←back to thread

Ban me at the IP level if you don't like me

(boston.conman.org)
597 points classichasclass | 1 comments | 25 Aug 25 04:23 UTC | HN request time: 0.303s | source
Show context
lwansbrough ◴[25 Aug 25 05:55 UTC] No.45010657[source]
We solved a lot of our problems by blocking all Chinese ASNs. Admittedly, not the friendliest solution, but there were so many issues originating from Chinese clients that it was easier to just ban the entire country.

It's not like we can capitalize on commerce in China anyway, so I think it's a fairly pragmatic approach.

replies(6): >>45010748 #>>45010787 #>>45010871 #>>45011590 #>>45011656 #>>45011732 #
snickerbockers ◴[25 Aug 25 08:40 UTC] No.45011656[source]
Lmao I came here to post this. My personal server was making constant hdd grinding noises before I banned the entire nation of China. I only use this server for jellyfin and datahoarding so this was all just logs constantly rolling over from failed ssh auth attempts (PSA: always use public-key, don't allow root, and don't use really obvious usernames like "webadmin" or <literally just the domain>).
replies(3): >>45011723 #>>45011753 #>>45012709 #
Xiol32 ◴[25 Aug 25 08:50 UTC] No.45011723[source]
Changing the SSH port also helps cut down the noise, as part of a layered strategy.
replies(2): >>45011829 #>>45011841 #
azthecx ◴[25 Aug 25 09:08 UTC] No.45011841[source]
Did you really notice a significant drop off in connection attempts? I tried this some years ago and after a few hours on a random very high port number I was already seeing connections.
replies(2): >>45013660 #>>45019777 #
1. Bender ◴[25 Aug 25 13:31 UTC] No.45013660[source]
I use a non standard port and have not had an unknown IP hit it in over 25 years. It's not a security feature for me, I use that to avoid noise.

My public SFTP servers are still on port 22 and but block a lot of SSH bots by giving them a long "versionaddendum" /etc/ssh/sshd_config as most of them choke on it. Mine is 720 characters long. Older SSH clients also choke on this so test it first if going this route. Some botters will go out of their way to block me instead so their bots don't hang. One will still see the bots in their logs, but there will be far less messages and far fewer attempts to log in as they will be broken, sticky and confused. Be sure to add offensive words in versionaddendum for the sites that log SSH banners and display them on their web pages like shodan.io.