[Aachen]

The startup I work for hasn't ever had issues with any of the things you mentioned. What line of business is this, do you sell weapons to Ukraine or some such?

> absolutely first thing I do at every company and on every project is ask if I can [block various countries]

For side projects?! Blows my mind. This feels like the 2020s version of what used to be in chain emails "don't pick up this phone number or they'll eat your dog". People believe it because it works. They don't pick up the number and their dog wasn't eaten. Doesn't harm them, only the person who owns the number. Better be safe. Use ddos protection (it's free!) and centralize the world's traffic for your hobby website, don't trust your ISP that has a known profit model but rather pay for an additional VPN that promises not to work with law enforcement because that's obviously not shady, similar for using DoH from cloudflare (thanks mozilla for making that the default), etc. The Internet is becoming such a weird place.

I get annoyed when people block Tor, but at least that's somewhat understandable as there is no concept of abuse email addresses to reach out to. Blocking not just ISPs that don't play nice, but an entire country? Multiple? As the first thing you do, before a problem exists? In-sane.

[realistik1]

> The startup I work for hasn't ever had issues with any of the things you mentioned. What line of business is this, do you sell weapons to Ukraine or some such?

Well, not directly,but this is the first time I was morally willing to work in parallel to the defense industry.

My previous startups were fintech. The customer I had who was attacked by China was Slideshare. Ultimately they bent over for China, and blocked them for a year.

Setup an IPS on a server exposed to the net. Record all attacks for a month, then look up the IP addresses, then you will understand.

I worked in network security at banks for a decade, really Russia and China are responsible for millions of attacks against westerm infrastrucuture in this century causing $10s of billions of damage. It is war.

I’ve been in the industry for over 30 years and I’ve seem some shit. Russia once took Estonia offlone for over a month.

Cloudflare and every other CDN understand that China and Russia is a liability, thats wht they make it easy to null route them.

[lxgr]

> I’ve been in the industry for over 30 years and I’ve seem some shit.

Then maybe you should reevaluate your cold war attitude on network security.

I hope your sites/companies/projects never get attacked by a hacker from an "evil" country that goes through the absolute minimum effort of tunneling through a VPN or botnet in the US...

[from]

> Setup an IPS on a server exposed to the net. Record all attacks for a month, then look up the IP addresses, then you will understand.

These "attacks" are automated scanners trying a bunch of SSH/Telnet credentials and five year old Netgear CVEs. Why are you worried about these? If you are vulnerable to them you have a serious problem because someone will try them from a BuyVM or Ecatel machine that is Western but more lenient towards scanning and then you will be compromised.

[batter]

I've seen similar stuff in Publishing (news) and another big (popular) company at that time. Yes, Ru/Cn are not the only one, but if you work in security this is just one problem less to solve if you have those banned.

[favaq]

Lots of garbage traffic comes from countries such as Russia, China, India, Brazil, etc and if you don't intend to sell anything to them it makes sense to just block them.

If you wrote your website in some shitty language and you need lots of server power just to serve the home page you will end up saving a lot of money from blocking those countries.

[lxgr]

If you don't care about your paying customers ever traveling there and still wanting to use your service (or at least be able to unsubscribe from it without doing a chargeback), sure.

As a customer, I try to avoid any company that considers "blocking the bad countries" a reasonable security posture. If nothing else, it's usually indicative of other irrational and frustrating decisions that might hurt me later.

[fredoliveira]

> If you wrote your website in some shitty language and you need lots of server power just to serve the home page you will end up saving a lot of money from blocking those countries.

At that point, might as well rethink the engineering happening at your company well before considering blocking countries' IP spaces, no?

[eru]

You can do both.

As a cold business decision, just as it makes sense to fire customers who are more hassle than they are worth, it's also makes sense to block prospective customers who are more hassle than they are worth.

Of course, if you engineering is better, you can pick a different false-positive vs false negative trade-off.

[aliqot]

how dare you besmirch react on hn

edit: i'll say it again too, test me.

[illiac786]

It’s all a cost/benefit ratio. Even if the most efficient language is used, given a sufficient number of requests, it might make sense to block them no?