If you’ve been battling constant attacks from hackers and spammers in China or other countries, there is a way to prevent them from accessing ANY site on your Linux server, and the installation of this wonderful solution is a lot easier then you might expect. Most Admins usually add the long list of each countries IPs to the htaccess file of each websites root directory, but this can create an enormous file that can sometimes fail, especially if you’re running WordPress or some other type of CMS that adds entries automatically. WordPress does have a plugin available (IQ Block Country) that can block country IPs without creating a large htaccess file, but I’ve found that it can run into conflicts with caching plugins, so you’re much better off by simply blocking the unwanted traffic from the server level.
The name of the solution I’m speaking of is the Config Server Firewall ( CSF ) firewall, which is open source (although they DO appreciate donations to help support their efforts) and is loaded with a ton of features, but for the purpose of this article we’ll just address how to block out unwanted traffic from countries. The way that CSF works is that it uses the Maxmind geoIP database to identify the IP ranges of whichever country you specify that you want to block, and then sets a filter at the root level to block incoming traffic from those IPs. You do however need to be very selective on how many countries you add since adding too many can slow down your server.
Before installing the CSF, go to the World Atlas to retrieve the country codes of the countries you want to block (they’re the ones in the A2 column), and bookmark this page for quick reference in case you want to block other countries in the future.
Execute the following commands through your SSH console:
tar -xzf csf.tgz
Once you’ve installed it you can restart your server and all your services, and you’ll see the entry “ConfigServer Security&Firewall” from within the Plugins tab in your WHM.
Note: Make sure once everything is done that the top of the CSF Control Panel shows “Firewall Status: Enabled and Running”, and that’s it, you’re now blocking your chosen countries from the server level!