Antenna post on blocking countries by IP (not a good thing to do!) made me wonder what approaches people take towards hostile actors. Personally, I do almost nothing. fail2ban on some common stuff, maybe firewall the odd pointlessly persistent crawlers.
On the whole, I just don't bother.
For web servers, it always seemed like triggers on URL patterns should be a standard mechanism - like, there are few valid reasons an IP should be asking for wp-admin/ except me, right? Easy and instant IP block win.
2 years ago
@kevinsan: thank you for the technical input - i was aware of the problems of CC blocking not being accurate for loads of reasons. i've just checked some logs and have managed to block bots and wp burglers:-) no real people yet. Cheers D 路 2 years ago
@kevinsan I feel is more a reaction against Russian people, maybe people should block Nitup computer instead... 路 2 years ago
@gnuserland In my opinion, there is no point. A threat coming from a Russian IP net block could just as easily route through a US net block. If I were trawling with a zero-day exploit in my hand, I'd just keep a list of firewalled servers and run them later from e.g. US subnets. 路 2 years ago
@digbat technically it's hard to know where a specific IP is actually from. Netblocks get subdivided, IPs get shared, translated, proxied. But of course my comment only relates to the unfairness of blocking a whole country when there are millions of decent people and a handful of bad actors (who may not even be from that country). 路 2 years ago
What is the point in blocking Russia? 路 2 years ago
Triggers on certain URL patterns seems the way to go for me. Fun story, I was bored at work one day so I wrote a script to periodically check our web server logs for suspicious looking 404s and attempts to find admin pages. It would then do a location lookup on each IP and plot it as a red dot on a new map widget on our dashboard titled "Global Threats". It was pretty fun to watch for a while. 路 2 years ago
@kevinsan: i may completely agree with you about (not a good thing to do!) but why in technical terms? i ask so that i might learn something and without any intent to just disagree. tks:-) 路 2 years ago