Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Advertise on LowEndTalk.com

Latest LowEndBox Offers

    Any idea how to block access from Iran
    New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

    Any idea how to block access from Iran

    pkrpkr Member

    Iranian attackers/generals are constantly bombarding my VPS in Germany. I have blocked the whole country in CSF, but CSF is not able to block all accesses from Iran. Any idea how to block Iranian attackers?

    Comments

    • Iran, iran so far away

      Purveyor of high quality potassium | "Get a FREE high-spec VPS from Evolution Host"

    • Rather trying to block using country IP which is not always effective as you have found. How about using additional block lists like Ipsum or AbuseIP.

    • KermEdKermEd Member
      edited January 18

      If it's Iran and you keep having issues, you can use AWAY service like I did - it's completely free and certain to work.

      ... Iran AWAY har har har

    • pkrpkr Member

      I have used CC_DENY to block the whole country. It has minimized the attack, but not all accesses from Iran are blocked.

    • @pkr said:
      I have used CC_DENY to block the whole country. It has minimized the attack, but not all accesses from Iran are blocked.

      Do you mean some Iranian living elsewhere, like North America, are trying to gain access to your VPS? How do you know that they are Iranian?

      Thanked by 1Clouvider

    • donkodonko Member

      i had same issue with my servers at hetzner, ips from iran 46.38.144.XXX 24/7 doing brute-force attacks.

      I used CC_DENY with db-ip, ipverse, iptoasn as source (CC_SRC) and wasn't blocking everything, so i switched to maxmind and now blocks all countrys well.

    • pkrpkr Member

      @chihcherng said:
      Do you mean some Iranian living elsewhere, like North America, are trying to gain access to your VPS? How do you know that they are Iranian?

      Before blocking Iran, ~99% IPs used for the attack were from Iran.

    • AbdussamadAbdussamad Member
      edited January 18

      how are they bombarding your server? What services are they trying to access? you can use fail2ban to throtle their access but it won't work if they keep cycling ip addresses.

      Note that just because the IP maps to Iran doesn't mean it's iranians doing it. Botnets can marshal infected PCs in any country.

    • What type of attack is it?
      Are they hackors, crackors or lamors?

      You are dreaming. | And it's a nightmare. | THE SECRET THREAD | THE TRUTH | HAVES YOU SEEN THIS YURA?
      „Homo homini rattus.“ | It's not nightmare, it's reality, but it's still nightmare.

    • ViridWebViridWeb Member, Provider

      You should reach out to Trump :wink:
      Just kidding.. anyway which kind of attacks you are facing? DDoS?

      ViridWeb.com - cPanel Web Hosting | Litespeed + SSH Access + Free Backups + Free Transfers.
      CIN: U72900WB2018OPC226882 | GST: 19AAGCV4976R1Z4

    • defaultdefault Member
      edited January 18

      Hm... let them brute-force my servers. If they find the usernames and passwords, it's is my fault.

      What if they gain access to Trump computer and accidentally launch all the nukes and diseases? Putin still uses Windows XP, maybe Trump is using Windows 98.

      Thanked by 1yoursunny

      Fastmako (aff) - great VPS for your needs.

    • chihcherngchihcherng Member
      edited January 18

      @pkr said:
      Before blocking Iran, ~99% IPs used for the attack were from Iran.

      Hackers don't want to get caught. It's stupid to attack someone from their own IPs. They will use Tor or compromised computers to hide their locations. On the contrary, hackers from the enemy of Iran are more likely to use Iran's IPs to perform network attacks.


    • pkr said: Iranian attackers/generals

      "Sir, we have an urgent meeting to discuss our upcoming missile attacks. We also need to review the drone program, and the navy is here to talk about the Strait of Hormuz."

      "They'll have to wait. I'm trying to hack into this low end VPS..."

      For LET support, please visit the support desk.

    • Try block using cloudflare.

      Noobies in Linux

    • Hetzner_OLHetzner_OL Member, Provider, Top Provider

      @donko said:
      i had same issue with my servers at hetzner, ips from iran 46.38.144.XXX 24/7 doing brute-force attacks.

      Could you please report this to our abuse team? https://abuse.hetzner.com/issues/new?lang=en Thanks in advance for your help! --Katie

      Thanked by 1donko

      We (Katie and Helena) will do our best to answer your Hetzner questions and pass on your feedback. Hetzner Online's not liable for any corny jokes that we make. (https://www.hetzner.com)

    • marvelmarvel Member without signature

      Try Cloudflare or otherwise Blockscript.

    • @marvel said:
      Try Cloudflare or otherwise Blockscript.

      I don't think cloudflare can protect an ip

    • illyhostingillyhosting Member, Provider

      Maybe CSF doesn't have all Iran ip addresses in their database, the most updated database of ip addresses is MaxMind, download the db, you will find all Iran ip addresses there, grab the ranges and put in CSF.

      IllyHosting.com - Cheap VPS & Dedicated Servers (Kosovo, Europe)
      AS207817 | VPS | Dedicated | Colocation | .AL Domains

    • illyhostingillyhosting Member, Provider

      @yokowasis said:

      @marvel said:
      Try Cloudflare or otherwise Blockscript.

      I don't think cloudflare can protect an ip

      When using CloudFlare you don't have to worry about protecting your server they have built in mechanisms that will protect you from attacks but the bad of CloudFlare is that they don't support many ports and protocols.

      IllyHosting.com - Cheap VPS & Dedicated Servers (Kosovo, Europe)
      AS207817 | VPS | Dedicated | Colocation | .AL Domains


    • You should try Cloudflare =)

    • mikecmikec Member

      Do you have the latest list of IP address blocks from Iran?

      IP2Location provides free list in https://www.ip2location.com/free/visitor-blocker

      You can export and update it monthly to make sure you have the latest ranges.

    Sign In or Register to comment.