I just ran an analysis of my firewall logs from Jan 1, 2005 through Mar 31, 2005. And to my astonishment 92.3% of all port scanning, dictionary attacks, SYN flooding, slamming, DOS Attacks, and other illicit activity originated from China, Korea and other Asia-Pacific regions.

I'm not sure if this is an indication of general lack of effective law enforcement in that part of the world or lack of knowledge on behalf of ISP administrators that are responsible for monitoring their networks for abuse. On many occasion I have filed complaints to the ISPs that have resulted in no action at all. I'm seriously considering blocking several class B portions of IP address space assigned to those countries/ISP's.

What is the right thing to do? Continue to spend time/money on wasted bandwidth, CPU cycles and firewall block lists and possibility of security breach or just block an entire region completely. From my business perspective the later is more attractive, since I do not do business with people in that region. But from the human side I would hate to deny access to 1000's of innocent people looking for whatever information they need.

That's always a tough call. As far as "denying innocent people access"...what kind of information are you hosting that they would need? If you aren't doing business in that region, then I don't think it would be a big deal to block it.

The thing that makes me sort of cringe is when I see a statement on someone's order form that says "we don't do business with the following countries: vietnam, brazil, etc..."

Of course even the big companies in many industries do that sort of excluding for various reasons, maybe it's due to currency, logistics, or insurance liability, etc. However, usually those types of companies list the countries they DO business with rather then the handful of expressly prohibited ones. The reason I feel awkward when I read an excluding statement on a web hosting company's site is because you know the reason why they're doing it. They are intentionally excluding an entire country of people based on the reputation of a handful of bad people known for fraud and abuse. Of course a company typically has every right to make such judgements, but like I said...I think it just feels weird and probably even more so from the consumers point of view.

On the other hand, if you can block certain regions at the server level by IP range, I think that's fantastic because then nobody needs to know your reasons, or that you're even doing it intentionally.

I have been tempted on SOOOO many occasions to just ban all of APNIC and be done with it, but that sure is a lot of ips to ban, but seems like every attempted fraudulent order, every time a formmail is abused, etc, it seems like the lions share of traffic is from those IP ranges, seems like a LOT of the incoming spam is too.

But as I said that sure is a lotta the world to block, but I do admit, I have a good portion of those ips blocked from my order forms, the handful of orders I'd get legimitately from countries like Indonesia and Korea is FAR outweighed by the 3 or 4 handfuls of fraud orders I block by simply blocking the whole darn country from my order forms....

it's not fair for legit surfers from Asia region but if you feel the need to do so then go for it.

Same here, too... Almost all abuse comes from China. I am considering not to accept chinese customers anymore because way more than 50% of all orders are abuse.

China is difficult because Chinese ISPs in my experience don't bother to answer to abuse reports (to be fair, the larger half of US ISPs don't bother neither), and at the same time if they react and catch a hacker and then execute it, how would I feel? In that case, I'd have caused the death of a human being over something so trifling in comparison that I'd feel like a murderer. Luckily I didn't have much probs with this kind of people after stopping free hosting two years ago and after that adding some advanced firewall stuff and moving SSH to another port.

At any case, putting all of Asia/Pacific into one category is not exactly smart - China is one thing, South Korea/Japan/Taiwan is another thing. While China has its share of weird things, OTOH the high amount of abuse coming from the other countries mentioned here might be at least partially because these are high-tech countries where virtually everybody owns a computer, more so than in the US or Western Europe. Few people know that South Korea has the highest percentage of broadband access in the population, way above the US. They are also on the second place worldwide in the amount of spam sent out into the world (after the US which still sends out roughly 3x as much spam, never forget that). AP might be a worse-than-average part of the world in terms of cybercrime, but so is Northern America - still none of you would think about blocking that too, right? At least none of you from the US/Canada... I'm living in Europe/Switzerland and see things you don't, like how many large Swiss ISPs and mail providers reacted to the fact that more than half of all spam comes from the US: they block that part of the world as far as incoming mail goes, using a mail server located in a typical US datacenter these days gives you a very high chance that your mails sent through your server will never reach people on large Swiss mail services. Before you decide to block the whole AP region for the reason you stated above, you might want to take this example into consideration, sit down for a minute and think about where it all would lead. If you still feel you want to block off "the Vietcong" from accessing your US servers, go ahead but don't be surprise if some large German, Swiss, French whatever ISPs will one day decide to block off "those damn amies". Tolerance makes the world a better place...

I don't block that many ips from my servers, we use the dshield blocklist and our own in house list of ips that have pissed me off, and that's it.

But my ORDER FORMS have a huge .htaccess list which includes quite a bit of APNIC's address space, romania indonesia and others.

Originally posted by Dixiesys
I don't block that many ips from my servers, we use the dshield blocklist and our own in house list of ips that have pissed me off, and that's it.

