It used to be conventional wisdom that if you have a site that is only of interest to users in, say, the U.S. or North America, you can limit your attack surface by blocking all IPs outside that area of interest. At the least, you can consider blocking countries that are said to originate the majority of spam and/or hacking attempts.
This thought crossed my mind today when I noticed sixty hits to a new page on one of my client’s sites. The hits stood out because they were from Belarus. I had visions of the Russian Mafia looking for a way into the server. However, it was a brand new page and nothing was linking to it yet; and I knew that a business partner of my clients was working on integrating with that page.
I checked, and sure enough, they are using programmers in Minsk. Good thing I asked.
So consider this possibility if it fits your situation; it may be important.
