On 26/02/2019 14:55, Bjoern Franke via arch-general wrote:
On 26.02.19 13:40, Juha Kankare via arch-general wrote:
I'm getting a lot of connections from China it seems. Whenever I check my journalctl, it's an andless wall of nginx complaints about a single ip spamming requests fro different php files. This happens with hundreds of ip's, and tens of times daily. Has anyone else been hit by this. I already made a shellscript to block all connections from China, but I'm curious as to why this happens, and if anyone else has had the same problem.
Did you take a look at fail2ban?
Kind Regards Bjoern
Ooh. I'm going to have to take a look at this. I'll still keep china blocked since it's a personal file drop and I don't want my bandwidth eaten up by malicious connections, but this seems really useful. From a quick google search this seems to be a fix for the vulnerability scans, but just in case they find a vulnerable file on the first try, I'll keep China blocked. There's really no use for me to unblock it since I doubt I'll be going to China to try and use my file drop.