But my ORDER FORMS have a huge .htaccess list which includes quite a bit of APNIC's address space, romania indonesia and others.

You realize that publically available lists of highly anonymous open proxy servers will cause what you do there to be almost completely useless in theory?

Yes, blocking IP's is completely useless.

in third world countries, it is usual lack of law implementation, technical expertise and many poor ready to take orders from rich west to run spam servers or host anything that is not possible in west.

whenever i describe 3rd world countries, i envision the "heroic" science fiction movies made by west where they show how machines rule the world but when a hero wishes to combat those machines, he goes to underground 3rd world stricken with poverty and lack of knowledge and find friends with them, not with "machines".

Hello GrindKore,

If I were you I would go ahead and carry through with what you want to do. I will be doing the same when configuring my rule sets before I even launch my business. I don't have any intentions on doing business with them. However, if you have any cogitations on doing business with individuals from Asia than that's a different story.


You realize that publically available lists of highly anonymous open proxy servers will cause what you do there to be almost completely useless in theory?


I strongly doubt 2 billion asians will be using anonymous proxy servers on a daily basis.

Originally posted by unixparse
I strongly doubt 2 billion asians will be using anonymous proxy servers on a daily basis.

You're right... the honest 99%+ of them will use straight IPs and be blocked from your servers. Only the few crooks whom you try to block out will use proxies or other methods. :P

Only the few crooks whom you try to block out will use proxies or other methods.


Hahaha :rofl: :rofl: 100% security is impossible. There will always be security breaching. No matter how much Security Auditing is done, there is always a possibility/risk.

I'm thinking of blocking the same region for my free image hosting site. Around 85% of the bandwidth is coming from China and its almost all porn. It's a hassle to go through it and delete it all off of the server. It seems like an easier solution just to block that whole region (APNIC)

Originally posted by thomas.smith
Yes, blocking IP's is completely useless.

not really, look at it from the eyes of the hacker/fraudster.

i try to connect to sitea, it doesnt work, im not going to then find a proxy, connect to it, then goto sitea, im just going to try siteb, hey siteb worked! ill just sign up with these people and spam from their server!

its much eaiser to goto siteb than to find a proxy, then config your browser to go thru the proxy, to goto sitea

so i wouldnt say blocking ips is completely useless, only a partial hurdle...

i ordered a domain name before with ev1servers and then went to renew it after its year.. to my suprise i was blocked from renewing.

emailed support.. apparently they blocked 203.* and wouldn't allow my IP, best thing they said to do is to sign up using a proxy, heh, asif i'm going to go out of my way to find a proxy that works anyway.

conclusion.. i transfered my domain right away from them, so they lost a customer.

so just watch if you are banning certain IP's, you might hit a country like Australia or Singapore where I'm sure you would get great paying customers all the time.

Those of you saying your going to block the entire APNIC range might want to think about the fact that APNIC includes numerous other countries. It includes such countries as Australia and New Zealand.

Considering that this post is in a Running a Webhosting Business I am assuming that you are talking about blocking access to all of your servers from all APNIC Addresses. What happens when your clients realise that none of these people can access your servers.

Also as was previously mentioned most spammers and the like do use Anon Proxies on a regular basis. Therefore they will still be there. You are just knocking out all the other poor innocent people.

But hey if you all want to go and block APNIC I'm all for that. When your clients start complaining about no body being able to access their website from APNIC region they are going to be looking for another host and I'll be more then happy to look after them.

Blocking entire APNIC is defiantly a bad idea. Instead I'm currently compiling worst offender list of several ISP's in China and Korea and will block their class B ranges for a while. I'm approaching this purely from statistical standpoint, I have narrow class B range that's causing over 90% of all hack attempts.

Originally posted by LP-Trel
You realize that publically available lists of highly anonymous open proxy servers will cause what you do there to be almost completely useless in theory?

I can count one hand the # of fraud orders I've gotten in the last couple years, I don't care what part of what I'm doing that works, it works, nuff said :D Is it the large tracts of APNIC in my .htaccess for my order forms? Hell I dunno, is it the IP Country to Card country comparison? Again I dunno, all I know is I get few orders that make it through my system that are fraud, and I don't care which piece of the system is "working" as a whole it's working and that's enough for me :)

could anyone tell me why is PAKISTAN being blocked by many important online e-commerce companies from doing any kind of critical transactions like registring a domain or pay for hosting? do we have to become 100% NUDIST nation or a state that beleives in man-to-man marriages or have at least ONE disco or night club in each street to conform to their rules?:angry:

it is a CLEAR act of violation of United Nations International rules of doing business amongst its member states.

Amir

I could imagine if countries that are known for high fraudulent online orders would implement better laws to protect honest businesses that this would change.

Until then it is very common for many online businesses not to take ANY order from anyone who is a resident of these countries. Kinda sad but a business cannot risk to become victim of fraud that easily.

