Results 1 to 16 of 16
  1. #1
    Join Date
    Jan 2005
    Location
    Shelbyville, TN
    Posts
    118

    How to block the world?

    Hello,

    IM about tired of spam and hackers putting phishing items on my server.

    My question is.
    How can I block the whole world expect for US, CA and UK?

    I've added several countrys to csf's csf.deny list but half of them keep disappearing.
    Looking for a good solution here.

    Thanks for any help you can give.

    Robert
    Robert Warren
    Purple Penguin
    http://www.purplepenguin.us
    --==Hosting since 1998==--

  2. #2
    Join Date
    Mar 2009
    Posts
    634
    I personally wouldn't do that, if I was hosting with someone and no one except people living in CA, US, or the UK could access my website I would move to a new host

  3. #3
    Ask your DC to block the range of ip's in router ..they will do that for you


    Thanks
    Cyrus Aka Dave

  4. #4
    Join Date
    Apr 2003
    Location
    NC
    Posts
    3,080
    Quote Originally Posted by cyruslinuxtech View Post
    Ask your DC to block the range of ip's in router ..they will do that for you


    Thanks
    Cyrus Aka Dave
    What DC is that? Any i have talked with would never block IPs for you like that in the router for a single client. If they had a hardware firewall they might suggest purchasing one though.

    http://en.wikipedia.org/wiki/Classle...Domain_Routing
    0.0.0.0/0 I believe will block all ips. Then allow the countries you want in the allow file.

    There are a few websites out there that will give you a list of IPs from a country - which are not always accurate.
    John W, CISSP, C|EH
    MS Information Security and Assurance
    ITEagleEye.com - Server Administration and Security
    Yawig.com - Managed VPS and Dedicated Servers with VIP Service

  5. #5
    Join Date
    Mar 2009
    Location
    Austin Tx
    Posts
    2,001
    I have a script that does this, but it's very easy to just put the iptables (can look up the countries wanted to block at ARIN) and block

    Wanna block APNIC? Example -

    iptables -A INPUT -s 112.0.0.0/8 -j DROP
    iptables -A INPUT -s 113.0.0.0/8 -j DROP
    iptables -A INPUT -s 115.0.0.0/8 -j DROP
    iptables -A INPUT -s 116.0.0.0/8 -j DROP
    iptables -A INPUT -s 117.0.0.0/8 -j DROP
    iptables -A INPUT -s 118.0.0.0/8 -j DROP
    iptables -A INPUT -s 118.0.0.0/8 -j DROP
    iptables -A INPUT -s 120.0.0.0/8 -j DROP
    iptables -A INPUT -s 121.0.0.0/8 -j DROP
    iptables -A INPUT -s 122.0.0.0/8 -j DROP
    iptables -A INPUT -s 123.0.0.0/8 -j DROP
    iptables -A INPUT -s 124.0.0.0/8 -j DROP
    iptables -A INPUT -s 125.0.0.0/8 -j DROP
    iptables -A INPUT -s 126.0.0.0/8 -j DROP
    This is the best signature in the world....Tribute!
    (It is not the best signature in the world, no. This is just a tribute)

  6. #6
    Join Date
    Jun 2009
    Location
    Singapore
    Posts
    202
    If you're going to do it to your entire host, I suggest that you don't do it. I would be quite annoyed if my host only allows US, CA and UK people to access my site.
    bikster.com - Quality Hosting. Affordable Prices.
    Providing premium quality shared and reseller cPanel/WHM hosting at low prices!
    Reseller cPanel/WHM hosting solutions that you can afford

  7. #7
    Join Date
    Mar 2009
    Location
    Austin Tx
    Posts
    2,001
    As for me, on the particular servers I do this on, the customers highly support it.
    They don't sell to anything but North America, nor receive (or want to receive) email from the same.
    Luckily, you can pick and choose the countries you want to block.

    Suggesting someone doesn't do this is really pointless...that would be up to the individual employing and impact it would have. I would suggest carefully considering all the ramifications first. Of course, it's about as easy as it gets to undo in all or in part.

