Cory With the developing war we are taking a bigger stance on country blocking for our clients. You can import this expression into your firewall or put into your cloud-flare firewall filters. Copy paste the expression, go to Cloudflare firewall rules/ create a new rule / country blocking/ edit expression / paste and deploy. So to clear this up, if your dealing with intrusions or problems from the current storm that is happening in the internet, this is an easy way to block countries from even accessing your website. The value is keeping your clients safe from ddos and hostile traffic/ malware. Quick Cloudflare video implementation here: https://share.getcloudapp.com/xQuzyA9r (ip.geoip.country eq "BY") or (ip.geoip.country eq "CN") or (ip.geoip.country eq "RU") or (ip.geoip.country eq "RO") or (ip.geoip.country eq "KP") or (ip.geoip.country eq "KR") or (ip.geoip.country eq "HK") or (ip.geoip.country eq "CZ") or (ip.geoip.country eq "UA") or (ip.geoip.country eq "PL") or (ip.geoip.country eq "TW") or (ip.geoip.country eq "EG") or (ip.geoip.country eq "AL") or (ip.geoip.country eq "LV") or (ip.geoip.country eq "TR") or (ip.geoip.country eq "TH") or (ip.geoip.country eq "HR") or (ip.geoip.country eq "ID") or (ip.geoip.country eq "NI") or (ip.geoip.country eq "EC") or (ip.geoip.country eq "PE") or (ip.geoip.country eq "PA") or (ip.geoip.country eq "MT") or (ip.geoip.country eq "SA") or (ip.geoip.country eq "RS") or (ip.geoip.country eq "EE") or (ip.geoip.country eq "KE") or (ip.geoip.country eq "HU") or (ip.geoip.country eq "AE") or (ip.geoip.country eq "SI") or (ip.geoip.country eq "keyword") or (ip.geoip.country eq "SN") or (ip.geoip.country eq "NP") or (ip.geoip.country eq "IN") or (ip.geoip.country eq "BD") or (ip.geoip.country eq "MY") or (ip.geoip.country eq "CH") or (ip.geoip.country eq "PH") or (ip.geoip.country eq "AR") or (ip.geoip.country eq "BA") or (ip.geoip.country eq "NL") or (ip.geoip.country eq "SI") or (ip.geoip.country eq "DO") or (ip.geoip.country eq "JP") or (ip.geoip.country eq "AT") or (ip.geoip.country eq "GR") or (ip.geoip.country eq "DE") or (ip.geoip.country eq "PT") or (ip.geoip.country eq "MX") or (ip.geoip.country eq "DZ") or (ip.geoip.country eq "UZ") or (ip.geoip.country eq "GH") or (ip.geoip.country eq "JM") or (ip.geoip.country eq "DE") or (ip.geoip.country eq "OM") or (ip.geoip.country eq "CL") or (ip.geoip.country eq "MA") or (ip.geoip.country eq "VE") or (ip.geoip.country eq "SK") or (ip.geoip.country eq "LT") or (ip.geoip.country eq "BH") or (ip.geoip.country eq "PK") or (ip.geoip.country eq "IT") or (ip.geoip.country eq "SE") or (ip.geoip.country eq "MN") or (ip.geoip.country eq "BR") or (ip.geoip.country eq "LK") or (ip.geoip.country eq "MM") or (ip.geoip.country eq "AZ") or (ip.geoip.country eq "UY") or (ip.geoip.country eq "AU") or (ip.geoip.country eq "ES") or (ip.geoip.country eq "AU") or (ip.geoip.country eq "BY") or (ip.geoip.country eq "MD") or (ip.geoip.country eq "BY") or (ip.geoip.country eq "RS") or (ip.geoip.country eq "SK") or (ip.geoip.country eq "RO") Screen Recording 2022-02-24 at 01.43.14 PM share.getcloudapp.com Screen Recording 2022-02-24 at 01.43.14 PM Shared with CloudApp 9 ππ½2 π2 π€13 46 π¬π¨π°π
Roger I noticed last night the same Internet Protocol (IP) address and user agents hitting different sites on different servers, which was unusual. Usually they're different groups of hackers, but this was one hacker group apparently doing a massive blast across the Internet. They were rotating from Russian IPs through Swiss and other country IPs. Is there documentation for an increase in hacking activity?
