Author Topic: How to block China traffic?  (Read 1884 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
How to block China traffic?
« on: December 28, 2022, 12:51:41 PM »
Hello,
It seems someone trying to hack my server from China.
I receive more than 30 emails per day with following kind of message in my inbox:
Quote
Time:     Tue Dec 27 23:07:47 2022 -0500
IP:       180.125.207.88 (CN/China/-)
Failures: 3 (smtpauth)
Interval: 3600 seconds
Blocked:  Permanent Block [LF_SMTPAUTH]

Log entries:

Dec 27 23:07:22 cp postfix/smtpd[53555]: warning: unknown[180.125.207.88]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Dec 27 23:07:30 cp postfix/smtpd[53555]: warning: unknown[180.125.207.88]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Dec 27 23:07:41 cp postfix/smtpd[53555]: warning: unknown[180.125.207.88]: SASL LOGIN authentication failed: UGFzc3dvcmQ6

can you help me how can I get ride of this idiot? He's in china because almost all blocked IPs in firewall come from china .
How can I block all China country in my firewall?

Offline
*****
Re: How to block China traffic?
« Reply #1 on: January 31, 2023, 04:15:04 AM »
edit /etc/csf/csf.conf
Code: [Select]
CC_DENY = "BG,CN,KP,RU,NG"(Sorry if it's your country, but this list includes the top 5 hacking countries in my US-based observation.)
Code: [Select]
service csf restart