Well i got sick to death of Chinese script kiddies trying to brute force stuff, i also go sick to death of baidu hammering the living fuck out of the server. I don’t have many Chinese readers (even less now) and i suspect the great firewall of china has taken a dim view of SWAT for a while. So i thought fuck it, I’ll just block the whole country until the fuckers that own the IP ranges can keep there abusive systems under control.

To do this i needed two things, firstly a range of Chinese IP addresses. I found them here https://www.xmyip.com/ip-addresses/china

the range on there actually covers a lot of Asia but since Cambodia and Thailand don’t really give me much stick i just extracted china.

So i ssh’d into the server as root and armed with my copied list of IP addresses i pasted them into a file called “china_hosts.rules” on the server in the /root

nano china_hosts.rules
hit the middle mouse button, saved the file and exited.

Next up create a bash script called block-china.sh and pasted in this code:

for i in `cat /root/china_hosts.rules|grep -v "#"`
do
ADDR=$i
/sbin/iptables -t filter -I INPUT -s $ADDR -j DROP
/sbin/iptables -t filter -I OUTPUT -s $ADDR -j DROP
/sbin/iptables -t filter -I FORWARD -s $ADDR -j DROP
/sbin/iptables -t filter -I INPUT -d $ADDR -j REJECT
/sbin/iptables -t filter -I OUTPUT -d $ADDR -j REJECT
/sbin/iptables -t filter -I FORWARD -d $ADDR -j REJECT
echo "Block ALL INPUT from " $ADDR " net DROPPED."
done

then a simple
bash ./block-china.sh

Hey presto, China blocked.

We’ll keep an eye on the logs for the next while and see who the next offenders are.