Discover Centmin Mod today
Register Now

Block colocrossing traffic

Discussion in 'System Administration' started by Jon Snow, Jan 26, 2018.

  1. Jon Snow

    Jon Snow Active Member

    334
    54
    28
    Jun 30, 2017
    Ratings:
    +77
    Local Time:
    12:05 AM
    Nginx 1.13.9
    MariaDB 10.1.31
    I think I found some information about this some months ago but I can't seem to find it anymore. On my xenForo forum, in the who is online list, I see traffic like :

    198.12.72.159 host.colocrossing.com
    23.95.99.81 host.colocrossing.com

    Is it possible for me to block all traffic coming from colocrossing.com (if not the direct domain, then host.colocrossing.com will do) without blocking each IP individually?

    I'd like to do the same for OVH.
     
  2. eva2000

    eva2000 Administrator Staff Member

    33,695
    7,459
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,470
    Local Time:
    1:05 PM
    Nginx 1.13.x
    MariaDB 5.5
    Not advisable as colocrossing has 780,000+ IPs, blocking them will affect your server performance especially if you are on openvz vps or if you do not have linux kernel with IPSET support (and csf firewall without IPSET support).

    colocrossing ASN number is AS36352 AS36352 ColoCrossing - ipinfo.io 787,000+ ips

    where's the ip ranges
    Code (Text):
    asnid=AS36352
    whois -h whois.radb.net -- "-i origin $asnid" | awk '/route:/ {print $2}'
    

    175 ip ranges
    Code (Text):
    asnid=AS36352
    whois -h whois.radb.net -- "-i origin $asnid" | awk '/route:/ {print $2}' | wc -l
    175
    

    actual ip ranges
    Code (Text):
    asnid=AS36352
    whois -h whois.radb.net -- "-i origin $asnid" | awk '/route:/ {print $2}'
    72.249.124.0/24
    65.99.246.0/24
    65.99.193.0/24
    96.8.126.0/23
    198.206.8.0/21
    204.197.248.0/22
    75.127.5.0/24
    75.127.6.0/23
    198.23.132.0/22
    162.251.112.0/21
    216.246.108.0/24
    216.246.109.0/24
    205.234.159.0/24
    66.225.194.0/23
    205.234.203.0/24
    216.246.49.0/24
    66.225.198.0/24
    75.102.27.0/24
    69.31.134.0/24
    205.234.152.0/24
    75.102.10.0/24
    75.102.34.0/24
    69.31.130.128/25
    75.102.38.0/23
    75.102.47.0/24
    66.225.231.0/24
    66.225.232.0/24
    206.217.128.0/20
    206.217.130.0/24
    96.8.112.0/20
    8.17.252.0/24
    8.17.250.0/23
    199.21.112.0/22
    108.174.48.0/20
    198.144.176.0/20
    199.188.100.0/22
    75.127.0.0/20
    198.12.64.0/18
    204.86.16.0/20
    72.249.94.0/24
    206.123.95.0/24
    207.210.239.0/24
    207.210.252.0/23
    207.210.254.0/24
