Does your reply improve the conversation in some way?
Be kind to your fellow community members.
Constructive criticism is welcome, but criticize ideas , not people.
Can you ping the git server? Can you trace route to it? … Try mtr and you should get both.
Yes. But perhaps you could whitelist the IP.
this forum is located in Russia btw. maybe you should reconsider posting before THEY get you.
also you probably shouldn’t use tt-rss either because you’re a xenophobic fucktard and i would prefer you not to. that’s just a polite personal request of course.
In all fairness, I block a good chunk of them myself because they’re the number one source of spam and hack attempts on the forums I host for friends, but it’s not a blanket ban. I just ban the worst offenders. Of course I also made sure to whitelist the TT-RSS IP addresses as some of the blocked IPs are owned by the same provider.
… Meanwhile, in Russia, server admins are blocking American IPs because that’s the source of the majority of their hack attempts.
Here’s the thing though: It’s really hard to defend against a targeted attack. Certainly blocking entire countries won’t do much in such a scenario. That leaves bot attacks, which are probably the majority, and most of those are blocked by keeping software up to date and doing the normal server hardening thing.
In conclusion: Stop blocking potentially legitimate traffic because of a bunch of idiots trying to ruin the Internet.
you need to understand that a proper password policy would serve you a lot better in this situation. it doesn’t provide this comfortable false sense of security though.
geoblocking definitely has its uses (i personally wouldn’t rely on it for security) as long you understand its limitations.
the way OP is doing it is particularly harmful however because he doesn’t really know anything about running secure services on the internet and is using geoblocking as a massive crutch because regurgitating mass-media memes about le evil hackers in (countries we don’t like) is a lot easier than thinking for yourself.
in the end, people like that make internet worse for everyone.
A fact my provider hates is that my server is hardened to the point it makes it harder for them to do their jobs if they have to login. I don’t even allow SSH logins except from a severely locked down jump box or from my secondary connection at home that has a static IP address. Personally, when I get to the point I’m actively blocking an IP address they’ve been tagged by fail2ban often enough that that my anti-spam software is starting to flag the notices.
I personally consider IP blocking a last resort measure. Many of the IP blocks on the server hosting my TT-RSS instance are temporary bans placed by fail2ban, and I upped the thresholds required for it to place an initial ban.
I agree with this. Where I can, I have very strict password policies in place. My wife regularly complains about the active directory password policy on our home network. She didn’t like it too well when I told her I’d be glad to relax the password policy when she switches to a more secure OS on her computers.