I apologies if I am posting in the wrong location. I am getting a lot of login attempts from China and other Asian countries. It does not surprise me, but has anyone tried doing IP blocking by country, I don't like the idea, but with as much attempts I am getting, it's filling up my logs. I see how I can do it with UFW, but just need a good source of IP Blocks. CIDR notations would be great.

Like I said, I hate to have to go to this extreme, but it's getting bad. Huawei Public Cloud Service is the worst one so fare.

Sam L.
LSNET Archive

---
� Synchronet � LSNET Archive - Archiving Software for the Future
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Hi Compctech,

On 2025-02-28 10:47:03, you wrote to All:

I apologies if I am posting in the wrong location. I am getting a lot
of login attempts from China and other Asian countries. It does not surprise me, but has anyone tried doing IP blocking by country, I
don't like the idea, but with as much attempts I am getting, it's
filling up my logs. I see how I can do it with UFW, but just need a
good source of IP Blocks. CIDR notations would be great.

Yes you can get the IP block ranges by country at http://www.ipdeny.com/

For example I do this in a script for some countries (not my fido machine though, because there are a lot of fido systems in russia):

wget -q -O zone.belarus http://www.ipdeny.com/ipblocks/data/aggregated/by-aggregated.zone
wget -q -O zone.china http://www.ipdeny.com/ipblocks/data/aggregated/cn-aggregated.zone
wget -q -O zone.iran http://www.ipdeny.com/ipblocks/data/aggregated/ir-aggregated.zone
wget -q -O zone.north-korea http://www.ipdeny.com/ipblocks/data/aggregated/kp-aggregated.zone
wget -q -O zone.russia http://www.ipdeny.com/ipblocks/data/aggregated/ru-aggregated.zone

After this I feed the files to fail2ban with these commands:

fail2ban-client restart --unban countries
fail2ban-client set countries banip $(<zone.north-korea )
fail2ban-client set countries banip $(<zone.belarus )
fail2ban-client set countries banip $(<zone.china )
fail2ban-client set countries banip $(<zone.iran )
fail2ban-client set countries banip $(<zone.russia )

And in my fail2ban config (/etc/fail2ban/jail.d/custom.local), I have this section:

[countries]
filter = manual
banaction = %(banaction_allports)s
bantime = -1
enabled = true


Bye, Wilfred.

--- FMail-lnx64 2.3.2.4-B20240523
* Origin: FMail development HQ (2:280/464)

Hi Compctech,

On 2025-02-28 10:47:03, you wrote to All:

Yes you can get the IP block ranges by country at http://www.ipdeny.com/

For example I do this in a script for some countries (not my fido machine though, because there are a lot of fido systems in russia):

wget -q -O zone.belarus http://www.ipdeny.com/ipblocks/data/aggregated/by-aggregated.zone
wget -q -O zone.china http://www.ipdeny.com/ipblocks/data/aggregated/cn-aggregated.zone
wget -q -O zone.iran http://www.ipdeny.com/ipblocks/data/aggregated/ir-aggregated.zone
wget -q -O zone.north-korea http://www.ipdeny.com/ipblocks/data/aggregated/kp-aggregated.zone
wget -q -O zone.russia http://www.ipdeny.com/ipblocks/data/aggregated/ru-aggregated.zone

After this I feed the files to fail2ban with these commands:

fail2ban-client restart --unban countries
fail2ban-client set countries banip $(<zone.north-korea )
fail2ban-client set countries banip $(<zone.belarus )
fail2ban-client set countries banip $(<zone.china )
fail2ban-client set countries banip $(<zone.iran )
fail2ban-client set countries banip $(<zone.russia )

And in my fail2ban config (/etc/fail2ban/jail.d/custom.local), I have this section:

[countries]
filter = manual
banaction = %(banaction_allports)s
bantime = -1
enabled = true

Bye, Wilfred.

--- FMail-lnx64 2.3.2.4-B20240523
* Origin: FMail development HQ (2:280/464)
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

Thanks!!! I think that did it. China is the worst when coming to attempts to brake into stuff. At my last job (10+ Years ago) we setup a honeypot system that we would use to build block lists and it also reported back to a network of honeypot that would pool the IPs together. Now I am trying to remember what that honeypot net was.

Sam L.
LSNET Archive

---
￭ Synchronet ￭ LSNET Archive - Archiving Software for the Future
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Hi Compctech,

On 2025-02-28 10:47:03, you wrote to All:

Yes you can get the IP block ranges by country at http://www.ipdeny.com/

For example I do this in a script for some countries (not my fido machine though, because there are a lot of fido systems in russia):

wget -q -O zone.belarus http://www.ipdeny.com/ipblocks/data/aggregated/by-aggregated.zone
wget -q -O zone.china http://www.ipdeny.com/ipblocks/data/aggregated/cn-aggregated.zone
wget -q -O zone.iran http://www.ipdeny.com/ipblocks/data/aggregated/ir-aggregated.zone
wget -q -O zone.north-korea http://www.ipdeny.com/ipblocks/data/aggregated/kp-aggregated.zone
wget -q -O zone.russia http://www.ipdeny.com/ipblocks/data/aggregated/ru-aggregated.zone

After this I feed the files to fail2ban with these commands:

fail2ban-client restart --unban countries
fail2ban-client set countries banip $(<zone.north-korea )
fail2ban-client set countries banip $(<zone.belarus )
fail2ban-client set countries banip $(<zone.china )
fail2ban-client set countries banip $(<zone.iran )
fail2ban-client set countries banip $(<zone.russia )

And in my fail2ban config (/etc/fail2ban/jail.d/custom.local), I have this section:

[countries]
filter = manual
banaction = %(banaction_allports)s
bantime = -1
enabled = true

Bye, Wilfred.

--- FMail-lnx64 2.3.2.4-B20240523
* Origin: FMail development HQ (2:280/464)
� Synchronet � Vertrauen � Home of Synchronet �
[vert/cvs/bbs].synchro.net

Thanks this worked great. Have a great day.
Rixter

telnet://ricksbbs.synchro.net:23
http://ricksbbs.synchro.net:8080
Madison,NC

---
� Synchronet � Rick's BBS telnet://ricksbbs.synchro.net:23
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)