Hoster should “block” protect in basic against DDOS on their network segments if a good one, for DNS DDOS you have also more external DNS service providers then only cloudflare.
You can block countries without an external service by downloading the ip ranges.
ipdeny has them available. Download ip blocks for all countries:
wget http://www.ipdeny.com/ipblocks/data/countries/all-zones.tar.gz
tar -vxzf all-zones.tar.gz
To add for example china to a firewalld ipset:
firewall-cmd --permanent --ipset=blacklist --add-entries-from-file=./cn.zone
Restart fail2ban and you’re done.
1 Like
@janderk thank you so much.
this is exactly what I was looking for.
I just wondering why Virtualmin don’t have this option to block countries ?!
I am almost sure that cPanel has this options.
Thanks once again for this solution.
1 Like
@jotst
I think this is solution for all of my problems not only about attacks 
“Disconectt all cables of the box , put it in a bunker go to sleep on the box yourself there and your site…”
1 Like
To be fair to others: there are a lot of admins who panic due to a couple of hundred ips sniffing at email or ssh ports, which happens to all of us.
My guess is that your situation is like mine was: A domain where so many bots are trying to get in that the server load was always above 1 when it should have been below 0.1. And gigabytes of logs did not make me happy either.
Blocking a dozen of countries and a few ip ranges fixed it all.
Plus I switch ssh to a non default port which helps against the mostly dumb bots too.
1 Like
I just wondering why Virtualmin don’t have this option to block countries ?!
I am almost sure that cPanel has this options.
You are right: cPanel allows blocking countries from the panel: Block countries in cPanel - PlotHost That would be really nice to have.
1 Like
Hi,
This looks like a promising project.
https://pagure.io/firewalld-blacklist
There is also an article about it at:
Haven’t tried it, but reading through it seems on point. Would have to adjust a few things if you are using Debian or Ubuntu as it looks like it was written with Fedora in mind.
1 Like
There is already a good option available?, the ConfigServer Firewall (CSF) plugin can block by country code or ip range.
True, but if you think about it… Both FirewallD and Fail2Ban are installed when you install Virtualmin. So why not make use of them 
Ya but good to have options. End user can then test all or review what is most suitable for their environment and expertise level. For a beginner, whatever system is used - simplicity is what will work.
As long as your machine is connected to the internet, you can’t really completely stop attacks on your server(s). You can however, reduce the attack surface of your system(s) with certain changes to your configuration and setup. A few of these changes include the suggestions mentioned in the previous comments.
Like others that have mentioned CSF firewall I use it too to block some countries. It can do a lot more besides blocking countries. On top of this, I do use Sucuri WAF to protect my hosted WordPress sites. Protect Your Website from Hacks & Attacks | Sucuri. It also has a feature to block by country too.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.