/gulag/ - Meta

Meta Board. Where you belong

catalog
Mode: Reply
Name
Subject
Message

Max message length: 8192

Files

Max file size: 80.00 MB

Max files: 5

E-mail
Password

(used to delete files and postings)

Misc

Remember to follow the rules


If you have questions or need answers you can contact the leftypol staff through matrix @ https://app.element.io/#/room/!RQxdjfGouwsFHwUzwL:matrix.org

(121.64 KB 971x836 block china you incompetent.png)
Blocking Chinese IPs is one of the first things you learn in website adminstration 101 Anonymous 10/19/2020 (Mon) 20:55:19 No. 7884
How politically correct and/or incompetent do you have to be to not block all Chinese IPs which you've admitted are the main botnets in the DDoS attack? Literally nobody from China posts here other than proxies and VPNs located in China. 4chan and 2chan blocked all Chinese IPs (except Hong Kong) many years ago for DDoS reasons too. https://mattwilcox.net/web-development/unexpected-ddos-blocking-china-with-ipset-and-iptables >My logs showed requests for services and URLs that had nothing to do with my server, including an awful lot of BitTorrent URLs. Checking the geolocation of the requesting IPs showed they were all inside China. As Craig's post covered – it looks a lot like there's a mis-configuration with China's state controlled firewall, and people's normal traffic is sometimes being sent to entirely the wrong servers. Almost 27Mb/s out is roughly 95 times greater than normal for that server – close to two orders of magnitude increase, and I didn't like that – I could imagine this getting worse rapidly. >As Craig discusses, there's really no option but to block everyone from China. Unfortunately for me, I wasn't using ipfw as a firewall so I couldn't follow his advice. Having finally figured out how to do this I thought I'd write a step-by-step guide assuming you've not got a firewall already set up. https://www.sitepoint.com/how-to-block-entire-countries-from-accessing-website/ >Here is a screenshot of Awstats telling me that China is responsible for the second-largest volume of traffic to a certain web forum I manage. This is just for January 2015. >I also happen to know that 99% of all brute force user password hack attempts are from Chinese IP addresses. Approximately 50 to 100 brute force attempts at ‘guessing’ the passwords to legitimate user names comes from Chinese IP addresses every day on this site. >The difference between 1.9 million pages and 134,000 pages is pretty large, and 1.86GB of bandwidth is not the end of the world. But when I know that 99% of it is bogus, bots, brute force hacks, vulnerability scanners, and web crawlers, then why wouldn’t I just block China from accessing my site? https://www.reddit.com/r/sysadmin/comments/6ldngf/do_you_block_all_chinese_ip_addresses/ >We block China, Russia and Ukraine from our main websites. The majority of attempted attacks were identified as coming from those countries. Also crawlers from those countries like Yandex and Sogu were hitting us hundreds of thousands of times per day or more - not obeying robots.txt most of the time and just costing us a bunch of money for nearly zero return traffic. It was an easy decision to make. >It's a low effort, ham-fisted way of mitigating security threats. It's not very effective, but it does cut down on log spam. >By blocking Russia and China we eliminated over 99% of our failed authentication attempts. That seems effective to me. >I gotta say, the majority of hack attempt on our WHM server are from China still >Eh, of the top 10 IPs attempting brute force SSH in my logs currently, China is two and Russia is one of them. I feel like it does remove some of the spam, but not nearly as much as you'd think anymore. >At the firewall I block China, Russia and half dozen other IP ranges from countries that I see malicious traffic from. Users have never complained or noticed. If not stopping a targeted attack by it does help with low hanging fruit. https://www.reddit.com/r/sysadmin/comments/3sadc9/those_of_you_who_block_countries_which_ones_are/ >Russia and China are high on our malware and phishing. >China are the most obvious ones. Usually don't even hide they are "testing" usernames and passwords. IPs and organizations from Russia and middle east usually only turn up after some digging. >My FTP DMZ Server used to get hammered for access from China, it had no DNS name out there, only a few clients who knew the IP address could access it. https://www.reddit.com/r/China/comments/99apdw/do_foreign_websites_ban_chinese_ips/ >Yeah, if you go on r/sysadmin, you'll see mentions of how some will block entire IP blocks from Russia and China because of malicious requests. https://www.reddit.com/r/Magento/comments/5qcwtt/how_can_i_prevent_bots_from_china_crawling_our/ >We currently use cloud flare and block all Chinese traffic. It's very heavy handed but inconveniencing a few genuine visitors to deal with the onslaught was well worth it for us. Originally we had tried quite a few rules inside robots.txt to stop the bots and also some inside htaccess, but the cloud flare solution was easiest and most effective option for us >There's three ways to tackle this. As /u/PoorLummox mentioned you can use Cloudflare and block china. Alternatively, if you use nginx, you can install / run the geoip plugin and block either all requests or just POST requests. The final way is you can install csf firewall and there's a section that allows you to block countries by using the two letter ISO code. Each method has it's pro's and con's depending exactly what you want to achieve.
>>1013997 Was done, as you can see it didn't work
>>7885 Now block Indonesia and Thailand too. Thailand has one of the lowest English proficiencies in the world and Indonesians are Muslim and anti-communist and never post here.
Dengists i agreeing
>>7886 would rather do US, they are evangelicals and extremely anti-communist and do post here, which is even worse
>>7888 Burgers are at least a plurality here and most (I expect) aren't like that. It would be funny for mods to ban all burger IPs for a day though.
>>7890 Uphold and defend Marxism-Leninism-Pompeoism against the traitorous CCP!
>>7884 Lmao one of the first things we did. No backseat driving.
>>7892 He lives!

Delete
Report

no cookies?