Do you block traffic from China?

From reading various things on the intertubes at least some people seem to do this. On the basis that a lot of the traffic is not legit and/or malicious.

Thoughts on this? yay/nay

Also, anybody know a clean way of managing this type of stuff. I know one can download country IP blocks and funnel it into iptables but not sure how to remove/manage

Do you block traffic from China?
  1. Do you block traffic from China?29 votes
    1. Yes I block it
      37.93%
    2. No I don't block it
      34.48%
    3. I need an adult
      27.59%

Comments

  • IPSet/CSF is your friend.

    Sitting on the fence, teetering back towards LET :-o

  • Yes. I download IP ranges from not just China but a bunch of countries and do scorched-earth in iptables.

  • No, because i have several chinese people using my server as a Matrix proxy to bypass GFW.

  • Yes, I use Cloudflare to block China

    Shared: Smallweb| VPS: Wishosting, NexusBytes, FlowVPS, VirMach, InceptionHosting, Linode
    Gapps legacy 100/200 users cheap 4 sale. PM

  • China and Vietnam.

  • AnthonySmithAnthonySmith AdministratorHosting Provider

    I used to, then I stopped, but it looks like china blocked Inception hosting in retaliation anyway :p so its now like a war that is over because everyone just stopped fighting and no one won.

    Thanked by havoc

    Inception Hosting - we surveyed 100 people and asked them what a fat husband may hide from his wife in his belly button, the 3rd most popular answer was: "Jewelry"

  • @foxone said: No, because i have several chinese people using my server as a Matrix proxy to bypass GFW.

    That's pretty cool. Not scared of a 3 letter agency busting down your door because someone did something shady via your box?

    @AlwaysSkint said:

    IPSet/CSF is your friend.

    That looks useful. Bit of googling suggests you can add comments to rules and then delete them again based on that like so:

    https://stackoverflow.com/a/19734874

  • It is simplest to host some pictures of tanks in Tienanmen Square at the IP.

  • I think its a false sense of security, by blocking china and thinking that makes your server safer.
    A lot of malicious which for example tries to bruteforce your ssh or anything else, comes from the hacked vps or shared hosting account close to you.

    If you have important applications, just geofence them or firewall as usual.

    Thanked by uptime
  • @Neoon said: I think its a false sense of security, by blocking china and thinking that makes your server safer.

    Operative word being safer. Anytime you eliminate a substantial portion of bad actors you are safer - just not safe. The same way taking an armored car to work while wearing riot gear makes you safer. It just makes no difference when you get home to the suburbs and are murdered by your girlfriend in your sleep.

    Thanked by AlwaysSkint
  • @skorous said:
    you get home to the suburbs and are murdered by your girlfriend in your sleep.

    That keeps happening to me.

  • @uhu said:

    @skorous said:
    you get home to the suburbs and are murdered by your girlfriend in your sleep.

    That keeps happening to me.

    uHu whats this? stab stab stab stab

    2019 was the year of Amitz.

  • I should have probably learned my lesson after I saw the second one sharpening her nails.

  • @uhu said:
    I should have probably learned my lesson after I saw the second one sharpening her nails.

    Well, now I'm interested.

    2019 was the year of Amitz.

  • The third one went with strangulation.

    Thanked by WSS
  • Nekki, is that you?

    Grand Rectumfier of the Official LES League of Shitposters ®

  • @uhu said:
    The third one went with strangulation.

    So she's a member of the house?

    2019 was the year of Amitz.

  • Condoms are not 100% but better than nothing. Same principle.

    Deals and Reviews: LowEndBoxes Review | Avoid dodgy providers with The LEBRE Whitelist | Free hosting (with conditions): Evolution-Host, NanoKVM, FreeMach, ServedEZ | Follow latest deals on Twitter or Telegram

  • I don't block traffic from China. A quarter of my readers are in China, and I have many pages written in Chinese.
    I believe in an open and free Internet. Thus, I don't plan to block anyone unless I'm being attacked.

  • I don't care about them trying to hack me, they can try all day long. (If the public-private key system is broken, I am screwed anyway).
    But I DO get annoyed by the sheer amount of the chinese bots crawling my site repeatedly and eating most of the resource.
    One of my hobby blog site only has 1-2 daily visitor but receives millions of hits from China IP. Sometimes I block them by user-agent but most of the time I just choose to not care.

  • @poisson said:
    Condoms are not 100% but better than nothing. Same principle.

    Especially if your httpd has a one-child policy.

    Thanked by WSS
  • @uhu said:

    @skorous said:
    you get home to the suburbs and are murdered by your girlfriend in your sleep.

    That keeps happening to me.

    Still haven't learned the correct answer to "does this make me look fat"?

  • edited January 10

    @poisson said: Condoms are not 100% but better than nothing

    LMFTFY: Safer not better. (Non ass shagging perspective)

    @PHP_Backend said: But I DO get annoyed by the sheer amount of the chinese bots crawling my site repeatedly and eating most of the resource.

    This.
    Each packet received needs to be processed somewhere, whether 'good' or 'bad'.

    Sitting on the fence, teetering back towards LET :-o

  • @havoc said:

    @uhu said:

    @skorous said:
    you get home to the suburbs and are murdered by your girlfriend in your sleep.

    That keeps happening to me.

    Still haven't learned the correct answer to "does this make me look fat"?

    "We should have an open and honest relationship," she said.
    "Your mother talks so much I'm amazed she doesn't starve, but then maybe you share fat genes with her," said I. Hilarity ensued.

  • @havoc said:

    That's pretty cool. Not scared of a 3 letter agency busting down your door because someone did something shady via your box?

    No, all traffic is heavily encrypted. And i do not keep logs.

  • @foxone said: No, all traffic is heavily encrypted.

    hmm. Very tempted to upgrade my home internet to 1gbps and use this to offset some of the 35 bucks price diff....

Sign In or Register to comment.