linux

check and block connections script

Posted in linux
200
6:18 am, August 19, 2025
 

check and block connections script

a safe diagnostic script that helps you check and analyze the connections. 

 

⚠️ Why Automatic Blocking is a Bad Idea

 

  • You could lock yourself out: An automated script might block the IP address you're connecting from, cutting off your access.

  • You could break your applications: You might accidentally block legitimate services like your web server, database, or connections to update servers.

  • It doesn't fix the root cause: If a program on your server is making unwanted connections, blocking the destination won't stop the program from trying. The real solution is to find and fix the source.

 

## 1. A Safe Script to Check Connections

 

This script will not make any changes to your system. It only gathers information to help you see what's going on.

  1. Create a file named check_connections.sh:

    Bash
     
    nano check_connections.sh

  2. Copy and paste the following code into the file:

     

You're absolutely right to point that out. My apologies, there's a flaw in the original script that becomes apparent on some systems or with certain types of connections.

The issue is that the script was looking at all sockets, including ones in a LISTEN state which don't have a "Peer Address." This caused the script to process header lines and other irrelevant data, resulting in the garbage output like Local and [.

The fix is to force the ss command to only show established connections, which guarantees a valid remote IP is present. We also need a better way to handle IPv6 addresses to fix the [ issue.

 

## Corrected Script

 

This new version is more robust and should give you the clean output you're looking for.

  1. Open the script file again:

    Bash
     
    nano check_connections.sh

  2. Replace the entire contents with this corrected code:

    Bash
     
    #!/bin/bash

# A safe, corrected script to investigate network connections on a Linux server.

echo "================================================================="
echo "🔍 Top 20 Connecting Peer IPs (Remote Addresses)"
echo "================================================================="
echo "This shows which remote IP addresses have an active connection to your server."
echo "(Count | IP Address)"
echo "-----------------------------------------------------------------"
# What's changed:
# 1. `grep ESTAB`: This is the key fix. It filters for ESTABLISHED connections only,
#    ensuring we only process lines that have a valid remote peer IP address.
# 2. `sed ...`: This command is a more reliable way to remove the port number
#    from both IPv4 and IPv6 addresses, fixing the stray '[' issue.
# 3. Dropped 'u' from `ss -ntu`: UDP is connectionless, so 'ESTAB' doesn't apply.
#    This focuses the search on TCP connections, which are the usual cause of hangs.

ss -nt | grep ESTAB | awk '{print $5}' | sed -e 's/:[^:]*$//' -e 's/\[\|\]//g' | grep -vE '127.0.0.1|0.0.0.0' | sort | uniq -c | sort -nr | head -n 20

echo ""
echo "================================================================="
echo "🖥️  Detailed List of All Connections"
echo "================================================================="
echo "Shows every active connection (Local <--> Peer) and the program using it."
echo "-----------------------------------------------------------------"
ss -tunap

echo ""
echo "================================================================="
echo "✅ Script finished. No changes were made to your system."
echo "================================================================="

 

## Why This Works

 

  • grep ESTAB: This is the most important change. It acts as a filter, ensuring that only lines representing a fully established (ESTAB) connection are processed. This automatically gets rid of listening sockets and the header line, which were causing the bad output.

  • sed -e 's/:[^:]*$//' -e 's/\[\|\]//g': This command is a more powerful way to clean up the address. It does two things:

    1. Removes the port number (the last colon and everything after it).

    2. Removes the [ and ] brackets that surround IPv6 addresses.

This corrected script should now reliably show you a clean list of remote IP addresses that are actively connected to your server.

Hmm i wonder what server that could be... maybe AI?

🔍 Top 20 Connecting Peer IPs (Remote Addresses)
=================================================================
This shows which remote IP addresses have an active connection to your server.
(Count | IP Address)
-----------------------------------------------------------------
     14 57.141.2.28
     13 57.141.2.26
     13 57.141.2.25
     13 57.141.2.20
     13 57.141.2.11
     13 57.141.2.1
     12 57.141.2.6
     11 57.141.2.18
     10 57.141.2.27
     10 57.141.2.22
     10 57.141.2.2
      9 57.141.2.23
      9 57.141.2.10
      8 57.141.2.4
      8 57.141.2.30
      8 57.141.2.12
      7 57.141.2.9
      7 57.141.2.7
      7 57.141.2.19
      7 57.141.2.16

 

Apparently that range is owned by meta / facebook.

ASN    AS32934 - Facebook, Inc.
Hostname    No Hostname
Range    57.141.0.0/24

Now we can just run...

sudo ufw deny from 57.141.2.0/24

thanks for spamming my server with your ai...

 

Posted in linux
200
6:18 am, August 19, 2025

View Statistics
This Week
9
This Month
9
This Year
200

No Items Found.

Add Comment
Type in a Nick Name here
 
Other Items in linux
php error feed errors: XML or PCRE extensions not loaded! Identify which IPs are driving connections: check nginx access logs for bots show established connections in linux ubuntu check connetions in linux every 10 seconds loop Fatal error: Uncaught Error: Call to undefined function mb_strlen() blocking ip range with ufw check and block connections script block ip address ranges on ubuntu linux with UFW list all network connections linux show all connections on linux command line add ssh keys on your linux box in 10 seconds Install PHP without Apache on Ubuntu add a user and add the user to sudo group add user to sudo group in ubuntu simple backup to google drive fron linux backup script to google drive that can be used for multiple directories start ssh and add key git play youtube videos on firefox in ubuntu 18 Creating a chart about charts.css with charts.css from the command line linux mount a drive manually installing exfat and ntfs drivers to enable reading of these filesystems linux list all drives and partitions how to check the temperature of the pi using command line how to check linux kernel version on rasberry pi rasberian how to find what version pi you are using change file permissions to -rw-rw-r-- install atom editor on ubuntu Enabling SSH on Ubuntu certbot add a certificate for one domain renew all SSL certificates with certbot To make Ubuntu do nothing when laptop lid is closed add a user to a group loop through each directory in a target directory and compress them loop through each directory in a target directory tar.gz to compress a directory in linux and then decompress it Find Disk Space Usage using DU how to unzip in linux
Related Search Terms
linux check 3
linux Check 2
linux Block 1
Other Categories in Code
alpine js apps c css factorio font awesome images linux quick modals sqlite site bugs site updates slick slider sliders testing windows apps animation apache api apps asp bat blocking bootstrap bootstrap templates charts cookies core css css filters css grid design elements docker domains emoji fancybox fonts foundation framework gimp git html icons ideas image formatting images javascript javascript functions jquery js linux mac minecraft misc modal modals mysql nginx node php php errors php function php functions php simple html dom pi400 python react regex sections simple_html_dom simplepie php site bugs site documentation slick slick slider sql sqlite ssh sublime svg svg css templates tools video virtual box vscode vue webdev windows windows 11 windows commands wordpress
Search Code
Search Code by entering your search text above.
Welcome

This is my test area for webdev. I keep a collection of code here, mostly for my reference. Also if i find a good link, i usually add it here and then forget about it. more...

You could also follow me on twitter. I have a couple of youtube channels if you want to see some video related content. RuneScape 3, Minecraft and also a coding channel here Web Dev.

If you found something useful or like my work, you can buy me a coffee here. Mmm Coffee. ☕

❤️👩‍💻🎮

🪦 2000 - 16 Oct 2022 - Boots
Random Quote
When i was a little kid, I was really scared of the dark. But then I came to understand, dark just means the absence of photons in the visible wavelength -- 400 to 700 nanometers. Then i thought, well, its really silly to be afraid of a lack of photons. Then i wasn't afraid of the dark anymore after that.
Elon Musk
Random CSS Property

::marker

The ::marker CSS pseudo-element selects the marker box of a list item, which typically contains a bullet or number. It works on any element or pseudo-element set to display: list-item, such as the <li> and <summary> elements.
::marker css reference