    I have found that hack / bruteforce / spam has been decreased by almost 75%.

    I would suggest checking with any paying clients on any boxes you block, to see if it would have any ill effect on their business.

    Barring that, I have never had legitimate traffic from APNIC (example) that hasn't been some kind of hack / spam attempt.

    For me, it works great. So much, I've had it published under my tech sites "giving back" section for any that want it. Both *nix / Win Iptables versions. Editable, of course.
    This is the best signature in the world....Tribute!
    (It is not the best signature in the world, no. This is just a tribute)

  8. #8
    Join Date
    Jan 2005
    Location
    Darwin, Australia
    Posts
    1,333
    Quote Originally Posted by princeshoko View Post
    Hello,

    IM about tired of spam and hackers putting phishing items on my server.

    My question is.
    How can I block the whole world expect for US, CA and UK?

    I've added several countrys to csf's csf.deny list but half of them keep disappearing.
    Looking for a good solution here.

    Thanks for any help you can give.

    Robert
    Secure the server properly! Spam and pishing items being installed on your server regularly suggest your server isn't secure.

    The only effective way I've heard of blocking entire country ranges without a hardware firewall is to use GeoIP

    CN RU and PL are the most common culptrits
    Graham Craig

    "IT'S NOT HOW GOOD YOU ARE, IT'S HOW BAD YOU WANT IT."

  9. #9
    Join Date
    Mar 2009
    Location
    Austin Tx
    Posts
    2,001
    Quote Originally Posted by SSHocker View Post

    The only effective way I've heard of blocking entire country ranges without a hardware firewall is to use GeoIP
    I block them (and have distributed a script that does so for years) quite effectively with IPTables. Country assigned IP blocks are public information from IANA.

    http://www.iana.org/assignments/ipv4-address-space/

    Pick 'n' choose.
    This is the best signature in the world....Tribute!
    (It is not the best signature in the world, no. This is just a tribute)

  10. #10
    Join Date
    Jan 2005
    Location
    Shelbyville, TN
    Posts
    118
    Quote Originally Posted by SSHocker View Post
    Secure the server properly! Spam and pishing items being installed on your server regularly suggest your server isn't secure.

    The only effective way I've heard of blocking entire country ranges without a hardware firewall is to use GeoIP

    CN RU and PL are the most common culptrits

    My server is secured. I even had another admin take a look and he too said there was nothing more to be done. My next step is to start blocking. So far I blocked Romania, Pakastan, India, Sigapore, Russia, China, Nigeria, and today Egypt because of another attempt.

    so instead of just waiting for the next one I just want to block everyone that has no business to look at my server.

    And thanks i'll look up geoIP
    Robert Warren
    Purple Penguin
    http://www.purplepenguin.us
    --==Hosting since 1998==--

  11. #11
    Join Date
    Nov 2001
    Location
    Vancouver
    Posts
    2,416
    "another attempt" - Question for the OP: what sort of attempt? Is this ssh dictionary style attacks you are talking about?

    Re blocking for SMTP purposes, I do this but I don't block whole countries anymore. Used to but I haven't found it necessary due to refinements to how I deal with SMTP connections.

    I now use GeoIP early on in the connection phase of every new SMTP connection; certain countries are given a weighted "risk" out of the gate; if other aspects of the SMTP connection are also suspect (no rdns, improper HELO, RBL inclusion, etc) the weight will cause the connection to almost certainly be dropped.

    The worst offenders (X number of connections per minute, Y number simultaneous connections, from countries deemed suspect) get automatically added to a banned-ips list in a firewall rule set. Since the list gets built up automatically I don't keep it around on file; here's the contents following a recent flush.

