undefined | Better HN

0 pointsneilv1y ago0 comments

Is there a public list of those address blocks, which you'd recommend?

0 comments

epc1y ago

Not that I know of, but each service seems to publish a list (some in text, some JSON). I’ll reply later with the URLs of the ones I have.

epc1y ago

This is what I have, see another reply for shared IP lists:

  https://ip-ranges.amazonaws.com/ip-ranges.json

  https://www.digitalocean.com/geo/google.csv
  
  https://www.gstatic.com/ipranges/cloud.json

epc1y ago

I also found this but haven't validated it yet: https://github.com/femueller/cloud-ip-ranges

There are lists, e.g.

Set up a honeypot, or more like a booby trap, and boldly ban all IPs that access it.

Then you can consider banning OVH, DO, AWS, GCP, Oracle, China, Russia.

neilvOP1y ago

Honeypot is a good idea, but not for my immediate little one-server Web site startup.

On blocking country address ranges, my idealist side hopes that doesn't prove necessary. I personally know nice people in both of those countries.

It's just an inevitability due to poor abuse handling (or lack thereof) in those countries.

Some people might be nice but it's a minuscule part of the absolute flood of malicious traffic originating from those countries.

If people in those countries do not like such treatment, I'm so sorry, but they should force their ISPs to clean up their act. It's insane.

j / k navigate · click thread line to collapse

epc1y ago

Not that I know of, but each service seems to publish a list (some in text, some JSON). I’ll reply later with the URLs of the ones I have.

epc1y ago

This is what I have, see another reply for shared IP lists:

  https://ip-ranges.amazonaws.com/ip-ranges.json

  https://www.digitalocean.com/geo/google.csv
  
  https://www.gstatic.com/ipranges/cloud.json

epc1y ago

I also found this but haven't validated it yet: https://github.com/femueller/cloud-ip-ranges

There are lists, e.g.

Set up a honeypot, or more like a booby trap, and boldly ban all IPs that access it.

Then you can consider banning OVH, DO, AWS, GCP, Oracle, China, Russia.

neilvOP1y ago

Honeypot is a good idea, but not for my immediate little one-server Web site startup.

On blocking country address ranges, my idealist side hopes that doesn't prove necessary. I personally know nice people in both of those countries.

It's just an inevitability due to poor abuse handling (or lack thereof) in those countries.

Some people might be nice but it's a minuscule part of the absolute flood of malicious traffic originating from those countries.

If people in those countries do not like such treatment, I'm so sorry, but they should force their ISPs to clean up their act. It's insane.

j / k navigate · click thread line to collapse