    198.23.128.0/17
    5.226.171.0/24
    192.157.56.0/22
    192.210.128.0/17
    5.61.27.0/24
    192.227.128.0/17
    198.245.64.0/21
    198.46.128.0/17
    198.245.72.0/23
    198.20.160.0/19
    172.245.0.0/16
    192.198.96.0/19
    192.3.0.0/16
    162.218.88.0/22
    162.218.92.0/23
    23.94.0.0/15
    162.221.176.0/22
    162.221.180.0/23
    162.221.182.0/23
    23.249.160.0/20
    162.218.94.0/24
    107.172.0.0/14
    107.161.144.0/21
    107.161.152.0/24
    107.161.156.0/23
    107.161.158.0/24
    23.236.240.0/20
    107.161.155.0/24
    23.254.88.0/21
    23.254.96.0/20
    23.254.112.0/20
    216.170.112.0/21
    104.145.224.0/22
    104.145.228.0/24
    104.144.0.0/16
    179.61.192.0/24
    216.170.120.0/21
    104.168.0.0/17
    179.61.250.0/23
    104.145.231.0/24
    104.145.232.0/24
    104.145.233.0/24
    104.145.234.0/24
    104.227.192.0/19
    179.61.250.0/24
    104.232.32.0/20
    104.145.237.0/24
    104.145.238.0/24
    198.143.9.0/24
    198.143.12.0/24
    162.218.95.0/24
    23.249.171.0/24
    23.249.174.0/23
    104.250.125.0/24
    104.168.82.0/23
    104.232.40.0/21
    191.101.50.0/24
    85.203.16.0/24
    45.57.240.0/24
    45.57.241.0/24
    45.57.242.0/24
    45.57.243.0/24
    45.57.244.0/24
    192.157.30.0/24
    104.250.126.0/24
    104.250.124.0/24
    107.161.159.0/24
    179.61.253.0/24
    206.217.143.0/24
    108.174.60.0/24
    192.3.16.0/22
    23.94.12.0/22
    192.3.248.0/22
    23.94.56.0/22
    23.95.16.0/22
    75.127.12.0/23
    192.210.142.0/23
    198.23.149.0/24
    104.168.16.0/22
    23.94.72.0/23
    23.94.74.0/24
    192.3.252.0/23
    192.3.255.0/24
    198.12.116.0/24
    107.174.244.0/22
    107.174.240.0/22
    192.71.201.0/24
    107.161.153.0/24
    45.40.112.0/20
    107.173.180.0/23
    45.248.54.0/23
    192.3.248.0/21
    103.210.12.0/22
    104.250.117.0/24
    216.41.39.0/24
    191.101.33.0/24
    191.101.241.0/24
    191.96.151.0/24
    191.96.133.0/24
    107.175.214.0/24
    179.61.137.0/24
    181.214.83.0/24
    181.214.31.0/24
    181.214.156.0/24
    181.215.53.0/24
    181.215.55.0/24
    191.96.223.0/24
    191.96.165.0/24
    179.61.232.0/24
    154.16.144.0/22
    191.96.40.0/24
    181.214.143.0/24
    181.214.142.0/24
    154.16.112.0/24
    154.16.114.0/24
    154.16.115.0/24
    154.16.116.0/24
    154.16.117.0/24
    154.16.118.0/24
    154.16.119.0/24
    208.122.48.0/23
    208.122.52.0/24
    208.122.57.0/24
    72.26.196.0/24
    74.63.54.0/24
    206.217.128.0/23
    205.234.152.0/24
    205.234.153.0/24
    65.99.246.0/24
    216.246.109.0/24
    208.122.48.0/23
    

    and if you really want to block them in CSF Firewall list the and create the CSF Firewall deny ip range commands.
    Code (Text):
    asnid=AS36352
    whois -h whois.radb.net -- "-i origin $asnid" | awk '/route:/ {print $2}' | while read i; do echo "csf -d $i colocrossing" ; done
    csf -d 72.249.124.0/24 colocrossing
    csf -d 65.99.246.0/24 colocrossing
    csf -d 65.99.193.0/24 colocrossing
    csf -d 96.8.126.0/23 colocrossing
    csf -d 198.206.8.0/21 colocrossing
    csf -d 204.197.248.0/22 colocrossing
    csf -d 75.127.5.0/24 colocrossing
    csf -d 75.127.6.0/23 colocrossing
    csf -d 198.23.132.0/22 colocrossing
    csf -d 162.251.112.0/21 colocrossing
    csf -d 216.246.108.0/24 colocrossing
    csf -d 216.246.109.0/24 colocrossing
    csf -d 205.234.159.0/24 colocrossing
    csf -d 66.225.194.0/23 colocrossing
    csf -d 205.234.203.0/24 colocrossing
    csf -d 216.246.49.0/24 colocrossing
    csf -d 66.225.198.0/24 colocrossing
    csf -d 75.102.27.0/24 colocrossing
    csf -d 69.31.134.0/24 colocrossing
    csf -d 205.234.152.0/24 colocrossing
    csf -d 75.102.10.0/24 colocrossing
    csf -d 75.102.34.0/24 colocrossing
    csf -d 69.31.130.128/25 colocrossing
    csf -d 75.102.38.0/23 colocrossing
    csf -d 75.102.47.0/24 colocrossing
    csf -d 66.225.231.0/24 colocrossing
    csf -d 66.225.232.0/24 colocrossing
    csf -d 206.217.128.0/20 colocrossing
    csf -d 206.217.130.0/24 colocrossing
    csf -d 96.8.112.0/20 colocrossing
    csf -d 8.17.252.0/24 colocrossing
    csf -d 8.17.250.0/23 colocrossing
    csf -d 199.21.112.0/22 colocrossing
    csf -d 108.174.48.0/20 colocrossing
    csf -d 198.144.176.0/20 colocrossing
    csf -d 199.188.100.0/22 colocrossing
    csf -d 75.127.0.0/20 colocrossing
    csf -d 198.12.64.0/18 colocrossing
    csf -d 204.86.16.0/20 colocrossing
    csf -d 72.249.94.0/24 colocrossing
    csf -d 206.123.95.0/24 colocrossing
    csf -d 207.210.239.0/24 colocrossing
    csf -d 207.210.252.0/23 colocrossing
    csf -d 207.210.254.0/24 colocrossing
    csf -d 198.23.128.0/17 colocrossing
    csf -d 5.226.171.0/24 colocrossing
    csf -d 192.157.56.0/22 colocrossing
    csf -d 192.210.128.0/17 colocrossing
    csf -d 5.61.27.0/24 colocrossing
    csf -d 192.227.128.0/17 colocrossing
    csf -d 198.245.64.0/21 colocrossing
    csf -d 198.46.128.0/17 colocrossing
    csf -d 198.245.72.0/23 colocrossing
    csf -d 198.20.160.0/19 colocrossing
    csf -d 172.245.0.0/16 colocrossing
    csf -d 192.198.96.0/19 colocrossing
    csf -d 192.3.0.0/16 colocrossing
    csf -d 162.218.88.0/22 colocrossing
    csf -d 162.218.92.0/23 colocrossing
    csf -d 23.94.0.0/15 colocrossing
    csf -d 162.221.176.0/22 colocrossing
    csf -d 162.221.180.0/23 colocrossing
    csf -d 162.221.182.0/23 colocrossing
    csf -d 23.249.160.0/20 colocrossing
    csf -d 162.218.94.0/24 colocrossing
    csf -d 107.172.0.0/14 colocrossing
    csf -d 107.161.144.0/21 colocrossing
    csf -d 107.161.152.0/24 colocrossing
    csf -d 107.161.156.0/23 colocrossing
    csf -d 107.161.158.0/24 colocrossing
    csf -d 23.236.240.0/20 colocrossing
    csf -d 107.161.155.0/24 colocrossing
    csf -d 23.254.88.0/21 colocrossing
    csf -d 23.254.96.0/20 colocrossing
    csf -d 23.254.112.0/20 colocrossing
    csf -d 216.170.112.0/21 colocrossing
    csf -d 104.145.224.0/22 colocrossing
    csf -d 104.145.228.0/24 colocrossing
    csf -d 104.144.0.0/16 colocrossing
    csf -d 179.61.192.0/24 colocrossing
    csf -d 216.170.120.0/21 colocrossing
    csf -d 104.168.0.0/17 colocrossing
    csf -d 179.61.250.0/23 colocrossing
    csf -d 104.145.231.0/24 colocrossing
    csf -d 104.145.232.0/24 colocrossing
    csf -d 104.145.233.0/24 colocrossing
    csf -d 104.145.234.0/24 colocrossing
    csf -d 104.227.192.0/19 colocrossing
    csf -d 179.61.250.0/24 colocrossing
    csf -d 104.232.32.0/20 colocrossing
    csf -d 104.145.237.0/24 colocrossing
    csf -d 104.145.238.0/24 colocrossing
    csf -d 198.143.9.0/24 colocrossing
    csf -d 198.143.12.0/24 colocrossing
    csf -d 162.218.95.0/24 colocrossing
    csf -d 23.249.171.0/24 colocrossing
    csf -d 23.249.174.0/23 colocrossing
    csf -d 104.250.125.0/24 colocrossing
    csf -d 104.168.82.0/23 colocrossing
    csf -d 104.232.40.0/21 colocrossing
    csf -d 191.101.50.0/24 colocrossing
    csf -d 85.203.16.0/24 colocrossing
    csf -d 45.57.240.0/24 colocrossing
    csf -d 45.57.241.0/24 colocrossing
    csf -d 45.57.242.0/24 colocrossing
    csf -d 45.57.243.0/24 colocrossing
    csf -d 45.57.244.0/24 colocrossing
    csf -d 192.157.30.0/24 colocrossing
    csf -d 104.250.126.0/24 colocrossing
    csf -d 104.250.124.0/24 colocrossing
    csf -d 107.161.159.0/24 colocrossing
    csf -d 179.61.253.0/24 colocrossing
    csf -d 206.217.143.0/24 colocrossing
    csf -d 108.174.60.0/24 colocrossing
    csf -d 192.3.16.0/22 colocrossing
    csf -d 23.94.12.0/22 colocrossing
    csf -d 192.3.248.0/22 colocrossing
    csf -d 23.94.56.0/22 colocrossing
    csf -d 23.95.16.0/22 colocrossing
    csf -d 75.127.12.0/23 colocrossing
    csf -d 192.210.142.0/23 colocrossing
    csf -d 198.23.149.0/24 colocrossing
    csf -d 104.168.16.0/22 colocrossing
    csf -d 23.94.72.0/23 colocrossing
    csf -d 23.94.74.0/24 colocrossing
    csf -d 192.3.252.0/23 colocrossing
    csf -d 192.3.255.0/24 colocrossing
    csf -d 198.12.116.0/24 colocrossing
    csf -d 107.174.244.0/22 colocrossing
    csf -d 107.174.240.0/22 colocrossing
    csf -d 192.71.201.0/24 colocrossing
    csf -d 107.161.153.0/24 colocrossing
    csf -d 45.40.112.0/20 colocrossing
    csf -d 107.173.180.0/23 colocrossing
    csf -d 45.248.54.0/23 colocrossing
    csf -d 192.3.248.0/21 colocrossing
    csf -d 103.210.12.0/22 colocrossing
    csf -d 104.250.117.0/24 colocrossing
    csf -d 216.41.39.0/24 colocrossing
    csf -d 191.101.33.0/24 colocrossing
    csf -d 191.101.241.0/24 colocrossing
    csf -d 191.96.151.0/24 colocrossing
    csf -d 191.96.133.0/24 colocrossing
    csf -d 107.175.214.0/24 colocrossing
    csf -d 179.61.137.0/24 colocrossing
    csf -d 181.214.83.0/24 colocrossing
    csf -d 181.214.31.0/24 colocrossing
    csf -d 181.214.156.0/24 colocrossing
    csf -d 181.215.53.0/24 colocrossing
    csf -d 181.215.55.0/24 colocrossing
    csf -d 191.96.223.0/24 colocrossing
    csf -d 191.96.165.0/24 colocrossing
    csf -d 179.61.232.0/24 colocrossing
    csf -d 154.16.144.0/22 colocrossing
    csf -d 191.96.40.0/24 colocrossing
    csf -d 181.214.143.0/24 colocrossing
    csf -d 181.214.142.0/24 colocrossing
    csf -d 154.16.112.0/24 colocrossing
    csf -d 154.16.114.0/24 colocrossing
    csf -d 154.16.115.0/24 colocrossing
    csf -d 154.16.116.0/24 colocrossing
    csf -d 154.16.117.0/24 colocrossing
    csf -d 154.16.118.0/24 colocrossing
    csf -d 154.16.119.0/24 colocrossing
    csf -d 208.122.48.0/23 colocrossing
    csf -d 208.122.52.0/24 colocrossing
    csf -d 208.122.57.0/24 colocrossing
    csf -d 72.26.196.0/24 colocrossing
    csf -d 74.63.54.0/24 colocrossing
    csf -d 206.217.128.0/23 colocrossing
    csf -d 205.234.152.0/24 colocrossing
    csf -d 205.234.153.0/24 colocrossing
    csf -d 65.99.246.0/24 colocrossing
    csf -d 216.246.109.0/24 colocrossing
    csf -d 208.122.48.0/23 colocrossing
    

    I would only do this if Centmin Mod has detected Linux Kernel support for IPSET and has auto enabled it in CSF Firewall via LF_IPSET = "1" setting
    Code (Text):
    grep ^LF_IPSET /etc/csf/csf.conf 
    LF_IPSET = "1"
    LF_IPSET_HASHSIZE = "1024"
    LF_IPSET_MAXELEM = "65536"
    
     
    • Informative Informative x 2
..