And there is actually no disco even close to where I live. ;)

Christoph

Originally posted by TheFish
Amir

I could imagine if countries that are known for high fraudulent online orders would implement better laws to protect honest businesses that this would change.

Until then it is very common for many online businesses not to take ANY order from anyone who is a resident of these countries. Kinda sad but a business cannot risk to become victim of fraud that easily.

And there is actually no disco even close to where I live. ;)

Christoph

Chris,

I want to escalate this issue further into a proper place where such online businesses can be fined or stopped from doing business. if they block IP traffic from Pakistan, why do they still get money from Pakistanis in shape of bank transfers, TT, some friend in west helping them to pay off, etc?

I have to go through such pains myself on a daily basis as my bread and butter depends on such online businesses. I know how much time and energies go wasted into such things. Here, politicians are impossible to convince about any kind of legislation, and even though they implement anything, it is on paper only as it is one of the world's top-10 CORRUPT nation. we are independent since 50 years, but still we are evolving far to be called "mature" enough.

However, i still believe, the genuine online business should not suffer due to the fraudulent activities of a few students or hackers. Pakistan is not the only nation having such evils, there are many developed nations having this problem, but no one BLOCKS ip traffic from them. that is pure hypocrisy by these online companies in west treating us Pakistanis differently.

please advise me what to do as it is a serious matter and a far far cry from the so-called "GLOBAL VILLAGE" community feeling :bawling:

I did come across one website in the USA once which if memory serves, was a place selling camping supplies. They blocked the entire RIPE (ie, all of Europe) from accessing their website. They had a message popup that was something along the lines of:


You appear to be using the RIPE ISP. Due to high levels of abuse and fraud from this ISP we have blocked access to this site. We recommend you find another ISP if you wish to purchase from us


Ripe is an ISP? :) I let Ripe know about it at the time and they where just as amazed as I was.

Thanks,
Alan.

What some of the people forget here is that US citizens from US IPs are quite a substantial part of all the cybercrime worldwide, but they do it against targets outside of the US for the very obvious reasons - ever heard in the news of a case where the government came down on a US-based cyber-terrorist who attacked countries like China, Russia, Korea or Iran? No, the US government and military themselves have similar plans...

Add to this that more than half of all spam originates from the US, and nearly all of the world's most hated spam kings are Americans.

Add to this that many US providers have no prob with hosting racist and even nazi websites, which is forbidden by the law in most Western European countries.

So what? If Europeans would react as discriminatingly as some of you guys here do, US cyberspace would be shored off from Western Europe by now - not on the level as you do it now, an ISP or two, but on the governmental level. Do you have an idea how many US based providers would go bankrupt and for how many others going on would be tough? Some of you guys here showed plainly that you don't care about ethical reasons, but I'd guess you care at least about your financial income enough to consider things before setting an example that might be applied against you as well.


BTW as an aside, APNIC IPs cover among other countries the ones with the strongest economy on this planet and the leading edge in technological advance. :P

Originally posted by aatayyab
Chris,

I want to escalate this issue further into a proper place where such online businesses can be fined or stopped from doing business. if they block IP traffic from Pakistan, why do they still get money from Pakistanis in shape of bank transfers, TT, some friend in west helping them to pay off, etc?

Ain't no law says a business HAS to do business with someone, you can't force someone to do business with someone else if they just don't want to, the exceptions of course are when the "discrimination" is racial, age based, or in some cases, sex based, meaning I can say "I don't take orders from people in Nashville" and hey, if you're from the country music capital then you're just out of luck, but if I say "I don't take orders from women" then I might get in trouble, of if I say "I don't take orders from people over 50" I'd probably get in some trouble too, and oh god forbid I said "I don't take orders from hispanics" goodness would the crap hit the fan then.

But even then I don't think it's "illegal" to refuse to do business even on those factors (I'm really only hurting myself).

So if you find someone who won't do business with you due to your nation (Pakistan) then find someone who will, or use a Pakistani based business (surely to goodness there are some Pakistan based web hosts/etc).

Originally posted by Dixiesys
Ain't no law says a business HAS to do business with someone, you can't force someone to do business with someone else if they just don't want to, the exceptions of course are when the "discrimination" is racial, age based, or in some cases, sex based, meaning I can say "I don't take orders from people in Nashville" and hey, if you're from the country music capital then you're just out of luck, but if I say "I don't take orders from women" then I might get in trouble, of if I say "I don't take orders from people over 50" I'd probably get in some trouble too, and oh god forbid I said "I don't take orders from hispanics" goodness would the crap hit the fan then.

But even then I don't think it's "illegal" to refuse to do business even on those factors (I'm really only hurting myself).

So if you find someone who won't do business with you due to your nation (Pakistan) then find someone who will, or use a Pakistani based business (surely to goodness there are some Pakistan based web hosts/etc).

yeah..... sadly, you are right :bawling: