New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Block China from a VPS
What would be the best way to block China from a VPS? As in, f them all, stupid brute-forcers. iptables? Any ideas?
Nothing against chinese people, however 99% of the shit that passess by is from China. Take this recent honeypot for example: http://213.187.240.29/ - China all over the place.
EDIT:
curl -s http://www.okean.com/sinokoreacidr.txt | awk '{print " route add blackhole "$1}' | xargs -L 1 ip
Comments
Most probably there are no way except block with GeoIP. You can generate rules for Iptables / ipset. There are some scripts on the internet for this.
You can use the GeoIP List from MaxMind and simply filter out the China ip blocks and then use iptables to block it...
eg. iptables -A INPUT -s 0.0.0.0/24 -j DROP
You can also do this a little bit high level for example if you are using nginx you can use this directive:
http://nginx.org/en/docs/http/ngx_http_access_module.html#deny
That's not worth it.
Use some IP database, and only block Chinese IP address in Jiangsu, Zhejiang, Fujian and Shanghai. This should be more than enough.
I personally am ashamed with what they have done.
May be useful: http://www.parkansky.com/china.htm
http://xtables-addons.sourceforge.net/
http://people.netfilter.org/peejix/geoip/howto/geoip-HOWTO-3.html
403
You may want to read this:
http://lowendtalk.com/discussion/9668/iptables-block-by-country-performance-hit
I don't see a 403.
I've now tried this as a test:
How about this
Could someone from China test if they can still reach https://cipherli.st?
They are trying to brute force SSH right? I set my box up to only allow me to ssh in if I'm connected to my VPN. Cut down on log noise big time.
Looks like someone is blocking Latvian IP addresses, what a ......
Let me just say this, that list is the biggest shitstain ever.
Install a flexible firewall (I use usually csf+lfd) and do ip block. There are tons of options and tons of tutorials, for blocking specific things
The thread already has a "solution". Your response does not add anything meaningfull, I asked for a specific way to only nlock China, not just " do IP block and search for specific things ".
Russia and Ukraine and Bulgaria and Romania and Latvia and Estonia
Yeahhhhhhhhhhh okay ._.
I am currently using cloudflare. it can block any country you like.
it works for me very well.
Use CSF and put CN in Block country
And I now know you are an idiot.
I am sorry, what's wrong with cloudflare?
Cloudflare doesn't protect your local servers SSH port.
As far as I know cloudflare is just a web ddos protection service. Have you removed direct.yourdomain.com from their DNS? Otherwise it is of no use at all. It does not protect ssh and such.
Get a new IP then use cloufalre and block the your vps ip adress from being reveiled from the guest
Bless the xenophobic, techno-nationalist block lists!
Just block 0/0 and 0::0/0 and be done with it.
why would you want to be blocking china? should be blocking rogue countries such as the united states which often hacks and attacks computer networks.
Probably because of this:
Blocking China seems like a good heuristic to get rid of most wannabe hackers and botnets
Blocking by IP is the poor's man axe and it WILL attract more flies to your dump.
They can use a proxy.
You can move the ssh port or even better, use port knocking.
There are alot of gentleman-like solutions. Don't ban countries for your incompetence. Nope, I'm not from China.
How would blocking China attract more hackers?
It would point out that the sysadmin hasn't heard of proxies. Generally speaking, you should not stand out of crowd or you might attract attention and I'm not sure how 100% up to date your software is.