Comment by faangguyindia

10 hours ago

I maintain a list of

"23034 IPs to blocklist.txt"

blocked IPs they contain all VPN providers. Often VPN providers seed Geofeeds with wrong data, this is why i use traceroute and ping network to locate their real location.

26 comments

faangguyindia

Reply
BLKNSLVR  10 hours ago

I have a script that logs IPs for any traffic coming in to my servers on ports that don't accept traffic. I then block those IPs from accessing ports behind which there are services.

If they're checking my locked doors, I don't want them coming in my unlocked doors.

  • notpushkin  9 hours ago

    This might be a good idea, but consider banning them for, say, a couple hours at a time. It’s easy to rotate IP, especially if you’re using a residential proxy service, and there’s a good chance you’ll end up blocking real users using the same ISP.

  • hypeatei  6 hours ago

    Closed ports are not "locked doors", and open ports are not "unlocked doors"

    That is a binary thought process with a lot of assumptions. You might introduce even more attack surface in pursuit of this "security" measure by installing additional software like fail2ban, for example. Close your ports, maybe assign a non-standard port to the popular ones (like SSH) to reduce log spam, and patch your server often. Anything more complicated than that is not worth it, IMO.

marcus_holmes  9 hours ago

You know that people use VPNs for perfectly legitimate reasons, right?

Like when I was travelling, sites would routinely use the language of my IP address location, not the language preference as I set it in my browser. So I would be served a site that I couldn't read. My only option was to use a VPN to spoof my location so that it would serve me a site in a language I understand.