Is this an attack or a normal request?

lists lists at lazygranch.com
Tue Aug 25 02:51:08 UTC 2020


My VPS is on digital Ocean. Oh and I block them too. And Linode. I am an equal opportunity blocker.

Google is a little tricky to find the IP space. Remember you don't want to block Google search. In fact you should create an account with Google to help them find your website. The suggested method is to get the IP space from their SPF.

https://support.symphony.com/hc/en-us/articles/360029563832-Obtaining-GCP-IP-ranges-to-enable-proxy-and-firewall-configuration

AWS has a json scheme to document their space.
https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html

I don't  block complete ASNs. Sometimes there are corporate accounts there. They have eyeballs. bgp.he.net will get just the entity that is doing the hacking.

Bulletproof hoster:
https://www.hetzner.com/



  Original Message  


From: SPAM_TRAP_gmane at jonz.net
Sent: August 24, 2020 6:55 PM
To: nginx at nginx.org
Reply-to: nginx at nginx.org
Subject: Re: Is this an attack or a normal request?


On Mon, 24 Aug 2020 11:54:35 -0700, lists wrote:

<-snip->

> At a minimum I suggest blocking all Amazon AWS. No eyeballs there,
> just hackers. Also block all of OVH.

Great suggestions.  Also, block all of Digital Sewer ... err Digital Ocean.

Once you catch a bad actor IP, and if you want to block the entire network,
drop the ASN from a `whois` of the bad actor IP into

https://enjen.net/asn-blocklist/index.php


May the mask be with you,
Jonesy
--
  Marvin L Jones    | Marvin      | W3DHJ.net  | linux
   38.238N 104.547W |  @ jonz.net | Jonesy     |  FreeBSD
    * Killfiling google & XXXXbanter.com: jonz.net/ng.htm

_______________________________________________
nginx mailing list
nginx at nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx


More information about the nginx mailing list