tmccaffe wrote:well if you dont sell to a certain country than just block those ip's example I block China, Iran, Russia, Africa to name a few
Also you need to block hosts entire ASN ranges since your server will never need to talk to another server. Blocking a country is one thing for ISP level users, but most of the abuse comes from servers.
Our APF blocklist (ASN's were recently purged):
https://src.creadev.org/apps/apf/deny_hosts.rules
Blocks:
AS4134 ChinaNet
AS4837 China Unicom Backbone
AS4538 China Education and Research Network Center
AS9808 Guangdong Mobile Com
AS9394 China TieTong Telecommunications Corporation
AS49120 Gorset Ltd
AS44387 PE Radashevsky Sergiy Oleksandrovich
AS47142 PP Andrey Kiselev
AS15895 Kyivstar PJSC
AS50915 S.C. Everhost S.R.L.
AS9829 National Internet Backbone
AS17974 PT Telekomunikasi Indonesia
AS26347 Dream Network LLC
AS43350 NFOrce Entertainment BV
AS63008 Contina
AS53264 Continuum Data Centers, LLC.
AS36352 ColoCrossing
AS16276 OVH SAS
AS57858 Fiber Grid OU
AS53889 Micfo
AS62904 Eonix Corporation 1
AS30693 Eonix Corporation 2
AS55286 B2 Net Solutions Inc.
AS18978 Enzu Inc
AS15003 Nobis Tech Group
AS29761 Quadranet