    Code:
    smtp-offenders
    186.56.73.49	AR, Argentina
    211.27.146.226	AU, Australia
    65.173.59.137	BO, Bolivia
    187.4.195.137	BR, Brazil
    189.106.120.215	BR, Brazil
    189.12.136.200	BR, Brazil
    189.121.211.4	BR, Brazil
    189.31.178.59	BR, Brazil
    189.75.121.172	BR, Brazil
    189.80.25.130	BR, Brazil
    201.14.89.87	BR, Brazil
    201.36.232.5	BR, Brazil
    201.78.137.91	BR, Brazil
    62.40.68.4	CZ, Czech Republic
    82.201.195.199	EG, Egypt
    190.53.51.173	HN, Honduras
    79.179.47.88	IL, Israel
    123.142.20.162	KR, Korea, Republic of
    189.238.30.166	MX, Mexico
    80.203.61.236	NO, Norway
    121.97.220.227	PH, Philippines
    81.168.183.66	PL, Poland
    93.185.181.154	RU, Russian Federation
    94.181.42.138	RU, Russian Federation
    95.68.183.134	RU, Russian Federation
    217.199.231.249	UA, Ukraine
    113.22.96.206	VN, Vietnam
    125.214.50.186	VN, Vietnam
    222.253.235.174	VN, Vietnam
    222.253.95.16	VN, Vietnam
    “Even those who arrange and design shrubberies are under
    considerable economic stress at this period in history.”

  12. #12
    Quote Originally Posted by eth00 View Post
    What DC is that? Any i have talked with would never block IPs for you like that in the router for a single client.
    Sure they will, if it's important to them. Maybe not for every client, but it has been done. Important usually translates into money, but again, not always.
    edgedirector.com
    managed dns global failover and load balance (gslb)
    exactstate.com
    uptime report for webhostingtalk.com

  13. #13
    Join Date
    Jan 2005
    Location
    Shelbyville, TN
    Posts
    118
    Somehow there using a backdoor and placing phishing files on the server into clients directory.
    Robert Warren
    Purple Penguin
    http://www.purplepenguin.us
    --==Hosting since 1998==--

  14. #14
    Join Date
    Mar 2009
    Location
    Near You..
    Posts
    81
    Using a hardware firewall or with GeoIP , you can do the same. It is sure that a properly hardened server will be protected from most of the phishing/spamming attempts. I would suggest you to do a complete security audit and checks.

  15. #15
    Join Date
    Nov 2001
    Location
    Vancouver
    Posts
    2,416
    Locking down the backdoors would seem to be a priority then. Blocking IP's by country might be a useful short term measure, but if your server(s) are a sitting duck and they are determined to keep using it, they can always use a North American proxy to get at you.

    Besides... there are plenty of bad guys in North America. In my current ssh block list (which was flushed earlier today) I have about 1/4 US and Canada addresses, a few less from Great Britain; the rest are mostly China and a few Columbia. When a block table has been collecting IP addresses for longer I tend to see most of the concentration from China and Vietnam; The remainder - perhaps 1/4 to 1/3 to 1/2 of the total - include US, CA and MX as well as a broad mix from some Latin American countries (CO, BR in particular), a few RU, PL, and other eastern Europeans. And a smattering of folks from NL, FR, IL, EG, and elsewhere.

    My point is you may still see attacks even after blocking off most of the world. Updating or banning vulnerable userland software would seem to be necessary first.
    “Even those who arrange and design shrubberies are under
    considerable economic stress at this period in history.”

  16. #16
    Join Date
    Apr 2002
    Location
    USA
    Posts
    5,779
    Safest thing to do is unplug it from the internet.
    That way you can be the only one to access the server and it is then safe from hackers.

Similar Threads

  1. How to Block a Block of IP'S
    By LP560 in forum Hosting Security and Technology
    Replies: 3
    Last Post: 01-10-2007, 05:45 PM
  2. To block or not to block mouse right bottom click?
    By Oleks in forum Web Design and Content
    Replies: 56
    Last Post: 02-23-2005, 12:53 PM
  3. Using .htacces block how do i block .css downloads
    By Mosaic in forum Programming Discussion
    Replies: 10
    Last Post: 10-01-2004, 11:26 AM
  4. Is World Pay or World Direct 3rd party processors or what?
    By amos462001 in forum Ecommerce Hosting & Discussion
    Replies: 23
    Last Post: 08-14-2004, 07:34 AM
  5. Replies: 1
    Last Post: 05-19-2004, 07:42 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •