On 26/02/2019 14:55, Bjoern Franke via arch-general wrote: > On 26.02.19 13:40, Juha Kankare via arch-general wrote: >> I'm getting a lot of connections from China it seems. Whenever I check >> my journalctl, it's an andless wall of nginx complaints about a single >> ip spamming requests fro different php files. This happens with hundreds >> of ip's, and tens of times daily. Has anyone else been hit by this. I >> already made a shellscript to block all connections from China, but I'm >> curious as to why this happens, and if anyone else has had the same >> problem. >> > Did you take a look at fail2ban? > > https://wiki.archlinux.org/index.php/Fail2ban > > Kind Regards > Bjoern Ooh. I'm going to have to take a look at this. I'll still keep china blocked since it's a personal file drop and I don't want my bandwidth eaten up by malicious connections, but this seems really useful. From a quick google search this seems to be a fix for the vulnerability scans, but just in case they find a vulnerable file on the first try, I'll keep China blocked. There's really no use for me to unblock it since I doubt I'll be going to China to try and use my file drop.
