Knowledgebase

CSF Country Block

Posted by Dan-CKS, 05-27-2010, 06:45 PM
Hi would appreciate if someone could give me advice on how to block china visitors. Cheers
Posted by adamnp, 05-27-2010, 06:51 PM
spoofing ip's and user agents is simple, which basically nullifys blocking the ips/dns or user. The best route is to assure your files are tested and patched for vulnerabilities, and that all passwords are secure. This includes, database, useraccounts, ftp accounts, or script accounts. A method I have found useful is to build a bottrap, this basically filters the hosts vs the robots.txt. This was discussed more in another forum, I'm sure others can elaborate. http://www.kloth.net/internet/bottrap.php - This will show you how to block spam bots and other bad bots from accessing and scanning your web site.
Posted by crazylane, 05-27-2010, 07:59 PM
You could add the CIDR blocks for china to CSF, to many blocked IPs can really slow your server down.
Posted by Dan-CKS, 05-27-2010, 08:16 PM
As of now, i have blocked over 400 ip's from china and they just keep coming...
Posted by media r, 05-27-2010, 08:27 PM
Maybe you've already tried this: In Firewall configuration under csf, scroll down to CC_DENY and add CN for China, that should block all IPs from China.
Posted by Srv24x7, 05-28-2010, 02:17 AM
Try installing mod_geoip to block entire country
Posted by LVPSHosting, 05-28-2010, 03:15 AM
Go to http://www.countryipblocks.net/ Select China on the right and select CIDR and press the "Choose Countries" button. It will display all the Chinese networks on the next screen under the "Here is the data you requested:" box. Just copy the IP's and put them in the iptables with "DROP" rule... That's it.
Posted by InoxHost, 05-28-2010, 03:19 AM
Perfect solution Will try it on our servers.... Thanks
Posted by oxyhosts, 05-28-2010, 06:41 AM
There are many other sites that too generate all CIDR subnets of IPs of a country. Eg:- http://www.blockacountry.com/
Posted by nootkan, 06-06-2010, 04:18 PM
Okay this may sound stupid but where in csf do I find the iptables config? Do I add all the ips in the firewall deny ips? If so, how do I add the drop rule? See images for my csf. I added CN,KR,RU,IN,KP to my cc_deny but the warning says this could slow down my server. Is the other option above a better one for server performance? Attached Thumbnails     Last edited by nootkan; 06-06-2010 at 04:30 PM.
Posted by crazylane, 06-06-2010, 04:29 PM
Select the button labeled "Firewall Configuration", you will be able to enter the countries here. It's about a third of the way down on the page.
Posted by nootkan, 06-06-2010, 05:18 PM
crazylane, thanks I already found that under firewall config and added the country abbreviations. I was just wondering if the other option to add ip address to the iptables with the drop rule is more efficient for the server performance. The warnings above the cc_deny state that adding the country abbreviations may slow down the server performance and that concerns me. Should it?
Posted by crazylane, 06-06-2010, 05:26 PM
When you add a country like CN, CSF adds the CIDR IPs to iptables via CSF, and if you add several countries it can slow down your server.
Posted by florenceit, 03-02-2012, 01:38 PM
Hi Just finding this thread as I m getting tired of exploit attempts from common country sources. Are their any better ways to block specific countries since this thread started? I have added CN addresses per above to CSF block IP's, and I noticed that many of my recurring smtp connections from CN domains were killed (good!), but i just worry about performance. thank you!
Posted by Larry, 03-02-2012, 09:04 PM
The more IPs you add to your iptables, the slower your server gets because it has to perform a check in the iptables each time a visitor visits your website(s) on your server. If you have 100 IPs (Which is standard), then it's only a quick check. If you have 1,000's upon 1,000's of IPs (Unlikely), then the server has to go through that entire list each time a visitor visits your server. The best thing to do is to just block ranges of IPs if you're going the country block route, or just install other preventive applications like mod_security and maintain strong passwords.
Posted by florenceit, 03-03-2012, 10:29 AM
thanks, those other two things are exactly what I've been working on as well, good to know!


Was this answer helpful?

Add to Favourites Add to Favourites

Print this Article Print this Article
Also Read
Mystical Remount !! (Views: 554)
LayeredTech Servers on ThePlanet (Views: 605)
e3servers.com - Any good? (Views: 601)
Suggest Big space reseller (Views: 633)
How to identify security loopholes so that domain name not used to send spam emails? (Views: 624)


Language:

Client Menu

 

Client Login

Email

Password

Remember Me

Search



  
 

Clients

Hosting

VPS Hosting

About Us

Contact Us

Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.