Do you block traffic from China?

From reading various things on the intertubes at least some people seem to do this. On the basis that a lot of the traffic is not legit and/or malicious.

Thoughts on this? yay/nay

Also, anybody know a clean way of managing this type of stuff. I know one can download country IP blocks and funnel it into iptables but not sure how to remove/manage

Do you block traffic from China?
  1. Do you block traffic from China?30 votes
    1. Yes I block it
      36.67%
    2. No I don't block it
      33.33%
    3. I need an adult
      30.00%

Comments

  • IPSet/CSF is your friend.

    Where's the ignore setting?

  • Yes. I download IP ranges from not just China but a bunch of countries and do scorched-earth in iptables.

  • No, because i have several chinese people using my server as a Matrix proxy to bypass GFW.

  • Yes, I use Cloudflare to block China

    Shared: Smallweb| VPS: NexusBytes, FlowVPS, VirMach, InceptionHosting, Linode
    Gapps legacy 100/200 users cheap 4 sale. PM

  • China and Vietnam.

  • AnthonySmithAnthonySmith AdministratorHosting Provider

    I used to, then I stopped, but it looks like china blocked Inception hosting in retaliation anyway :p so its now like a war that is over because everyone just stopped fighting and no one won.

    Thanked by (1)havoc

    Inception Hosting - 256MB OpenVZ VPS back in stock for €8.00 p/year - DEDICATED IP4 + /64 IPv6 https://clients.inceptionhosting.com/cart.php?a=add&pid=177
    Please do not use the PM system here for Inception Hosting support issues.

  • @foxone said: No, because i have several chinese people using my server as a Matrix proxy to bypass GFW.

    That's pretty cool. Not scared of a 3 letter agency busting down your door because someone did something shady via your box?

    @AlwaysSkint said:

    IPSet/CSF is your friend.

    That looks useful. Bit of googling suggests you can add comments to rules and then delete them again based on that like so:

    https://stackoverflow.com/a/19734874

  • It is simplest to host some pictures of tanks in Tienanmen Square at the IP.

  • I think its a false sense of security, by blocking china and thinking that makes your server safer.
    A lot of malicious which for example tries to bruteforce your ssh or anything else, comes from the hacked vps or shared hosting account close to you.

    If you have important applications, just geofence them or firewall as usual.

    Thanked by (1)uptime
  • @Neoon said: I think its a false sense of security, by blocking china and thinking that makes your server safer.

    Operative word being safer. Anytime you eliminate a substantial portion of bad actors you are safer - just not safe. The same way taking an armored car to work while wearing riot gear makes you safer. It just makes no difference when you get home to the suburbs and are murdered by your girlfriend in your sleep.

    Thanked by (1)AlwaysSkint
  • @skorous said:
    you get home to the suburbs and are murdered by your girlfriend in your sleep.

    That keeps happening to me.

  • WSSWSS Retired

    @uhu said:

    @skorous said:
    you get home to the suburbs and are murdered by your girlfriend in your sleep.

    That keeps happening to me.

    uHu whats this? stab stab stab stab

    My pronouns are asshole/asshole/asshole. I will give you the same courtesy.

  • I should have probably learned my lesson after I saw the second one sharpening her nails.

  • WSSWSS Retired

    @uhu said:
    I should have probably learned my lesson after I saw the second one sharpening her nails.

    Well, now I'm interested.

    My pronouns are asshole/asshole/asshole. I will give you the same courtesy.

  • The third one went with strangulation.

    Thanked by (1)WSS
  • Nekki, is that you?

    Thanked by (5)WSS poisson jvnadr uptime Neoon

    Amitz, a very stable genius (it's true!) and Grand Rectumfier of the "Official LES League of Shitposters"®

  • WSSWSS Retired

    @uhu said:
    The third one went with strangulation.

    So she's a member of the house?

    My pronouns are asshole/asshole/asshole. I will give you the same courtesy.

  • Condoms are not 100% but better than nothing. Same principle.

    Deals and Reviews: LowEndBoxes Review | Avoid dodgy providers with The LEBRE Whitelist | Free hosting (with conditions): Evolution-Host, NanoKVM, FreeMach, ServedEZ | Follow latest deals on Twitter or Telegram

  • I don't block traffic from China. A quarter of my readers are in China, and I have many pages written in Chinese.
    I believe in an open and free Internet. Thus, I don't plan to block anyone unless I'm being attacked.

  • I don't care about them trying to hack me, they can try all day long. (If the public-private key system is broken, I am screwed anyway).
    But I DO get annoyed by the sheer amount of the chinese bots crawling my site repeatedly and eating most of the resource.
    One of my hobby blog site only has 1-2 daily visitor but receives millions of hits from China IP. Sometimes I block them by user-agent but most of the time I just choose to not care.

  • @poisson said:
    Condoms are not 100% but better than nothing. Same principle.

    Especially if your httpd has a one-child policy.

    Thanked by (1)WSS
  • @uhu said:

    @skorous said:
    you get home to the suburbs and are murdered by your girlfriend in your sleep.

    That keeps happening to me.

    Still haven't learned the correct answer to "does this make me look fat"?

  • edited January 10

    @poisson said: Condoms are not 100% but better than nothing

    LMFTFY: Safer not better. (Non ass shagging perspective)

    @PHP_Backend said: But I DO get annoyed by the sheer amount of the chinese bots crawling my site repeatedly and eating most of the resource.

    This.
    Each packet received needs to be processed somewhere, whether 'good' or 'bad'.

    Where's the ignore setting?

  • @havoc said:

    @uhu said:

    @skorous said:
    you get home to the suburbs and are murdered by your girlfriend in your sleep.

    That keeps happening to me.

    Still haven't learned the correct answer to "does this make me look fat"?

    "We should have an open and honest relationship," she said.
    "Your mother talks so much I'm amazed she doesn't starve, but then maybe you share fat genes with her," said I. Hilarity ensued.

  • @havoc said:

    That's pretty cool. Not scared of a 3 letter agency busting down your door because someone did something shady via your box?

    No, all traffic is heavily encrypted. And i do not keep logs.

  • @foxone said: No, all traffic is heavily encrypted.

    hmm. Very tempted to upgrade my home internet to 1gbps and use this to offset some of the 35 bucks price diff....

Sign In or Register to comment.