Author Topic: How to block China traffic? (Read 1851 times)

Domains · « **on:** December 28, 2022, 12:51:41 PM »

Hello,
It seems someone trying to hack my server from China.
I receive more than 30 emails per day with following kind of message in my inbox:

Quote

Time: Tue Dec 27 23:07:47 2022 -0500
IP: 180.125.207.88 (CN/China/-)
Failures: 3 (smtpauth)
Interval: 3600 seconds
Blocked: Permanent Block [LF_SMTPAUTH]

Log entries:

Dec 27 23:07:22 cp postfix/smtpd[53555]: warning: unknown[180.125.207.88]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Dec 27 23:07:30 cp postfix/smtpd[53555]: warning: unknown[180.125.207.88]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Dec 27 23:07:41 cp postfix/smtpd[53555]: warning: unknown[180.125.207.88]: SASL LOGIN authentication failed: UGFzc3dvcmQ6

can you help me how can I get ride of this idiot? He's in china because almost all blocked IPs in firewall come from china .
How can I block all China country in my firewall?

overseer · « **Reply #1 on:** January 31, 2023, 04:15:04 AM »

edit /etc/csf/csf.conf

Code: [Select]

CC_DENY = "BG,CN,KP,RU,NG"(Sorry if it's your country, but this list includes the top 5 hacking countries in my US-based observation.)

Code: [Select]

service csf restart

Control Web Panel

Author Topic: How to block China traffic? (Read 1851 times)

How to block China traffic?

Re: How to block China traffic?