Do you block traffic from China?

havochavoc OG
in Technical

From reading various things on the intertubes at least some people seem to do this. On the basis that a lot of the traffic is not legit and/or malicious.

Thoughts on this? yay/nay

Also, anybody know a clean way of managing this type of stuff. I know one can download country IP blocks and funnel it into iptables but not sure how to remove/manage

Do you block traffic from China?
  1. Do you block traffic from China?32 votes
    1. Yes I block it
      37.50%
    2. No I don't block it
      31.25%
    3. I need an adult
      31.25%
Tagged:

Comments

  • AlwaysSkintAlwaysSkint OG

    IPSet/CSF is your friend.

    It wisnae me! A big boy done it and ran away.
    NVMe2G for life! until death (the end is nigh)

  • tetechtetech OG

    Yes. I download IP ranges from not just China but a bunch of countries and do scorched-earth in iptables.

  • foxonefoxone OG

    No, because i have several chinese people using my server as a Matrix proxy to bypass GFW.

  • sonicsonic OG

    Yes, I use Cloudflare to block China

  • uhuuhu OG

    China and Vietnam.

  • InceptionHostingInceptionHosting Hosting ProviderOG

    I used to, then I stopped, but it looks like china blocked Inception hosting in retaliation anyway :p so its now like a war that is over because everyone just stopped fighting and no one won.

    Thanked by (1)havoc

    https://inceptionhosting.com
    Please do not use the PM system here for Inception Hosting support issues.

  • havochavoc OG

    @foxone said: No, because i have several chinese people using my server as a Matrix proxy to bypass GFW.

    That's pretty cool. Not scared of a 3 letter agency busting down your door because someone did something shady via your box?

    @AlwaysSkint said:

    IPSet/CSF is your friend.

    That looks useful. Bit of googling suggests you can add comments to rules and then delete them again based on that like so:

    https://stackoverflow.com/a/19734874

  • tetechtetech OG

    It is simplest to host some pictures of tanks in Tienanmen Square at the IP.

  • NeoonNeoon OG

    I think its a false sense of security, by blocking china and thinking that makes your server safer.
    A lot of malicious which for example tries to bruteforce your ssh or anything else, comes from the hacked vps or shared hosting account close to you.

    If you have important applications, just geofence them or firewall as usual.

    Thanked by (1)uptime

    Free NAT KVM | Free NAT LXC

  • skorousskorous OG

    @Neoon said: I think its a false sense of security, by blocking china and thinking that makes your server safer.

    Operative word being safer. Anytime you eliminate a substantial portion of bad actors you are safer - just not safe. The same way taking an armored car to work while wearing riot gear makes you safer. It just makes no difference when you get home to the suburbs and are murdered by your girlfriend in your sleep.

    Thanked by (1)AlwaysSkint
  • uhuuhu OG

    @skorous said:
    you get home to the suburbs and are murdered by your girlfriend in your sleep.

    That keeps happening to me.

  • WSSWSS Retired

    @uhu said:

    @skorous said:
    you get home to the suburbs and are murdered by your girlfriend in your sleep.

    That keeps happening to me.

    uHu whats this? stab stab stab stab

    My pronouns are asshole/asshole/asshole. I will give you the same courtesy.

  • uhuuhu OG

    I should have probably learned my lesson after I saw the second one sharpening her nails.

  • WSSWSS Retired

    @uhu said:
    I should have probably learned my lesson after I saw the second one sharpening her nails.

    Well, now I'm interested.

    My pronouns are asshole/asshole/asshole. I will give you the same courtesy.

  • uhuuhu OG

    The third one went with strangulation.

    Thanked by (1)WSS
  • AmitzAmitz OG

    Nekki, is that you?

    Thanked by (5)WSS poisson jvnadr uptime Neoon

    Amitz, a very stable genius (it's true!) and Grand Rectumfier of the official LESLOS® (LES League of Shitposters).
    Certified braindead since 1974 and still perfectly happy.

  • WSSWSS Retired

    @uhu said:
    The third one went with strangulation.

    So she's a member of the house?

    My pronouns are asshole/asshole/asshole. I will give you the same courtesy.

  • poissonpoisson OG

    Condoms are not 100% but better than nothing. Same principle.

    Deals and Reviews: LowEndBoxes Review | Avoid dodgy providers with The LEBRE Whitelist | Free hosting (with conditions): Evolution-Host, NanoKVM, FreeMach, ServedEZ | Get expert copyediting and copywriting help at The Write Flow

  • yoursunnyyoursunny OG

    I don't block traffic from China. A quarter of my readers are in China, and I have many pages written in Chinese.
    I believe in an open and free Internet. Thus, I don't plan to block anyone unless I'm being attacked.

    Webhosting24 aff best VPS; ServerFactory aff best VDS; Cloudie best ASN; Huel aff best brotein.

  • PHP_BackendPHP_Backend OG

    I don't care about them trying to hack me, they can try all day long. (If the public-private key system is broken, I am screwed anyway).
    But I DO get annoyed by the sheer amount of the chinese bots crawling my site repeatedly and eating most of the resource.
    One of my hobby blog site only has 1-2 daily visitor but receives millions of hits from China IP. Sometimes I block them by user-agent but most of the time I just choose to not care.

    https://phpbackend.com/

  • tetechtetech OG

    @poisson said:
    Condoms are not 100% but better than nothing. Same principle.

    Especially if your httpd has a one-child policy.

    Thanked by (1)WSS
  • havochavoc OG

    @uhu said:

    @skorous said:
    you get home to the suburbs and are murdered by your girlfriend in your sleep.

    That keeps happening to me.

    Still haven't learned the correct answer to "does this make me look fat"?

  • AlwaysSkintAlwaysSkint OG
    edited January 2020

    @poisson said: Condoms are not 100% but better than nothing

    LMFTFY: Safer not better. (Non ass shagging perspective)

    @PHP_Backend said: But I DO get annoyed by the sheer amount of the chinese bots crawling my site repeatedly and eating most of the resource.

    This.
    Each packet received needs to be processed somewhere, whether 'good' or 'bad'.

    It wisnae me! A big boy done it and ran away.
    NVMe2G for life! until death (the end is nigh)

  • uhuuhu OG

    @havoc said:

    @uhu said:

    @skorous said:
    you get home to the suburbs and are murdered by your girlfriend in your sleep.

    That keeps happening to me.

    Still haven't learned the correct answer to "does this make me look fat"?

    "We should have an open and honest relationship," she said.
    "Your mother talks so much I'm amazed she doesn't starve, but then maybe you share fat genes with her," said I. Hilarity ensued.

  • foxonefoxone OG

    @havoc said:

    That's pretty cool. Not scared of a 3 letter agency busting down your door because someone did something shady via your box?

    No, all traffic is heavily encrypted. And i do not keep logs.

  • havochavoc OG

    @foxone said: No, all traffic is heavily encrypted.

    hmm. Very tempted to upgrade my home internet to 1gbps and use this to offset some of the 35 bucks price diff....

Sign In or Register to comment.

© LowEndSpirit 2024

ipv6 ready