[Release] Configuration Rule for banned noisy host ( bot attack )

[IvonaDP]

Today I would like to share my protection webserver , its effective block bot attack .
this rule banlist are from my experience running the live server up for 6 month .
I made block list subnet and ASN name by collecting the IP log from my appserver log in this 6 month running the private server.

Guide for use firewall subnet block :
1.open the firewall
2.click new rule
3.chose rule custom
4.chose all progam
5.click next
6.in Scope section at which remote IP address does this rule apply ( input the ip from my file subnet ip banlist
7.click next chose block connection


Guide for use ASN banlist in cloudflare
1.at security menu chose tools
2.input the ASN then chose action block then set zone all website in account

preview rule set firewall at server and the block atk result

link download

You must be registered to see links

this rule are suitable for those who host server in Indonesia dedicated data centre and Philipines dedicated data centre Only . You may can use singapore dedicated data centre .
if you want to use it at VPS , make sure check your VPS IP are not including at subnet rule ban list firewall.

noted :
1.most of known vps provider are blocked in ASN and subnet IP due their IP are attacking the server .
2.these subnet firewall fule are banned ip from ISP Provider that from country rusia , china , korea , hongkong , taiwan , vietnam , brazil , germany , singapore and some less noisy host country .
3.in order to protect your uptime main website , you may need to create a cdn that hosted at other webhosting . ( like this example : yourdomain.com hosted at main webhosting , then cdn.yourdomain.com hosted at other webhosting then the last are static.yourdomain.com hosted at your dedicated server ) in order to do that you may need use wildcard ssl certificate from sectigo and other ssl provider / you can free instal the ssl use cloudflare ssl origin server ssl .
4.set the cloudflare SSL setting full strict at cloudflare

optional ( at noted number 3 you can also use 3 domain name instead use 1 domain name ) my self use 3 domain name . if use 3 domain the ssl just need single domain ssl certificare for the 3 domain name that be use .

for my experience if using 1 domain name then make sub domain for cdn and make static sub domain for dedicated server , the bot are more aggresive attacking the cdn and static sub domain if the bot are smart .

You dont need buy expensive domain with .com extension for 2 domain that for cdn and for dedicated server , you can buy cheap one domain .my.id for 1 usd / year

If you run your main website rf use wordpress , you need protect the wp admin login .
to make you able to login to your site again just disable the page rules for a while , then after you done post the new event or news just enable the page rules again .

for the guide look at the picture

Then add WAF rule at security code to block xmlrpc.php
For the guide look at this picture

 

[rohjaleh]

Nice Share Sensei

 

[IvonaDP]

Nice Share Sensei

ur welcome , btw the rule are updated daily at 12.00 GMT +7 .
The subnet banlist and asn banlist update are easy , just search which ip and asn that you add for the last time you add .
if you already find the last subnet / asn , then just add the next line to the subnet banlist firewall rule and asn ban rule at cloudflare .
the link download are always same but the file subnet banlist and ASN banlist are up to date to latest version at around during lunch time everyday .

 

[dokter]

nice info mastah, gak pelit ilmu kyak yg lain :laugh: