Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Block China from a VPS
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Block China from a VPS

RaymiiRaymii Member
edited August 2014 in General

What would be the best way to block China from a VPS? As in, f them all, stupid brute-forcers. iptables? Any ideas?

Nothing against chinese people, however 99% of the shit that passess by is from China. Take this recent honeypot for example: http://213.187.240.29/ - China all over the place.

EDIT:

curl -s http://www.okean.com/sinokoreacidr.txt | awk '{print " route add blackhole "$1}' | xargs -L 1 ip
«1

Comments

  • Most probably there are no way except block with GeoIP. You can generate rules for Iptables / ipset. There are some scripts on the internet for this.

  • peetscottpeetscott Member
    edited August 2014

    You can use the GeoIP List from MaxMind and simply filter out the China ip blocks and then use iptables to block it...

    eg. iptables -A INPUT -s 0.0.0.0/24 -j DROP

    You can also do this a little bit high level for example if you are using nginx you can use this directive:

    http://nginx.org/en/docs/http/ngx_http_access_module.html#deny

  • That's not worth it.

    Use some IP database, and only block Chinese IP address in Jiangsu, Zhejiang, Fujian and Shanghai. This should be more than enough.

    I personally am ashamed with what they have done.

  • @Makenai said:

    I don't see a 403.

  • I've now tried this as a test:

    curl -s http://www.okean.com/sinokoreacidr.txt | awk '{print " route add blackhole "$1""}' | xargs -L 1 ip
    
  • How about this

    apt-get install -y xtables-addons-common
    iptables -I INPUT -m geoip --src-cc CN,TW,KR -j DROP
  • Could someone from China test if they can still reach https://cipherli.st?

  • CharlesACharlesA Member
    edited August 2014

    They are trying to brute force SSH right? I set my box up to only allow me to ssh in if I'm connected to my VPN. Cut down on log noise big time.

  • MakenaiMakenai Member
    edited August 2014

    @sundaymouse said:
    I don't see a 403.

    Looks like someone is blocking Latvian IP addresses, what a ......
    Let me just say this, that list is the biggest shitstain ever.

  • Install a flexible firewall (I use usually csf+lfd) and do ip block. There are tons of options and tons of tutorials, for blocking specific things

  • @jvnadr said:
    Install a flexible firewall (I use usually csf+lfd) and do ip block. There are tons of options and tons of tutorials, for blocking specific things

    The thread already has a "solution". Your response does not add anything meaningfull, I asked for a specific way to only nlock China, not just " do IP block and search for specific things ".

  • rm_rm_ IPv6 Advocate, Veteran
    edited August 2014

    Get up-to-date list from http://www.wizcrafts.net/russian-blocklist.html

    Russia and Ukraine and Bulgaria and Romania and Latvia and Estonia

    Yeahhhhhhhhhhh okay ._.

  • I am currently using cloudflare. it can block any country you like.
    it works for me very well.

  • Use CSF and put CN in Block country

  • MunMun Member
    edited August 2014

    @webflier said:
    I am currently using cloudflare. it can block any country you like.
    it works for me very well.

    And I now know you are an idiot.

    Thanked by 1MorningIris
  • I am sorry, what's wrong with cloudflare?

    Mun said: And I now know you are an idiot.

  • MunMun Member

    @webflier said:
    I am sorry, what's wrong with cloudflare?

    Cloudflare doesn't protect your local servers SSH port.

  • @webflier said:
    I am sorry, what's wrong with cloudflare?

    As far as I know cloudflare is just a web ddos protection service. Have you removed direct.yourdomain.com from their DNS? Otherwise it is of no use at all. It does not protect ssh and such.

  • ad0ad0 Member

    Get a new IP then use cloufalre and block the your vps ip adress from being reveiled from the guest

  • @Makenai said:
    Let me just say this, that list is the biggest shitstain ever.

    Bless the xenophobic, techno-nationalist block lists!

  • Just block 0/0 and 0::0/0 and be done with it.

  • why would you want to be blocking china? should be blocking rogue countries such as the united states which often hacks and attacks computer networks.

    Thanked by 2Makenai howardsl2
  • TarZZ92 said: why would you want to be blocking china?

    Probably because of this:

    Blocking China seems like a good heuristic to get rid of most wannabe hackers and botnets

  • Blocking by IP is the poor's man axe and it WILL attract more flies to your dump.

    They can use a proxy.
    You can move the ssh port or even better, use port knocking.

    There are alot of gentleman-like solutions. Don't ban countries for your incompetence. Nope, I'm not from China.

    Thanked by 1HostNun
  • Blanoz said: Blocking by IP is the poor's man axe and it WILL attract more flies to your dump.

    How would blocking China attract more hackers?

  • @gsrdgrdghd said:
    How would blocking China attract more hackers?

    It would point out that the sysadmin hasn't heard of proxies. Generally speaking, you should not stand out of crowd or you might attract attention and I'm not sure how 100% up to date your software is.

Sign In or Register to comment.