Atomicorp

I am getting pounded by hackers from RIPE and AsiaNet. My client would like me to block all access from overseas.

How can I create a server-wide .htaccess file? On each node or how about on Virtuozzo that actually has two virtual servers (they're small and the servers are beefy.)

What about firewalling?

I've never tried it myself, but traffic to Containers goes via the Forward chain on the HN. So any rules in there apply to all containers. In theory.

China and Korea netblocks: http://okean.com/asianspamblocks.html

Hey Faris!

Nice to see you. I can put them in our WatchGuard Peak X8000 but that will take a long time. I can't enter CDR's like 212/24.

Any suggestions on a .htaccess on the HN that will affect the containers?

Big performance hit whenever you use .htaccess. Its faster to do geo-blocking in the firewall

Hey Scott! Good morning. I agree. I just can't enter CIDR's, just host ranges. I can import a text file and need to explore that. The firewall kicks butt!

I suspect even adding CIDRs would take ages if you had to add them one by one manually.
The text file import is probably the best option.

OR, just for these blocks, used the FORWARD chain on the HN.

OR, as there are only two Containers, adding them to the normal firewall in each container should not cause problems, even though you are effectively doubling the number of blocks that are strictly necessary.

If you don't have a firewall on the Containers themselves, adding APF might be an easy option - AFAIK its deny_host.rules file allows you to block by CIDR if you want.

Excellent advice from both of you. I try not to ask too much of you...

OK. My firewall will accept CIDR's in this format:

123.0.0.1/23

I've looked and don't find a list

If you're running ASL you can just add those to /etc/asl/blacklist and run service asl-firewall restart

I've been in the hospital so many times Scott that I have never installed ASL. I am struggling to hang on. I have been manually fighting each attack. This is a Plesk 9.3 server but yet I have Plesk 12. I need to rebuild a whole rack of servers. But I can hardly walk. See your PM's.

Check out http://dev.maxmind.com/geoip/geoip2/geo ... databases/ and https://www.countryipblocks.net/country_selection.php

Thank you, Faris. As I mentioned privately to Scott you are amongst the good guys on the internet. You seem always willing to help a rookie, well not so much of a rookie anymore due to your help over the years. But thank you. If I may, God bless you.

Its a shame I'm not closer to you. There's a little matter of the Atlantic Ocean in the way.

I can swim... a little...

Tell you what -- move to Nevada. Then I'll come and stay with you for a bit.

I'm a bit of a Vegas fan. Not for the "sin city" or gambling side of things - I'm not really interested. But I do like everything else the place has to offer, at least for a week or so at a time.