Question for server security gurus

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • donnie
    Confirmed User
    • Jan 2003
    • 1630

    #1

    Question for server security gurus

    We have a server that is constantly attacked by Chinese idiots. Is there a way to completely block all IP?s from China reaching the server? I am not only talking about blocking them from the site but completely blocking them from server. So they can?t scan ports, make login attempts etc.

    We are running CentOS 6 on this server if that makes any difference.
  • V_RocKs
    Damn Right I Kiss Ass!
    • Nov 2003
    • 32449

    #2
    Well... most hosts and nice people will tell you not to block entire ip subsets like that... But back when I ran tgp's for a living I used to block them and Russia...

    Easy to do... But you are going to have to google for specific instructions for your server... freebsd? linux? windows?

    Comment

    • facialfreak
      Confirmed User
      • Feb 2005
      • 3018

      #3
      Also keep in mind that as IPv4 IP addresses have become so scarce, that people are selling off their hoarded subnets to the highest bidder, and blocking by GEO-location may not ensure that you are blocking the Chinese hackers.

      I have seen US servers serving Indonesian IPs, and likewise I have seen Chinese servers serving German IP addresses ... as IPv4 addresses become harder to get, IP subnets are ending up in use in all different parts of the world.

      Managed Shared Hosting starting at $4.99/mo
      Managed VPS starting at $29.99/mo


      Comment

      • CurrentlySober
        Too lazy to wipe my ass
        • Aug 2002
        • 38944

        #4
        Unplug your server from the internet - Job done & problem solved..


        👁️ 👍️ 💩

        Comment

        • ladida
          Confirmed User
          • Nov 2005
          • 2179

          #5
          Originally posted by donnie
          We are running CentOS 6 on this server if that makes any difference.
          Originally posted by V_RocKs
          But you are going to have to google for specific instructions for your server... freebsd? linux? windows?
          :facepalm:
          agentGFY *at* gmail.com

          Comment

          • Klen
            • Aug 2006
            • 32235

            #6
            Had same problem with china,resolved it with this:
            http://www.configserver.com/cp/csf.html
            All what you need to do it it's to put CH into country block field and no more chinese on your server.

            Comment

            • BNMedia
              Confirmed User
              • Nov 2009
              • 433

              #7
              I had my host (ISPrime) block Russia using geoip, so yes(ish)
              It doesn't stop them using proxies though!
              ---------------------------------------------------------
              Webmaster of www.kinkykicks.net - Your 1 stop resource for ballbusting and cruel sexual femdom.
              Join our affiliate program at www.cash4kicks.com

              Comment

              • Klen
                • Aug 2006
                • 32235

                #8
                Originally posted by BNMedia
                I had my host (ISPrime) block Russia using geoip, so yes(ish)
                It doesn't stop them using proxies though!
                I have reason to believe if you block russia and china traffic you will reduce like 80% chance to be hacked and have any problem,and while they can use proxies they mostly uses their own ip's and it's all automated.

                Comment

                • rowan
                  Too lazy to set a custom title
                  • Mar 2002
                  • 17393

                  #9
                  Originally posted by KlenTelaris
                  Had same problem with china,resolved it with this:
                  http://www.configserver.com/cp/csf.html
                  All what you need to do it it's to put CH into country block field and no more chinese on your server.
                  CH is actually Switzerland.

                  CN is China.

                  Comment

                  • Klen
                    • Aug 2006
                    • 32235

                    #10
                    Originally posted by rowan
                    CH is actually Switzerland.

                    CN is China.
                    Typo :D

                    Comment

                    • donnie
                      Confirmed User
                      • Jan 2003
                      • 1630

                      #11
                      Originally posted by KlenTelaris
                      Had same problem with china,resolved it with this:
                      http://www.configserver.com/cp/csf.html
                      All what you need to do it it's to put CH into country block field and no more chinese on your server.
                      Thank you so much man!!! Portscans and failed logins dropped like 99% today after I blocked China and Russia with this.

                      Comment

                      Working...