Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: legg Newsgroups: sci.electronics.design Subject: Re: Chinese downloads overloading my website Date: Mon, 11 Mar 2024 10:40:16 -0400 Organization: A noiseless patient Spider Lines: 103 Message-ID: References: <7qujui58fjds1isls4ohpcnp5d7dt20ggk@4ax.com> <6lekuihu1heui4th3ogtnqk9ph8msobmj3@4ax.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Injection-Info: dont-email.me; posting-host="4bf5ccac6bd891d8f3c037dd4188dedd"; logging-data="3857246"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX182d/kOvDAZlwelg6p2eDM1" Cancel-Lock: sha1:1k8yh8FFPeDY6QGon7WM/Sl+Wko= X-Newsreader: Forte Agent 4.2/32.1118 Bytes: 3986 On Mon, 11 Mar 2024 09:53:44 GMT, Jan Panteltje wrote: >On a sunny day (Mon, 11 Mar 2024 06:43:34 -0000 (UTC)) it happened jim whitby > wrote in : > >>You may find the file: >> >>/etc/hosts.deny >> >>useful in this case, you can block by name(s) or ip(s). >>Man hosts,deny >>for more info > >I wrote a small script years ago using Linux iptables to reject bad IP adresses. > >raspberrypi: ~ # cat /usr/local/sbin_pi_95/ireject ># this is called to add a input deny for an IP addres to ipchains, ># and save the configuration. > >if [ "$1" = "" ] >then > echo "Usage: reject IP_address" > exit 1 >fi > ># OLD ipchains >##ipchains -A input -s $1 -l -j REJECT >#ipchains -L >##ipchains-save > /root/firewall >##echo "reject: ipchains configuration written to /root/firewall" > >#iptables -A INPUT -s $1 -p all -j REJECT >#iptables -A INPUT -s $1 -p all -j DROP > >echo "executing iptables -A INPUT -s $1 -p all -j DROP" >iptables -A INPUT -s $1 -p all -j DROP > >echo "executing iptables -A OUTPUT -s $1 -p all -j REJECT" >iptables -A OUTPUT -s $1 -p all -j REJECT > >iptables-save > /root/firewall2 > >exit 0 > >Therr is an other one 'load_firewall somewhere. >raspberrypi: ~ # cat /usr/local/sbin_pi_95/load-firewall >iptables -F >#/sbin/ipchains-restore < /root/firewall >/sbin/iptables-restore < /root/firewall2 > > > >There were many many entries in /root/firewall back then, daily work to keep track of attacks. >Now I am on a dynamic IP address and the website is handled by a company, >saves a lot of time. > >Things evolve all the time, iptables sets this Raspberry Pi with 8 GB memory as router too, >runs with a Huawei 4G USB stick with IP 192.168.8.100 for net connection, anywhere in Europe I think, >an other script: > >raspberrypi: # cat /usr/local/sbin/start_4g_router >#!/usr//bin/bash > >iptables -F > >route add -net 192.168.0.0/16 dev eth0 > >echo 1 >/proc/sys/net/ipv4/ip_forward > >iptables -t nat -A POSTROUTING ! -d 192.168.0.0/16 -o eth1 -j SNAT --to-source 192.168.8.100 >sleep 1 > >ifconfig eth0 down >sleep 1 > >ifconfig eth0 192.168.178.1 up >sleep 1 > >vnstat -i eth1 -s >sleep 1 > ># default is set to 192.168.8.1, using 8.8.8.8 and 8.8.4.4 google name server lookup >cp /etc/resolv.conf.GOOGLE /etc/resolv.conf >sleep 1 > ># reduce swapping >sysctl vm.swappiness=5 > >echo "ready" > > >There is more, but then again, things change over time too. Blocking a single IP hasn't worked for my ISP. Each identical 17G download block (262 visits)was by a new IP in a completely different location/region. Beijing, Hearbin, Henan, a mobile and a fifth, so far untraced due to suspension of my site. RL