←back to thread

Ban me at the IP level if you don't like me

(boston.conman.org)
597 points classichasclass | 1 comments | 25 Aug 25 04:23 UTC | HN request time: 0.308s | source
Show context
lwansbrough ◴[25 Aug 25 05:55 UTC] No.45010657[source]
We solved a lot of our problems by blocking all Chinese ASNs. Admittedly, not the friendliest solution, but there were so many issues originating from Chinese clients that it was easier to just ban the entire country.

It's not like we can capitalize on commerce in China anyway, so I think it's a fairly pragmatic approach.

replies(6): >>45010748 #>>45010787 #>>45010871 #>>45011590 #>>45011656 #>>45011732 #
snickerbockers ◴[25 Aug 25 08:40 UTC] No.45011656[source]
Lmao I came here to post this. My personal server was making constant hdd grinding noises before I banned the entire nation of China. I only use this server for jellyfin and datahoarding so this was all just logs constantly rolling over from failed ssh auth attempts (PSA: always use public-key, don't allow root, and don't use really obvious usernames like "webadmin" or <literally just the domain>).
replies(3): >>45011723 #>>45011753 #>>45012709 #
Xiol32 ◴[25 Aug 25 08:50 UTC] No.45011723[source]
Changing the SSH port also helps cut down the noise, as part of a layered strategy.
replies(2): >>45011829 #>>45011841 #
azthecx ◴[25 Aug 25 09:08 UTC] No.45011841[source]
Did you really notice a significant drop off in connection attempts? I tried this some years ago and after a few hours on a random very high port number I was already seeing connections.
replies(2): >>45013660 #>>45019777 #
1. nullc ◴[25 Aug 25 22:16 UTC] No.45019777[source]
In my experience can cut out the vast majority of ssh connection attempts by just blocking a couple IPs. ... particularly if you've already disabled password auth because some of the smarter bots notice that and stop trying.