New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
You might want to look into services like AbuseIPDB, which offers a free tier to check IP reputation. Also, implementing rate limiting in Nginx can help mitigate unwanted traffic.
@DeadlyChemist
What happens when a bad actor within Germany starts hitting your endpoints?
If I were you, I would try to minimize over engineering and keep code base and os updated.
You already acknowledged that the auth is pretty secure.
yum install nginx-module-geoip
check whether module is available
find / -name ngx_http_geoip_module.so
Edit nginx.conf file,something like below format
user root;
worker_processes 1;
worker_rlimit_nofile 65535;
load_module modules/ngx_http_geoip_module.so;
http {
......
geoip_country /etc/nginx/GeoIP.dat;
map $geoip_country_code $allowed_country {
default no;
DE yes;
}
.....
}
server{
......
if ($allowed_country = no) {
return 444;
}
......
}
For GEOIP,you can download from here:
https://mailfud.org/geoip-legacy/
ok, this is probably WAY overkill, but because of the fairly broad subject, peeps looking for info about IP blocking might find this useful.
cymru has a beautiful, free, ip blocklist of bad actors. they'll even BGP peer with you so it gets automagically updates
https://www.team-cymru.com/bogon-reference-http
https://www.team-cymru.com/bogon-reference-bgp
emergingthreats is the OG blocklist. worth knowing about.
https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt
pi-hole has taken over the lowend consumer side of this with a slew of ip and domain blocklists built-in.
https://pi-hole.net
searching 'blocklist' on github yields a slew of useful ip and domain-based blocklists, some of which are even part of commercial products these days.
just using dnsmasq with some of these blocklists keeps a lot of the cruft at bay...
hope this helps!
thanks !
(i dont want to do rate limiting, but i'll try to limit ips)
i wish the bad actor good luck, because he'll need it
worst case the LXC breaks and needs to be rebooted...
my code is dead simple
to enter unauthorized all you need is a paperless exploit, and in some cases german IP (or other country, depends on my friend)
or brute force a username and password (hint, it's not admin-admin)
will pass, i dont want to mess with nginx proxy manager gui too much
will chek it out, im not doing BGP, im just trying to keep my setup very simple
you don't need bgp. you can just use the list (from the first link - plain text available via http - think wget or curl for automation and updates) and null route all those addresses.
or block them with firwall rules. (or cloudflare waf, or iptables, or whatever is easiest for you.)
the philosophy being: you KNOW they are bad actors. why wait until they try to connect? block them BEFORE they can even connect to your host.
I maintain a project called GetIPIntel. You can block VPN, proxy and bad IPs with it. The API is open and simple to use. If you just want to block all non-german IPs, there's a simpler solution using cloudflare's geolocation header. If you go with the geolocation blocking route, someone can buy a service from a server provider in Germany and bypass your geolocation restriction.
will check it out ! thanks!!
i dont turt myself that much with networking....
beeing honest here, but returning a 403 is enough for me...
Yeah, I would like to know how to block an entire country using CrowdSec as well. So far I have not touch its API, just ban entire ASNs and ranges using import function.