Dixon Β» Roger There's a panic button on Cloudflare. But I do not think blocking every country is very constructive. Nose, face spite cones to mind. I expect Russian hackers have US proxies as well. Roger Β» Dixon I didn't recommend blocking countries in my response. But now that you mention it, I will say that blocking a limited set of countries can be a start and only a start. Done RIGHT, there is very little downside. If one has legit traffic from certain countries AND they opted in to Chrome Core Web Vitals (CWV) spying then it'll impact that. But if you don't have legit traffic from certain countries and that's where a significant amount of hack bots originating, then it's a no-brainer to do a limited country blocking. But long term this can backfire so it's not something I recommend as a long term practice. Yes I know that hackers and scrapers hide behind Virtual Private Network (VPN) and TOR IP address, and they also use cloud servers. Blocking certain countries, done right, is a good start imo, but people need to know it won't solve their problems because there are many cloud hosts who apparently don't monitor for criminals using their cloud services. And btw, I don't block countries, I try to be more granular about blocking. By the way, I checked a couple Internet hack activity maps and Russian and Swiss (cloud hosting) IPs we're the top threat actors for yesterday. I banned them by their browser user agent which was emulating and older version of Chrome. Yeah, yeah whack a mole, but in this case it's probably the Russian government and they're apparently going for scale not precision. They were also probing for Magento vulnerabilities in addition to WP vulnerabilities.
Cory βοΈ Follow up to all of the questions. So far as specific countries being challenged, we did this based on data we were seeing across all of our Cloudflare accounts. We will be lifting Canada and other usual non threatening places when we feel good. Yes vpns exist, yes there are us proxies in use. The point of this post was to give the community a tool to use of you are experiencing issues. Creating a managed challenge is not ""blocking" anything. Apologize for any confusion. Security layers are a good thing when cyber war kicks off.
Mircea Β» Cory Buy wordfence or cloudfare protection and tou are safe. Otherwise this message is racist and purely to put more fear and pressure on the world wide population. I get more attacks from usa based ips than I get from romania, Netherlands, Japan, lol Japan:)) i never faced a single attack from japan or by, or other countries you have here Cory βοΈ Β» Mircea I assure you that is not my intention. Please feel free to not use it. Its a challenge, its not a block. I don't see how that is racist. I am sorry if you feel that way. Mircea Β» Cory I undertand Cory, but think about it, if u start blocking a country no more clients from that. unless u are doing local SEO/stuff, u can block everyones, but if u have a general world wide business, the best way to do is with cloudfaare or wordfence ( even nulled if u don't have money to do it – i don't suggest that, but better if u have no money and than u can buy it after ). The only way i said that comment above, it was just because you said due to the war that is going in east europe. and that has nothing to do with the russia attacks. which will ever ever attack poor people nbusiness. those are rest of the world, good ones attack big companies or govs. and they will face justice at some certain point in their life. but for real 70% of the attacks are from USA ip;s and I cant do any blocks regarding them β’ Cory βοΈ Β» Mircea Buddy…this is a Cloudflare filter suggestion…like literally. Wordfence runs parallel to this as a Content Management System (cms) firewall. They work together on different security levels. Mircea Β» Cory I understand, and thank you for your time and trying to help, I am sorry i said u are probably racist. you just tried to help with the information you shared, probably didn't made the impact you thought it would be, but if some guys need it, they can do it. π sorry if my english is not good and i wasnt able to express my self better Cory βοΈ absolutely NO WORRIES! π I hope you can use the information to help your team if its applicable.
