Also, if you’re running SSH on a non-standard port, block Censys’ IP ranges. They port scan the entire internet constantly and bad actors use their scans to target their attacks. Once I did that, the number of attempted SSH logins went to zero pretty quickly.
Solid advice! I've had certain countries in my blocklist thus far, and now I have added Censys (I did not know that was the company behind Shodan). Now, I've also added the Tor exit node list as my blocklist. Since nothing good comes from any of these. I used this blocklist for the latter [1] (the Censys ranges I just did manually, as it is only 12 entries in total).
I hope you'll reconsider your stance on Tor exit nodes; many people use the Tor network to avoid censorship or even just bolster their own privacy. Blacklisting users on the basis of their Tor usage is hostile to their goals of privacy and anti-censorship.
There's no reason Tor exit nodes need to access my home network. Zero. I do use BitTorrent but behind a VPN; this remains unaffected, though if it were I would block traffic which isn't supposed to go through Tor (since BitTorrent over Tor is not recommended).
As a rule of thumb, I will gladly pass on Tor traffic, but no exit node, and I understand if network admins want to block entry node, too. It is a decision everyone who maintains a network has to make themselves.
The reason I block it is also the same reason I block banana republics like CN and RU: these don't prosecute people who break the law with regards to hacking. Why should one accept unrestricted traffic from these?
In the end, the open internet was once a TAZ [1] and unfortunately with the commercialization of the internet together with massive changes in geopolitics the ship sailed.
