If you're running an e-commerce site, the last thing you want to do is inadvertently prevent legitimate customers from using it. You could set up an IDS to alert you and possibly configure it to auto-block offending source address', but in my experience persistent attacks tend to come from only a couple of countries, which I have consequently blocked with iptables using lists generated from sites like this -> http://www.countryipblocks.net/ but it can become unwieldy if you do it for more than a couple of countries.
Darrin. On Mon, Oct 11, 2010 at 1:29 PM, Ben Donohue <donoh...@goodlets.com> wrote: > Hi all, > > I'm running an ecommerce site and currently I only deal with Australian > shoppers. > > However there are many hacking attempts from non Aussie IP addresses. > > I'm looking at blocking everything that is non-Australian. > > Has anyone done this? Any issues/ gotcha's/ tips/ etc? > > Should I do it at the ISP or iptables? (would need a hand with IP tables) > > I've found geoip, still looking into it. > > -- > Thanks, > Ben Donohue > donoh...@goodlets.com > Goodlets PTY Limited > www.goodlets.com > > -- > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
