←back to thread

Ban me at the IP level if you don't like me

(boston.conman.org)
597 points classichasclass | 1 comments | 25 Aug 25 04:23 UTC | HN request time: 0s | source
Show context
lwansbrough ◴[25 Aug 25 05:55 UTC] No.45010657[source]
We solved a lot of our problems by blocking all Chinese ASNs. Admittedly, not the friendliest solution, but there were so many issues originating from Chinese clients that it was easier to just ban the entire country.

It's not like we can capitalize on commerce in China anyway, so I think it's a fairly pragmatic approach.

replies(6): >>45010748 #>>45010787 #>>45010871 #>>45011590 #>>45011656 #>>45011732 #
snickerbockers ◴[25 Aug 25 08:40 UTC] No.45011656[source]
Lmao I came here to post this. My personal server was making constant hdd grinding noises before I banned the entire nation of China. I only use this server for jellyfin and datahoarding so this was all just logs constantly rolling over from failed ssh auth attempts (PSA: always use public-key, don't allow root, and don't use really obvious usernames like "webadmin" or <literally just the domain>).
replies(3): >>45011723 #>>45011753 #>>45012709 #
Xiol32 ◴[25 Aug 25 08:50 UTC] No.45011723[source]
Changing the SSH port also helps cut down the noise, as part of a layered strategy.
replies(2): >>45011829 #>>45011841 #
dotancohen ◴[25 Aug 25 09:06 UTC] No.45011829[source]
Are you familiar with port knocking? My servers will only open port 22, or some other port, after two specific ports have been knocked on in order. It completely eliminates the log files getting clogged.
replies(1): >>45013771 #
davsti4 ◴[25 Aug 25 13:44 UTC] No.45013771[source]
I've used that solution in the past. What happens when the bots start port knocking?
replies(2): >>45014040 #>>45014541 #
1. GuinansEyebrows ◴[25 Aug 25 14:09 UTC] No.45014040{3}[source]
Fail2ban :)