Over the years, I have found that most spam traffic comes from outside the United States. My websites are meant for English-speaking, Western Hemisphere type people, so why leave my server open to the rest of the world? Since I don’t care about traffic from outside the US, we have made the decision to block access to our servers from all network blocks that are allocated to foreign countries.
Here is a list of IP blocks that can safely be blocked from accessing your server(s). This list is not all-inclusive, but includes many of the “Problem countries” including China, Turkey, Romania, Denmark, Russia, etc.
I use the linux program IPTables (/sbin/iptables) to block these network blocks. It’s as simple as copying the following IP addresses to a file on your server (I call mine ‘iptables.rules’ and running a short ‘for’ loop to read in all the entries. Once you have read them in, you can save them to your iptables configuration (on redhat-ish systems) by using the command iptables-save then run the command ‘chkconfig iptables on’ to make it so that your new iptables config will start up the next time your server is booted (and every time, thereafter).
More information about iptables can be found at the following link:
Run this loop to read in all the IPs below into your iptables configuration:
for line in `grep -v N iptables.rules`; do /sbin/iptables -A INPUT -s $line -m state --state NEW -j DROP; done ## Alternatively, here it is as a script: #!/bin/bash for line in `grep -v N iptables.rules` do /sbin/iptables -A INPUT -s $line -m state --state NEW -j DROP done
Input file “iptables.rules”:
N Filename iptables.rules N Russia .ru 188.8.131.52/8 N RIPE.NET (Europe, the Middle East and parts of Central Asia) 184.108.40.206/8 220.127.116.11/8 18.104.22.168/8 22.214.171.124/8 126.96.36.199/8 188.8.131.52/8 184.108.40.206/8 220.127.116.11/8 18.104.22.168/8 22.214.171.124/8 126.96.36.199/8 188.8.131.52/8 184.108.40.206/8 220.127.116.11/8 18.104.22.168/8 22.214.171.124/8 126.96.36.199/8 188.8.131.52/8 184.108.40.206/8 220.127.116.11/8 18.104.22.168/8 22.214.171.124/8 N APNIC (Asian Pacific Network Information Center) 126.96.36.199/8 188.8.131.52/8 184.108.40.206/8 220.127.116.11/8 18.104.22.168/8 22.214.171.124/8 126.96.36.199/8 188.8.131.52/8 184.108.40.206/8 220.127.116.11/8 18.104.22.168/8 22.214.171.124/8 126.96.36.199/8 188.8.131.52/8 184.108.40.206/8 220.127.116.11/8 18.104.22.168/8 22.214.171.124/8 126.96.36.199/8 188.8.131.52/8 184.108.40.206/8 220.127.116.11/8 18.104.22.168/8 22.214.171.124/8 N End APNIC Addresses N LACNIC (Latin American and Caribbean Network Information Center) 126.96.36.199/8 188.8.131.52/8 184.108.40.206/8 220.127.116.11/8 N End LACNIC N Add .EU here? N duesentrieb.kunst.uni-frankfurt.de 18.104.22.168/8 N end .EU 22.214.171.124/8 126.96.36.199/8
Additionally, here is a link to all currently assigned IPv4 IP blocks throughout the world, as promulgated by IANA (Internet Assigned Numbers Authority).
There is another way to block IPs using .htaccess on your apache webserver. I have to do some digging to get that worked out and I plan to post more info about that at a later date.
To use the IPTables method, you must have root access on your server… a Virtual Private Server (VPS) or a dedicated server. The great thing about using IPTables instead of .htaccess is that IPTables blocks access to all of your server processes…mysql, sendmail (smtp), apache (http), SSH, etc. Using the .htaccess method only blocks access to your http server and leaves the rest open to attack.
Please post any questions or comments that you have and I’ll try to answer them.