💾 Archived View for station.martinrue.com › kevinsan › c16b9748c50a4e01aa8f5cf2e28a95f8 captured on 2023-09-28 at 17:17:05. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2023-09-08)

-=-=-=-=-=-=-

👽 kevinsan

Antenna post on blocking countries by IP (not a good thing to do!) made me wonder what approaches people take towards hostile actors. Personally, I do almost nothing. fail2ban on some common stuff, maybe firewall the odd pointlessly persistent crawlers.

On the whole, I just don't bother.

For web servers, it always seemed like triggers on URL patterns should be a standard mechanism - like, there are few valid reasons an IP should be asking for wp-admin/ except me, right? Easy and instant IP block win.

2 years ago

Actions

👋 Join Station

7 Replies

👽 digbat

@kevinsan: thank you for the technical input - i was aware of the problems of CC blocking not being accurate for loads of reasons. i've just checked some logs and have managed to block bots and wp burglers:-) no real people yet. Cheers D · 2 years ago

👽 gnuserland

@kevinsan I feel is more a reaction against Russian people, maybe people should block Nitup computer instead... · 2 years ago

👽 kevinsan

@gnuserland In my opinion, there is no point. A threat coming from a Russian IP net block could just as easily route through a US net block. If I were trawling with a zero-day exploit in my hand, I'd just keep a list of firewalled servers and run them later from e.g. US subnets. · 2 years ago

👽 kevinsan

@digbat technically it's hard to know where a specific IP is actually from. Netblocks get subdivided, IPs get shared, translated, proxied. But of course my comment only relates to the unfairness of blocking a whole country when there are millions of decent people and a handful of bad actors (who may not even be from that country). · 2 years ago

👽 gnuserland

What is the point in blocking Russia? · 2 years ago

👽 moddedbear

Triggers on certain URL patterns seems the way to go for me. Fun story, I was bored at work one day so I wrote a script to periodically check our web server logs for suspicious looking 404s and attempts to find admin pages. It would then do a location lookup on each IP and plot it as a red dot on a new map widget on our dashboard titled "Global Threats". It was pretty fun to watch for a while. · 2 years ago

👽 digbat

@kevinsan: i may completely agree with you about (not a good thing to do!) but why in technical terms? i ask so that i might learn something and without any intent to just disagree. tks:-) · 2 years ago