New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Iran, iran so far away
Rather trying to block using country IP which is not always effective as you have found. How about using additional block lists like Ipsum or AbuseIP.
If it's Iran and you keep having issues, you can use AWAY service like I did - it's completely free and certain to work.
... Iran AWAY har har har
Have you try ufw and CIDR blocks?
I have used CC_DENY to block the whole country. It has minimized the attack, but not all accesses from Iran are blocked.
Do you mean some Iranian living elsewhere, like North America, are trying to gain access to your VPS? How do you know that they are Iranian?
i had same issue with my servers at hetzner, ips from iran 46.38.144.XXX 24/7 doing brute-force attacks.
I used CC_DENY with db-ip, ipverse, iptoasn as source (CC_SRC) and wasn't blocking everything, so i switched to maxmind and now blocks all countrys well.
Before blocking Iran, ~99% IPs used for the attack were from Iran.
how are they bombarding your server? What services are they trying to access? you can use fail2ban to throtle their access but it won't work if they keep cycling ip addresses.
Note that just because the IP maps to Iran doesn't mean it's iranians doing it. Botnets can marshal infected PCs in any country.
What type of attack is it?
Are they hackors, crackors or lamors?
You should reach out to Trump
Just kidding.. anyway which kind of attacks you are facing? DDoS?
Hm... let them brute-force my servers. If they find the usernames and passwords, it's is my fault.
What if they gain access to Trump computer and accidentally launch all the nukes and diseases? Putin still uses Windows XP, maybe Trump is using Windows 98.
Hackers don't want to get caught. It's stupid to attack someone from their own IPs. They will use Tor or compromised computers to hide their locations. On the contrary, hackers from the enemy of Iran are more likely to use Iran's IPs to perform network attacks.
"Sir, we have an urgent meeting to discuss our upcoming missile attacks. We also need to review the drone program, and the navy is here to talk about the Strait of Hormuz."
"They'll have to wait. I'm trying to hack into this low end VPS..."
Try block using cloudflare.
Could you please report this to our abuse team? https://abuse.hetzner.com/issues/new?lang=en Thanks in advance for your help! --Katie
Try Cloudflare or otherwise Blockscript.
I don't think cloudflare can protect an ip
Maybe CSF doesn't have all Iran ip addresses in their database, the most updated database of ip addresses is MaxMind, download the db, you will find all Iran ip addresses there, grab the ranges and put in CSF.
When using CloudFlare you don't have to worry about protecting your server they have built in mechanisms that will protect you from attacks but the bad of CloudFlare is that they don't support many ports and protocols.
You should try Cloudflare
Do you have the latest list of IP address blocks from Iran?
IP2Location provides free list in https://www.ip2location.com/free/visitor-blocker
You can export and update it monthly to make sure you have the latest ranges.
+1 for Cloudflare