Well i got sick to death of Chinese script kiddies trying to brute force stuff, i also go sick to death of baidu hammering the living fuck out of the server. I don’t have many Chinese readers (even less now) and i suspect the great firewall of china has taken a dim view of SWAT for a while. So i thought fuck it, I’ll just block the whole country until the fuckers that own the IP ranges can keep there abusive systems under control.
To do this i needed two things, firstly a range of Chinese IP addresses. I found them here http://www.wizcrafts.net/chinese-iptables-blocklist.html
the range on there actually covers a lot of Asia but since Cambodia and Thailand don’t really give me much stick i just extracted china.
So i ssh’d into the server as root and armed with my copied list of IP addresses i pasted them into a file called “china_hosts.rules” on the server in the /root
hit the middle mouse button, saved the file and exited.
Next up create a bash script called block-china.sh and pasted in this code:
for i in `cat /root/china_hosts.rules|grep -v "#"`
/sbin/iptables -t filter -I INPUT -s $ADDR -j DROP
/sbin/iptables -t filter -I OUTPUT -s $ADDR -j DROP
/sbin/iptables -t filter -I FORWARD -s $ADDR -j DROP
/sbin/iptables -t filter -I INPUT -d $ADDR -j REJECT
/sbin/iptables -t filter -I OUTPUT -d $ADDR -j REJECT
/sbin/iptables -t filter -I FORWARD -d $ADDR -j REJECT
echo "Block ALL INPUT from " $ADDR " net DROPPED."
then a simple
Hey presto, China blocked.
We’ll keep an eye on the logs for the next while and see who the next offenders are.