1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Any downside to blocking all of China?

Discussion in 'BlackHat Lounge' started by subpop138, Jul 7, 2015.

  1. subpop138

    subpop138 Junior Member

    Joined:
    Dec 21, 2011
    Messages:
    137
    Likes Received:
    65
    Location:
    Harrisburg, PA USA
    I've been working on a newer authority site for a few months now. When I check the traffic I usually see 50-100 hits from a Chinese IP all in the same day. So I then manually block that IP. Next day, same thing from a different Chinese IP. No matter how many specific IPs I block, China is still up to something. Now I just want to block the whole country.

    This site is entirely in English and there's no legitimate reason for this traffic.

    Has anyone had any unforeseen negative issues blocking an entire country?
     
  2. lancis

    lancis Elite Member

    Joined:
    Jul 31, 2010
    Messages:
    1,680
    Likes Received:
    2,416
    Occupation:
    Entrepreneur
    Location:
    Milky Way
    Home Page:
    I block Chinese & east Ukrainian traffic on a constant basis. No negative issues so far.

    p.s. For those wondering why - most of the SSH brute-force attacks come from these countries.
     
    • Thanks Thanks x 1
  3. cottonwolf

    cottonwolf Regular Member

    Joined:
    Jan 20, 2015
    Messages:
    469
    Likes Received:
    239
    Don't forget India as well. I've got plenty of dumbbots at my ssh gates from Indian ips. Nothing personal.

     
    • Thanks Thanks x 1
  4. firstnamelastname

    firstnamelastname Junior Member

    Joined:
    Jun 20, 2015
    Messages:
    184
    Likes Received:
    31
    If there is no reason someone from those countries should visit your site, then block them.
    I would like to block India, China, Ukraine, Russia, Pakistan, Phillipines, Bangladesh
    But the question is, how do you block all this without slowing down your site? because if you add all these IPs to your htaccess, your site will get slow as hell because it has to process all these commands before the site loads (right?)
    The next question is what about false positives? what if someone is in the US but their IP for some weird reason resolves to India?
     
  5. Capo Dei Capi

    Capo Dei Capi BANNED BANNED

    Joined:
    Oct 23, 2014
    Messages:
    754
    Likes Received:
    1,732
    Why not hardened your website instead of worrying about people from certain countries?
     
  6. ladieshustle2

    ladieshustle2 Newbie

    Joined:
    Jun 14, 2015
    Messages:
    15
    Likes Received:
    6
    Occupation:
    SAHM
    Location:
    Canada
    If you have no real significant gains from that Chinese traffic, then it would make sense for you to go ahead and block that traffic. But it's obvious that doing so, your significant traffic sources MAY suffer from a potentially slower site - yes because of commands.

    Test it out for a week and see what happens.
     
  7. lancis

    lancis Elite Member

    Joined:
    Jul 31, 2010
    Messages:
    1,680
    Likes Received:
    2,416
    Occupation:
    Entrepreneur
    Location:
    Milky Way
    Home Page:
    Add them to firewall rules instead .htaccess, and there will be no noticeable slowdown.

    This is part of "hardening" your website. There are thousands of Chinese IPs that attempt to brute force your password. They are not targeted. They scan IP ranges and attempt to guess the passwords of the root users. If you dont block them, eventually they will find the password they are after.

    Sure you can block these IPs only, but as I said there are thousands of them and they change as the time goes by. So the best strategy is to block the entire country (especially since that country is of no relevancy to you).
     
  8. elfgirl

    elfgirl Jr. VIP Jr. VIP

    Joined:
    Dec 30, 2014
    Messages:
    272
    Likes Received:
    90
    Occupation:
    Owner, SilentSEONinja
    Location:
    Dallas
    clearly if you are selling to only US or Canada then there would be no reason to have traffic from those countries. So I say it could only do good for you.
     
  9. 67MAD54

    67MAD54 Regular Member

    Joined:
    Dec 8, 2013
    Messages:
    245
    Likes Received:
    75
    Location:
    UK
    China and Russia are two of the main culprits with hack attacks on my sites
     
  10. Ohboyj

    Ohboyj Newbie

    Joined:
    Apr 1, 2015
    Messages:
    13
    Likes Received:
    3
    No more wanton soup & fruity loops
     
  11. Capo Dei Capi

    Capo Dei Capi BANNED BANNED

    Joined:
    Oct 23, 2014
    Messages:
    754
    Likes Received:
    1,732
    Use really long passwords and really long root usernames and it will be nearly impossible to be hacked.
     
  12. Neocortx

    Neocortx Regular Member

    Joined:
    Mar 2, 2013
    Messages:
    278
    Likes Received:
    174
    This. If you have a password with 15+ chars and use lower/upper case, $§/)"§= stuff etc., and nothing that would make any sense, it becomes near impossible to crack.
     
  13. lancis

    lancis Elite Member

    Joined:
    Jul 31, 2010
    Messages:
    1,680
    Likes Received:
    2,416
    Occupation:
    Entrepreneur
    Location:
    Milky Way
    Home Page:
    Even better, use public/private key pairs instead passwords. But you're forgetting that some website have registered users, who tend to choose weak passwords. Have software vulnerabilities that might be abused by the SSH bots, etc, etc. Blocking the country is still the cleanest solution of them all. :)