Do You Block Any Countries From Accessing Your Servers? Print

  • 6

Unfortunately, the answer to this question is now "yes." Previously, we had been addressing attempted security breaches by blocking individual IP's or the IP range associated with the group attempting to illegally gain access to the server. However, it has become necessary at this time to block the entire country of China and Russia due to the enormous number of breach attempts coming from that country, usually from government-assigned IP addresses.

At this time, China and Russia are the only area blocked at a country level - other intrusion attempts are blocked by individual IP or range.

We abhor censorship and information restriction; it goes against everything we believe in. However, we also have to make sure our customers' data (as well as our own) is safe and secure. We examined the traffic coming from China, and there was no legitimate website traffic coming into our site or any of our customers' sites. Thus, the decision was made to block China at a country level at this time to prevent unauthorized access attempts.

If you have customers or readers in China or Russia and are concerned, please let us know - we may be able to find a workaround for you, especially if you happen to know the IP addresses your readers are using.

Here is an example of an automated scan looking for vulnerable files:

 

[Tue Jan 24 09:51:45 2012] [error] [client 119.188.7.134] File does not exist: /usr/local/apache/htdocs/mysql

[Tue Jan 24 09:51:45 2012] [error] [client 119.188.7.134] File does not exist: /usr/local/apache/htdocs/phpmyadmin

[Tue Jan 24 09:51:46 2012] [error] [client 119.188.7.134] File does not exist: /usr/local/apache/htdocs/mysqladmin

[Tue Jan 24 09:51:49 2012] [error] [client 119.188.7.134] File does not exist: /usr/local/apache/htdocs/phpMyAdmin

[Tue Jan 24 09:51:49 2012] [error] [client 119.188.7.134] File does not exist: /usr/local/apache/htdocs/phpadmin

[Tue Jan 24 09:51:50 2012] [error] [client 119.188.7.134] File does not exist: /usr/local/apache/htdocs/phpMyAdmin-2

[Tue Jan 24 09:51:51 2012] [error] [client 119.188.7.134] File does not exist: /usr/local/apache/htdocs/php-my-admin

[Tue Jan 24 09:51:51 2012] [error] [client 119.188.7.134] File does not exist: /usr/local/apache/htdocs/phpMyAdmin

[Tue Jan 24 09:51:53 2012] [error] [client 119.188.7.134] File does not exist: /usr/local/apache/htdocs/phpMyAdmin-2.2.3

[Tue Jan 24 09:51:53 2012] [error] [client 119.188.7.134] File does not exist: /usr/local/apache/htdocs/phpMyAdmin-2.2.6

[Tue Jan 24 09:51:54 2012] [error] [client 119.188.7.134] File does not exist: /usr/local/apache/htdocs/phpmyadmin

This portion of the scanner is searching for access to phpMyAdmin or MySQLAdmin, which would (if poorly secured) potentially allow them access to database information. Fortunately, those files don't exist in this location on our servers. Still, because we cannot control whether customers keep all of their installed software and plugins fully up-to-date (outdated software is a very popular way of exploiting security holes,) we are blocking China at this time to maintain a secure environment due to the overwhelming number of attempts from a wide range of IP addresses. The most disconcerting are the ranges belonging to governments.
 
We do not feel it is fair to punish the Chinese or Russian citizens for the actions of their government, and we do not make this decision lightly. We will continue to monitor the situation and revise our policies as needed.
 
You can read more about the Chinese government backing hackers in these articles:
 

Government-backed hacker teams do most China-based data theft

China vs. U.S.: The cyber Cold War is raging

China Is Systematically Hacking U.S. Networks -- And They're Getting Nastier

If you have a VPS or a Dedicated server, you can use your software firewall and ModSecurity to block traffic by country, IP range or individual IP address, as well. We show you how in the article "Blocking Certain IP's, IP Ranges and Countries from Your Server."

 


Was this answer helpful?

« Back

Powered by WHMCompleteSolution