Solved

Ban IPs by region on our server

Posted on 2014-01-10
2
440 Views
Last Modified: 2014-01-10
Hello

I have a 2 part question:

1. Is it a good idea to ban IP addresses by region on our server to increase our security? We mainly supply locally in our own country and do not need to be visible everywhere. Only a selected amount of countries. I do see numerous port scans coming from some countries that we would like to permanently limit access.

2. Where can we find these IPs and will it hinder the performance of the website and server if we have these bans in place.

Your comments are appreciated.
0
Comment
Question by:gregnvt
2 Comments
 
LVL 82

Accepted Solution

by:
Dave Baldwin earned 250 total points
Comment Utility
While it might be a good idea, China alone has over 200 non-continuous IP address blocks.  http://www.nirsoft.net/countryip/cn.html  Those are just IPV4 addresses.  I don't have a list for IPV6.

MaxMind has a GeoIP by country database available.  http://www.maxmind.com/en/geolocation_landing   I don't know if it can be used by the server without a program.
0
 
LVL 11

Assisted Solution

by:MajorBigDeal
MajorBigDeal earned 250 total points
Comment Utility
I think that is overkill, likely to create problems and not be effective.  When you see an address misbehaving you could just add it to your hosts.deny file.  That way if you get push back because someone can't get to your website because you have denied their IP, you have a solid, documented reason and explanation.

There is software available (like fail2ban or denyhosts) that can do this for you automatically.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now