Firewall with Country Block

Hello,

I'm new to WS forums so first Hello I'm Alex .
Getting to the point... I recently got an INTEL NUC and decided to transform it into a webserver. I've installed Windows 8.1 to it , Apahce, MySQL, PHP and Windows SSH fro Bitvise. No the issues...I've noticed that many IPs from China are constantly trying to login to my SSH server on Port 22 , it's like 5-10 different IPs per hour all from China. Does anyone know how to block la incoming traffic to my little NUC that comes from China?

Many thanks for reading this!

 

http://serverfault.com/questions/22...-to-block-all-traffic-from-a-specific-country

 

If the firewall is ON whats the problem.
Log in attempts happen from many countries.I am seeing China ,but also Russia and USA ,or Netherlands and Baltic states.As long as the firewall works it s ok.
No real need to block huge amount of IP ranges and loose performance.
If some one really wants to get in deliberately it may find a way.

 

Online Armor has block by country. You could give it a try, and see if you like it. Just backup your machine before installing it in case you have any problems.

 

Disregard my last post. Online Armor is not compatible with Windows 8.1

 

Basically, you need to create firewall-rules that block all Chinese IP-ranges .
Or you can use IP-blocker software like 'PeerBlock' .
There are lists of all known Chinese-assigned IP-ranges available on the net, fex here :
https://www.iblocklist.com/lists.php?category=country

A few commercial firewalls support such lists directly, 'Outpost Pro' being one of them .
But with most commercial windows-firewalls you will have to create the rules manually,
that's why I also mention 'PeerBlock' ..

 

A few thoughts...

If your server's existence becomes public knowledge in an easily harvestable form... through domain registration records, your domain showing up in email addresses, posting links to your webserver, etc... your server will likely be probed much more frequently. Edit: Including by search engines like Shodan. Where you can, it is arguably best to block crawlers.

If your intended usage allows for it, you could configure your server software to listen on alternate ports rather than the well-known ones. If you choose to do this, do a bit of searching to make sure the ports you intend to use aren't ones that have been used by malware and thus also a frequent target of connection attempts.

If your usage pattern is well defined, you could could consider a deny all, allow selective approach. Whereby you block all client IP Address ranges except those you know you will be using.

There are various sources of information for country/region IP Address assignment. Which could be used for blocking, or allowing, as you see fit. I don't know which is more accurate, but one that comes to mind is https://www.countryipblocks.net and it has some free (less frequently updated) info under Access Control Lists.

There are other approaches... log file scanners that automatically update firewall rules to block offensive IP addresses/ranges, more elaborate intrusion detection systems, port knocking and somewhat similar approaches, etc.

If you are getting hit from one country, you'll get hit from others too. So you might want to focus on broadly useful approaches and of course strong authentication mechanisms. Which could include public key and/or client certificate based mechanisms.

 

Off topic post of mine, but where did you get that info?

 

I remembered someone reporting that OA was not working on Windows 8.1 at the Emsisoft forum, and I thought I remembered someone from Emsisoft recently saying it was not compatible with 8.1. Do not quote me on this. This made me go to the Online Armor download page to check for myself. Online Armor is listed as being compatible with Windows 8, but 8.1 is not listed. http://www.emsisoft.com/en/software/oa/