Do you block traffic from China?
From reading various things on the intertubes at least some people seem to do this. On the basis that a lot of the traffic is not legit and/or malicious.
Thoughts on this? yay/nay
Also, anybody know a clean way of managing this type of stuff. I know one can download country IP blocks and funnel it into iptables but not sure how to remove/manage
Do you block traffic from China?
- Do you block traffic from China?32 votes
- Yes I block it37.50%
- No I don't block it31.25%
- I need an adult31.25%
Tagged:
Comments
IPSet/CSF is your friend.
It wisnae me! A big boy done it and ran away.
NVMe2G for life! until death (the end is nigh)
Yes. I download IP ranges from not just China but a bunch of countries and do scorched-earth in iptables.
No, because i have several chinese people using my server as a Matrix proxy to bypass GFW.
Yes, I use Cloudflare to block China
China and Vietnam.
I used to, then I stopped, but it looks like china blocked Inception hosting in retaliation anyway so its now like a war that is over because everyone just stopped fighting and no one won.
https://inceptionhosting.com
Please do not use the PM system here for Inception Hosting support issues.
That's pretty cool. Not scared of a 3 letter agency busting down your door because someone did something shady via your box?
@AlwaysSkint said:
That looks useful. Bit of googling suggests you can add comments to rules and then delete them again based on that like so:
https://stackoverflow.com/a/19734874
It is simplest to host some pictures of tanks in Tienanmen Square at the IP.
I think its a false sense of security, by blocking china and thinking that makes your server safer.
A lot of malicious which for example tries to bruteforce your ssh or anything else, comes from the hacked vps or shared hosting account close to you.
If you have important applications, just geofence them or firewall as usual.
Free NAT KVM | Free NAT LXC
Operative word being safer. Anytime you eliminate a substantial portion of bad actors you are safer - just not safe. The same way taking an armored car to work while wearing riot gear makes you safer. It just makes no difference when you get home to the suburbs and are murdered by your girlfriend in your sleep.
That keeps happening to me.
uHu whats this? stab stab stab stab
My pronouns are asshole/asshole/asshole. I will give you the same courtesy.
I should have probably learned my lesson after I saw the second one sharpening her nails.
Well, now I'm interested.
My pronouns are asshole/asshole/asshole. I will give you the same courtesy.
The third one went with strangulation.
Nekki, is that you?
Amitz, a very stable genius (it's true!) and Grand Rectumfier of the official LESLOS® (LES League of Shitposters).
Certified braindead since 1974 and still perfectly happy.
So she's a member of the house?
My pronouns are asshole/asshole/asshole. I will give you the same courtesy.
Condoms are not 100% but better than nothing. Same principle.
Deals and Reviews: LowEndBoxes Review | Avoid dodgy providers with The LEBRE Whitelist | Free hosting (with conditions): Evolution-Host, NanoKVM, FreeMach, ServedEZ | Get expert copyediting and copywriting help at The Write Flow
I don't block traffic from China. A quarter of my readers are in China, and I have many pages written in Chinese.
I believe in an open and free Internet. Thus, I don't plan to block anyone unless I'm being attacked.
Webhosting24 aff best VPS; ServerFactory aff best VDS; Cloudie best ASN; Huel aff best brotein.
I don't care about them trying to hack me, they can try all day long. (If the public-private key system is broken, I am screwed anyway).
But I DO get annoyed by the sheer amount of the chinese bots crawling my site repeatedly and eating most of the resource.
One of my hobby blog site only has 1-2 daily visitor but receives millions of hits from China IP. Sometimes I block them by user-agent but most of the time I just choose to not care.
https://phpbackend.com/
Especially if your httpd has a one-child policy.
Still haven't learned the correct answer to "does this make me look fat"?
LMFTFY: Safer not better. (Non ass shagging perspective)
This.
Each packet received needs to be processed somewhere, whether 'good' or 'bad'.
It wisnae me! A big boy done it and ran away.
NVMe2G for life! until death (the end is nigh)
"We should have an open and honest relationship," she said.
"Your mother talks so much I'm amazed she doesn't starve, but then maybe you share fat genes with her," said I. Hilarity ensued.
No, all traffic is heavily encrypted. And i do not keep logs.
hmm. Very tempted to upgrade my home internet to 1gbps and use this to offset some of the 35 bucks price diff....