Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Any idea how to block access from Iran
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Any idea how to block access from Iran

pkrpkr Member

Iranian attackers/generals are constantly bombarding my VPS in Germany. I have blocked the whole country in CSF, but CSF is not able to block all accesses from Iran. Any idea how to block Iranian attackers?

Comments

  • Iran, iran so far away

  • Rather trying to block using country IP which is not always effective as you have found. How about using additional block lists like Ipsum or AbuseIP.

  • KermEdKermEd Member
    edited January 2020

    If it's Iran and you keep having issues, you can use AWAY service like I did - it's completely free and certain to work.

    ... Iran AWAY har har har

  • pkr said: bombarding

    Have you try ufw and CIDR blocks?

  • pkrpkr Member

    I have used CC_DENY to block the whole country. It has minimized the attack, but not all accesses from Iran are blocked.

  • @pkr said:
    I have used CC_DENY to block the whole country. It has minimized the attack, but not all accesses from Iran are blocked.

    Do you mean some Iranian living elsewhere, like North America, are trying to gain access to your VPS? How do you know that they are Iranian?

    Thanked by 1Clouvider
  • i had same issue with my servers at hetzner, ips from iran 46.38.144.XXX 24/7 doing brute-force attacks.

    I used CC_DENY with db-ip, ipverse, iptoasn as source (CC_SRC) and wasn't blocking everything, so i switched to maxmind and now blocks all countrys well.

  • pkrpkr Member

    @chihcherng said:
    Do you mean some Iranian living elsewhere, like North America, are trying to gain access to your VPS? How do you know that they are Iranian?

    Before blocking Iran, ~99% IPs used for the attack were from Iran.

  • AbdussamadAbdussamad Member
    edited January 2020

    how are they bombarding your server? What services are they trying to access? you can use fail2ban to throtle their access but it won't work if they keep cycling ip addresses.

    Note that just because the IP maps to Iran doesn't mean it's iranians doing it. Botnets can marshal infected PCs in any country.

  • What type of attack is it?
    Are they hackors, crackors or lamors?

  • ViridWebViridWeb Member, Host Rep

    You should reach out to Trump :wink:
    Just kidding.. anyway which kind of attacks you are facing? DDoS?

  • defaultdefault Veteran
    edited January 2020

    Hm... let them brute-force my servers. If they find the usernames and passwords, it's is my fault.

    What if they gain access to Trump computer and accidentally launch all the nukes and diseases? Putin still uses Windows XP, maybe Trump is using Windows 98.

    Thanked by 1yoursunny
  • chihcherngchihcherng Veteran
    edited January 2020

    @pkr said:
    Before blocking Iran, ~99% IPs used for the attack were from Iran.

    Hackers don't want to get caught. It's stupid to attack someone from their own IPs. They will use Tor or compromised computers to hide their locations. On the contrary, hackers from the enemy of Iran are more likely to use Iran's IPs to perform network attacks.

  • raindog308raindog308 Administrator, Veteran

    pkr said: Iranian attackers/generals

    "Sir, we have an urgent meeting to discuss our upcoming missile attacks. We also need to review the drone program, and the navy is here to talk about the Strait of Hormuz."

    "They'll have to wait. I'm trying to hack into this low end VPS..."

  • Try block using cloudflare.

  • Hetzner_OLHetzner_OL Member, Top Host

    @donko said:
    i had same issue with my servers at hetzner, ips from iran 46.38.144.XXX 24/7 doing brute-force attacks.

    Could you please report this to our abuse team? https://abuse.hetzner.com/issues/new?lang=en Thanks in advance for your help! --Katie

    Thanked by 1donko
  • Try Cloudflare or otherwise Blockscript.

  • @marvel said:
    Try Cloudflare or otherwise Blockscript.

    I don't think cloudflare can protect an ip

  • illyhostingillyhosting Member, Host Rep

    Maybe CSF doesn't have all Iran ip addresses in their database, the most updated database of ip addresses is MaxMind, download the db, you will find all Iran ip addresses there, grab the ranges and put in CSF.

  • illyhostingillyhosting Member, Host Rep

    @yokowasis said:

    @marvel said:
    Try Cloudflare or otherwise Blockscript.

    I don't think cloudflare can protect an ip

    When using CloudFlare you don't have to worry about protecting your server they have built in mechanisms that will protect you from attacks but the bad of CloudFlare is that they don't support many ports and protocols.


  • You should try Cloudflare =)

  • Do you have the latest list of IP address blocks from Iran?

    IP2Location provides free list in https://www.ip2location.com/free/visitor-blocker

    You can export and update it monthly to make sure you have the latest ranges.

  • +1 for Cloudflare

Sign In or Register to comment.