New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Of course I'm aware they could easily use vpn, proxy etc. if they were really serious (I even assume that most of the attempts from U.S. and European IPs originate elsewhere), but as you said, as long as there are enough low hanging fruits out there and nothing particularly interesting on my systems ...
The GFW is certainly nobody's friend (except the respective regime's), but that doesn't automatically mean it can't also have a few unintended, positive side effects for those on the outside.
@Vienna: We seem to be on the same page here However, GFW alone is definitely not the answer to the problem.
I am from china,I have something to say:
1.Most vps data centers in EU/US,which is very far away from China, people buy cheap vps or order a free service just for testing, or use it to bypass the GFW.China has a large population base, so a small proportion rush in will make you feel a lot of pressure.
2.There is no profit to deal with customers in China? I think a lot of vps vendors especially have datecenter in california had make profit from Chinese,such as bluevm etc.
3.Over the past 20 years, the world economy benefit from China's rapidly growing economy, China with EU/US has a huge trade, Chinese people really like free service, but also willing to pay for services he considers valuable.
4.China's product quality is getting better recent years, you also often buy cheap goods made in China that will save you a lot of money. Chinese people more engaged in low-end hard work so that you can buy cheap goods,they allocated little money but dedication to the labor so you should not complain about Chinese people.
I personally would never block a whole country from access to my servers. However, when the need arises (hacking and abuse primarily) I will block selected IP addresses. That said, it is a fact that most of my IP drops are from a Chinese owned subsets (the second larges is oddly Cox Communications ).
I don't think we are complaining about the Chinese people. Rather the past history of what Chinese people have done.
CSF Auto Blocking, "csf.deny"
Who do we see blocked: CN/China, KR/Korea - Need i say more?
###################################################################
@painfreepc, I am not exactly sure but the 61.147.119.0/24 seems to belong to vpsio. They operate a server in jiangsu within this IP range. fedvps also use this IP range too (as displayed on their website)
1.93.26.210 belongs to BTTE/hsoft, you could try contacting them but I am not sure if they will reply.
In order to prevent most ssh bruteforce attacks, the default port 22 should be changed to something else. These attacks are mainly looking for open port 22 and use a series of user/password combinations.
If some IP ranges are really a problem, you could do a selective block but most IPs are dynamic. In this particular case (BTTE/Hsoft), this is a VPS hosting provider. You can block this range as most legitimate visitors would not come from there.
Looking at my cPHulk emails and checking my brute logs, I can see quite a large variance in originating location. Yes China has a lot, but as does Ukraine, Sweden, Spain, Italy, UK, US, Serbia and the list goes on.
It's to be expected that there will be more from China because the ratio of people in China to the UK is a lot higher (1 UK person for every 21 Chinese people). So this means we should expect 21 Chinese brute force attempts for every 1 from the UK (obviously ignoring percentage of age, ability to use computers and so on).
Likewise for the US the ratio is 1:4 so there should still be 4 Chinese attempts for every 1 US.
However, I do agree that to an extent Chinese people are more adapted to computer use but I still think people are jumping the gun and assuming ALL Chinese people are hackers.
@deployvm
ssh is still set to port 22 as i am testing Fail2ban with CSF on DigitalOcean
@OkieDoke
I Don't think all Chinese people are hackers.
@OkieDoke not stating that every chinese person is a hacker. But it is true that most (atleast on my servers) hack attemps come from cn controled ip space.
And allot for me come also from russia and usa. And in some instances usa access is blocked also.. its just where the major portions of the attacks originate that gets blocked. Also when its just a local company offering local serviced then there is no real use to allow ips from abroad.. just lowering the chance of a succesfull attack
As I said, we do not block anything, we do consider our customers need to protect themselves and they know what they are doing, being a nanny against their will is not going to help anyone.
We also have quite a few chinese customers (though, there is a problem with ping), it is true they probably costed us more than the money they brought but, besides serving a quality product, it is best to do it without making any prejudgements. We even allow people from Chile, Peru, Brazil, and still, compared to many other DCs and ranges out there (hint, hint !), ours are considerably cleaner.
It is a problem, I know, but a global provider cannot be global if only one country is excluded. After all, what kind of work are we doing if we cannot handle abuse as it comes ?
The Internet is a bad place, we have to learn and adapt.