New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
https://www.enjen.net/asn-blocklist/
interesting, so its actually we need blocking manually all ips inside that ASN,
there is alot of commands to just block a single ASN,
if i want to blocking multiple ASNs, let say 10 ASNs, will it slow down my VPS?
Are you sure blocking a whole ASN is a good idea? There might be better ways to do this
You should block it:
http://bgp.he.net/AS15169
@linuxthefish, almost everyday my websites got leeched or abused by some ips from DCs like aws,ovh,linode,etc. so instead of blocking single or /24 range, i think blocking their ASN
@kzed it's called "welcome to the internet"
@andreamada, haha, lucky you that you dont have your own ASN yet, if you have one, let me know, i'll write your ASN on my top blocked list /s
i'm asking a serious question -.-
@kzed how much traffic do you get? http://getipintel.net lets you do 500 queries a day for free and blocks hosting companies. Alternatively, if you want to manage your own list of ASNs to block, use something that looks up ip -> asn like http://www.team-cymru.org/IP-ASN-mapping.html or grab raw bgp dumps and parse CIDR -> ASN yourself.
lol you really want Google to remove his site from their index?
Blocking OVH ASN is the best thing to do because of their ips huge involvement in abuse and i don't think blocking OVH means blocking any home user?
@black is there any ASN list available of big web hosts like OVH? I have already blocked OVH and Hetzner but there are many others specially the LET vps providers that i want to block i have faced enough trouble because of their VPS users.
@rds100, i like Cloudflare feature that you can easly block an ASN on their firewall just write the ASN, but since my provider does not recommend using Cloudflare infront of their DDOS protection, so i need to sacrifice one of it,
@black, thanks for your offer, unfortunately my traffic is a bit heavy, so adding a lookup into my script probably will make more loads to my server.
@WebGuru, how you blocking OVH and Hetzner?
@kzed are you a victim of regular ddos too lol? I had to sacrifice Voxility Layer 7 for Cloudflare because when i used both of them together Google bot wasn't able to access my site while users were having no issue so half of my pages went missing from Google index and i only came to know about it after a week
I face most abuse from OVH ips
I remember someone posted a list on github awhile ago but I don't know where to look for it anymore.
So you're looking for blocking techniques before the IP connects to your server? Like something via Cloudflare's firewall panel?
Through Cloudflare and through Nginx when using dns only mode of CF.
Oh ok i will try to find it.
Is it better to stop it at entry level in iptables level or nginx? (which method is better and fast i don't want to slow down the loading time)
@WebGuru, well yes, DDOS and other things,
@black, yes something like cloudflare's firewall panel, my last solution would be using them, but since my provider does not recommending it because it will make false alarm to their DDOS protection so i never tried combining it yet.
I had to block countries like Japan and Korea because of VPN Gate. (well my sites hardly get any traffic from their so it was an ok decision)
default IPtables doesn't handle large set of rules very well. Nginx should be fine in terms of load times.
Oh I see. I thought you were having issues with bots crawling your pages and "leeching". You can compile a list of ASNs, get all the CIDRs, convert them to a range CF would accept in CF firewall and block it. I don't know if CF will get pissed when they see you have thousands of firewall rules though. Also ASN CIDRs announcements change. A new IP block can appear or an IP block can disappear (sold to someone else) so you'll have to keep things updated.
thanks for suggestion so i will keep using the nginx method.
@kzed are you using nginx? it's pretty easy to block them all you had to do is get the CIDRs and do it this way in your site conf file (location block):
lol just checked https://www.enjen.net/asn-blocklist/stats.php and it looks like ColoCrossing ASN has been looked up most
Check this list https://www.enjen.net/asn-blocklist/stats.php
It's really helpful i can find ASN of almost every host there.
It was just ironic, not too difficult to understand it
Use route add -net x.x.x.x/X gw 127.0.0.1 lo
This will not cause any significant performance degradation.