Flag Suspicious IPs

3. Block Bad IPs with iptables or ufw

With iptables:

👉 Read Full Blog on Medium Here

Top comments (0)