Some of you may know that the EU implemented something called the General Data Protection Regulation (GDPR), which placed a ton of tracking and advertising transparency requirements on several internet operating procedures.
One of the things that internet hosting services implemented was obfuscating the IP addresses in the log files to /24 netblocks for ipv4 and /40 for ipv6... get this... to protect visitors from tracking mechanisms.
In the meantime, several nefarious bad actors from China, Russia, Ukraine, and Brazil have started targeting these servers (and those in the US) with hacking scripts that mask themselves with valid, but somewhat dated browser user agents (the scripts are rarely updated that often). They probe for and look to hack any php element of a web site, including phpMyAdmin, which administers database-driven sites.
Making matters worse, they come in directly to a server's IP address completely rendering any DNS-based firewall and content delivery network like Cloudflare completely useless.
Summary:
- You can't block distinct IPs without blocking an entire 254-IP netblock, the majority of which are likely valid visitors.
- You can't block the user agents of old browsers without ticking off all the people that never update their browser to the latest version [Note: I'm doing this anyway, as draconian as it sounds...]
- You can't block several web site administration functions without blocking yourself out of the system. This, unless you whitelist everyone that participates to administer, edit, and write posts on a web site (and as we all know, not everyone has a static IP, making this a nightmare).
Can anyone else see where all this is heading?