20i Reseller Hosting

IP Range Blocking Clouds

Discussion in 'Scripts and Coding' started by Skinner, Nov 14, 2016.

  1. Skinner

    Skinner Well-Known Member

    Joined:
    Jul 2008
    Posts:
    4,658
    Likes Received:
    136
    Is there any reason I shouldn't block cloud hosting IP ranges ?

    I've had consistent intrusion attempts 99% of the time to WordPress installs, but the odd one to FTP, and almost without exception its come from either AmazonAWS or similar. Obviously someone is hosting scripts on these, and as far as I'm aware no actual real users would have these IPs, so no reason not to block them.

    I intend on blocking whole ranges like 54.*.*.*. This particular range has been consistent now, I use the Failed Login plugin, which blocks from 60 minutes to 600 minutes, as soon as the block expires, bam its back again. This tells me its not just randomly hunting its a concerted attack.

    I'm also going to add another layer to wordpress which I removed because it limits my access. I'm only going to allow access to wp-admin from certain IP ranges i.e. my ISP/MobileISP everyone else is blocked.
     
  2. Domain Forum

    Acorn Domains Elite Member

    Joined:
    1999
    Messages:
    Many
    Likes Received:
    Lots
    articles.co.uk
     
  3. Adam H

    Adam H Well-Known Member Exclusive Member

    Joined:
    May 2014
    Posts:
    1,611
    Likes Received:
    219
    If you don't use services which are hosted on AmazonAWS then it will be fine but not something I would recommend. You'd probably be surprised the amount of things use AmazonAWS. For example if your server has a cpanel addon or addition installed ( Just an example ) which downloads updates from Amazon (very common) you maybe blocking those updates. There are huge amounts of cloud bases platforms that use it .

    Have you done the normal things such as changing your SSH port to something random and not keeping it as 22 ( this would probably surprise you as to how much less your server gets hit with that alone ) if your getting hit alot it can also improve time to byte too because it doesn't have to deal with loads of crap .

    In regards to Wordpress, install "Wordfence" , install "rename wp-admin" and then tell wordfence to block too xx amount of 404 hits in so many seconds ( obviously be careful with that, if your site contains 404's you could be blocking real visitors ). You can also tell wordfence to block visitors/bots searching for known vulnerabilities which takes alot of load off.
     
  4. RobM

    RobM Retired Member

    Joined:
    Mar 2012
    Posts:
    3,289
    Likes Received:
    469
    I refuse to host wordpress installations for customers because of it's many vulnerabilities. That may not be an option for you so make sure you've moved your ssh and smtp ports, don't have wp-admin directories called wp-admin, if you're using cpanel make sure cphulk is enabled, check and modify your IP tables as needed, limit outgoing mail, there are so many things needed to do to secure a server but this helps.
     
  5. Skinner

    Skinner Well-Known Member

    Joined:
    Jul 2008
    Posts:
    4,658
    Likes Received:
    136
    I removed WordFence after it caused a bunch of loading issues, I couldn't narrow down which plugins or config the issue were with. I have since done fresh installs, so I could give that a try again.

    On servers I have control of, I have changed most ports, on shared platforms I don't have a lot of options there. I always use complex passwords like "9@5$V\/0rD" so theres no risk of actually getting the password, but I always kind of think, any sort of softspot is asking for a closer look, so want to harden up.

    I didn't even think of moving wp-admin, should have been top my list.
     
  6. Skinner

    Skinner Well-Known Member

    Joined:
    Jul 2008
    Posts:
    4,658
    Likes Received:
    136
    Just in case its any use to anyone else...

    <Files wp-login.php>
    order deny,allow
    Allow from 1.*.*.*
    deny from all
    </Files>

    set the 1.*.*.* to your ISPs range, mine uses like 1.2.*.* where the last 2 blocks change, so customise as needed. This means only IP's within the range you allow can access the wp-login or you can set it to wp-admin or anywhere else.

    Useful bit of code not nightmare if you travel or use your phone, my mobile IP covers about 8 different blocks :/