A few months ago at work when we upgraded a server we inadvertently left port 25 (the SMTP port) open over the weekend. This caused a load of trouble and we wound up on spam lists and the server collapsed under the weight of illicit messages being relayed through it. When we took a look at the logs it transpired that all of that inbound traffic was from the third world - China, India etc. and one suggestion was that we should IP filter based on geography since we have no customers in those territories. The other comment was that perhaps there should be another Internet for those areas of the world. I felt a bit uncomfortable about that attitude until this week - I have had so many people mounting brute force attacks on my server where I host a handful of websites (mostly for charities, and this blog). Typically I notice my connection slow down, my event log fills up and then my router falls over. When I look at the logs I see a single IP address trying to crack the FTP login using a password generator. Guess what - they are ALWAYS from China or Korea so today I took the decision to block from this territories based on IP. Now I know there are always proxies that villains can hide behind but I bet by this time next week my server will be having an easier time of it.
If you want the IP ranges I'm using I've put them in a couple of text files.
chinaIPrange.txt
KoreaIPrange.txt
If you want the IP ranges I'm using I've put them in a couple of text files.
chinaIPrange.txt
KoreaIPrange.txt
No comments:
Post a Comment