top | item 46242979

(no title)

FabCH | 2 months ago

If you don't need global access, I have found that Geoblocking is the best first step. Especially if you are in a small country with a small footprint and you can get away at blocking the rest of the world. But even if you live in the US, excluding Russia, India, Iran and a few others will cut your traffic by double digit percent.

In the article, quite a few listed sources of traffic would simply be completely unable to access the server if the author could get away with a geoblock.

discuss

krupan|2 months ago

This makes me a little sad. There's an ideal built into the Internet, that it has no borders, that individuals around the world can connect directly. Blocking an entire geographic region because of a few bad actors kills that. I see why it's done, but it's unfortunate

halJordan|2 months ago

You can't make the argument that it's a small group of bad actors. It's quite a massive group of unrelentingly malicious actors

BobaFloutist|2 months ago

It's not because of a few bad actors, it's because of a hostile or incompetent government.

Every country has (at the very least) a few bad actors, it's a small handful of countries that actively protect their bad actors from any sort of accountability or identification.

FabCH|2 months ago

I know what you mean.

But the numbers don't lie. In my case, I locked down to a fairly small group of European countries and the server went down from about 1500 bot scans per day down to 0.

The tradeoff is just too big to ignore.

unknown|2 months ago

[deleted]

komali2|2 months ago

Reminds me of when 4chan banned Russia entirely to stop DDOSes. I can't find it but there was a funny post from Hiro saying something like "couldn't figure out how to stop the ddos. Banned Russia. Ddos ended. So Russia is banned. /Shrug"

ralferoo|2 months ago

Similarly, for my e-mail server, I manually add spammers into my exim local_sender_blacklist a single domain at a time. About a month into doing this, I just gave up and added * @* .ru and that instantly cut out around 80% of the spam e-mail.

It's funny observing their tactics though. On the whole, spammers have moved from bare domain to various prefixes like @outreach.domain, @msg.domain, @chat.domain, @mail.domain, @contact.domain and most recently @email.domain.

It's also interesting watching the common parts before the @. Most recently I've seen a lot of marketing@, before that chat@ and about a month after I blocked that chat1@. I mostly block *@domain though, so I'm less aware of these trends.

ThatPlayer|2 months ago

We've had a similar discussion at my work. E-commerce that only ships to North America. So blocking anyone outside of that is an option.

Or I might try and put up Anubis only for them.

FabCH|2 months ago

Be slightly careful with commerce websites, because GeoIP databases are not perfect in my experience.

I got accidentally locked out from my server when I connected over Starlink that IP-maps to the US even though I was physically in Greece.

As a practical advice, I would use a blocklist for commerce websites, and allowlist for infra/personal.

lsaferite|2 months ago

Just keep in mind, that could block legit users who are outside the country. One case being someone traveling and wanting to buy something to deliver home. Another case being a non-resident wanting to buy something to send to family in the service zone.

I'm not saying don't block, just saying be aware of the unintended blocks and weigh them.

redirectyou|2 months ago

[deleted]