Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IP Addresses from potentially bad locations (Fast Logging)

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 2 Posters 210 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      carrzkiss
      last edited by

      Hello everyone.
      (Running a cluster of IIS Web Servers behind the PFSense)

      I've just finished designing our new Website, Hit Counter.
      From
      2025-04-06 12:22:50.197
      to
      2025-04-06 12:40:09.673
      There have been 156 page hits.
      (I just updated it after finishing this write-up.
      2025-04-06 12:22:50.197
      to
      2025-04-06 13:12:48.083 = 466 hits)

      Looking at the IP Addresses and checking them against
      abuseipdb.com
      There are some pretty bad reports on most of them; some are not listed.

      It seems a lot of them are from Singapore.
      When I first designed the Hit Counter for our coding source site, the majority of traffic came from China and Singapore, but mostly China.

      What would be the best way to handle these types of issues?
      Should I start blocking the bad IP Address or IP Blocks?
      Potentially causing the good IP Addresses to be unable to reach my websites.
      Or should I leave it alone?

      If it is the latter, I will have to add something to my Hit Counter to ignore these types of IP Addresses, or I can have them all put in another database table for crawlers.

      I checked out the [status_graph] and was able to catch them coming in, along with a bunch of other IP Addresses that were not hitting the current website I am working on and monitoring.

      Looking at the webserver log file. One of the IP Addresses is from
      bytedance.com
      Checking abuseipdb.com
      The IP Address belongs to [Amazon Data Services Singapore]
      But Bytedance is the Chinese business that owns TikTok.
      So, it looks like Bytedance is using Amazon.
      Chances are I have links shared via TikTok to my site, which would explain why the traffic is from there. While working on the Coding Source site, I was hit with Facebook, Google, Yahoo, and others, as well as the ones from China and other potentially bad locations, but all addresses are listed on abuseIPDB for one reason or another.
      Even though I have nothing to do with TikTok, it is not something I am interested in.

      What are your suggestions?

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG Offline
        Gertjan @carrzkiss
        last edited by

        @carrzkiss

        One solution could be : pfBlockerng.

        68f36227-c458-498a-a2fb-fd1422db2c5b-image.png

        To use GeoIP, you have to read about GeoIP (see the link and forum posts) and crate an account :

        ae07b67c-01b6-4ac4-9834-103663ad6c13-image.png

        Also have look at what ASN is, and what it can do for you.

        Btw : There are not really bad IPs.
        The whole idea is that your web sites gets visited, and this will happen if something or some one mentions your site somewhere.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        C 1 Reply Last reply Reply Quote 0
        • C Offline
          carrzkiss @Gertjan
          last edited by

          This post is deleted!
          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.