I "solved" this by adding a fail2ban rule for everyone accessing specific commit... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		mqus 3 days ago \| parent \| context \| favorite \| on: End of an era for me: no more self-hosted git I "solved" this by adding a fail2ban rule for everyone accessing specific commits (no one does that 3 times in a row) and then blocking the following ASs completely (just too many IPs coming from those, feel free to look them up yourself): 136907 23724 9808 4808 37963 45102. And after that: sweet silence. How to block ASs? Just write a small script that queries all of their subnets once (even if it changes, its not so much to have an impact) and add them to a nft set (nft will take care of aggregating these into continouus blocks). Then just make nft reject requests from this set.

		help

jacquesm 3 days ago [–]

- 136907 Huawei

- 23724 China Telco

- 9808 China Mobile

- 4808 China Unicom

- 37963 Alibaba

- 45102 Alibaba tech

You may want to add this list as well:

https://docs.aws.amazon.com/vpc/latest/userguide/aws-ip-rang...

mqus 1 day ago | [–]

In fact, I did not have any significant traffic coming from AWS, Azure, GCP, or any of the other big cloud providers. Its only the chinese ones.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact