Firewall Deny IP Ranges

PointsWell

I don't know if this is the best place to put this but it's not a question so I figure here it should be.

Having spent this morning investigating why my server keeps crashing out after it has been running for a week, I started having a look at the tomcat logs for the days when it hasn't been being used (and to understand why my server usage bill has shot up). I have come to realise that there are some comrades in Russia and China who are overly interested in my Tomcat manager.

Given that I have no actual users at the moment, none of these are friendly, so I have done whois checks and blocked their entire IP range, which I now share for others who want to block update their firewalls.

Enjoy

Updated Below

PointsWell

Updated

5.101.0.0/18
5.188.0.0/16
37.63.0.0/17
45.125.14.0/24
49.32.0.0/12
58.20.0.0/16
61.160.212.0/24
61.164.0.0/16
62.210.0.0/16
77.246.96.0/21
91.236.74.0/23
93.174.88.0/21
95.213.176.0/23
106.14.0.0/16
107.182.16.0/20
112.95.92.0/22
115.224.0.0/12
116.0.0.0/24
116.228.0.0/16
117.32.0.0/13
118.193.31.0/24
119.1.109.0/24
119.29.12.0/23
119.29.66.0/23
119.144.0.0/14
122.114.0.0/16
122.224.0.0/12
123.249.0.0/17
125.211.0.0/16
139.162.64.0/19
139.162.96.0/19
175.184.128.0/18
180.76.128.0/17
183.64.0.0/14
186.206.128.0/17
194.88.104.0/22
201.75.192.0/18
209.251.208.0/23
220.174.128.0/17
221.194.0.0/16
222.186.0.0/17

ACDC

I am having similar problems

Did you add these settings to the tomcat settings ?

PointsWell

There is something you can set in Tomcat to bounce repeated unsuccessful attempts from IP addresses but I didn’t know how to do it.

I have set the firewall on my google server to deny those IP ranges - so the traffic isn’t getting as far as Tomcat.

Downside is I have to monitor the Tomcat log.