[arch-general] HTTP spam from China
Juha Kankare
juhakankare at outlook.com
Tue Feb 26 12:59:47 UTC 2019
On 26/02/2019 14:55, Bjoern Franke via arch-general wrote:
> On 26.02.19 13:40, Juha Kankare via arch-general wrote:
>> I'm getting a lot of connections from China it seems. Whenever I check
>> my journalctl, it's an andless wall of nginx complaints about a single
>> ip spamming requests fro different php files. This happens with hundreds
>> of ip's, and tens of times daily. Has anyone else been hit by this. I
>> already made a shellscript to block all connections from China, but I'm
>> curious as to why this happens, and if anyone else has had the same
>> problem.
>>
> Did you take a look at fail2ban?
>
> https://wiki.archlinux.org/index.php/Fail2ban
>
> Kind Regards
> Bjoern
Ooh. I'm going to have to take a look at this. I'll still keep china
blocked since it's a personal file drop and I don't want my bandwidth
eaten up by malicious connections, but this seems really useful. From a
quick google search this seems to be a fix for the vulnerability scans,
but just in case they find a vulnerable file on the first try, I'll keep
China blocked. There's really no use for me to unblock it since I doubt
I'll be going to China to try and use my file drop.
More information about the arch-general
mailing list