homepage Welcome to WebmasterWorld Guest from 54.198.33.96
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / WebmasterWorld / Website Analytics - Tracking and Logging
Forum Library, Charter, Moderators: Receptional & mademetop

Website Analytics - Tracking and Logging Forum

This 35 message thread spans 2 pages: 35 ( [1] 2 > >     
Banning "problem countries"
jason77




msg:906452
 12:24 pm on Feb 28, 2006 (gmt 0)

I am currently updating my filter for banned countries.

So far I definitely bann the follwing ipaddresses:

- nigeria NG
- ghana GH
- cote`divoire CI
- ukraine ua

I am not sure about the follwing ones:

- LY, AZ, VN, OK, LB, MA, KU, JO, AM, AC, IL

I think Israel, Libya, Marocco etc are harmless, but I am not sure.

Has anyone any bad experiences with ip addreses from some other countries, like the top spammer countries above?

Thanks!

 

palmeux




msg:906453
 8:51 pm on Feb 28, 2006 (gmt 0)

How to stay anonymous with Java/Javascript/plug-ins/flash... enabled

1-method

Install Firewall on your machine and restrict all the connections to the Internet (except for the anonymous proxy server) from a browser. It's also recommended to use port mapping for this free anonymous proxy server and define the browser's proxy as 127.0.0.1 with the local port from port mapping.

2-method

Use socksification in your browser. This will enable relaying all the information your browser or any other software sends and transfers to the proxy server.

3- THE Best Method

You need to set up LAN, local IP addresses (192.168.1.x or alike). A corporate proxy server should forwards ALL requests to a free anonymous proxy server (you need to have skills and rights of a system administrator in order to do that). It's impossible to connect to the Internet bypassing a corporate proxy, as long as external IP address is not assigned to local machines. It's also impossible to scan local machine's settings: even if Java/ActiveX applets detects and gives out your local IP address (192.168.1.x) to the web server, your anonymity will remain unbroken. So, basically, you can rate this option as 100% anonymity.
Neither script nor trace-route can detect you!

Greetings

jatar_k




msg:906454
 9:01 pm on Feb 28, 2006 (gmt 0)

I looked around for a good list but didn't really come up with anything highly authoritative. This list looks ok

1 Ukraine
2 Indonesia
3 Yugoslavia
4 Lithuania
5 Egypt
6 Romania
7 Bulgaria
8 Turkey
9 Russia
10 Pakistan
11 Malaysia
12 Israel

others, aside from ones you have already mentioned, I would add would be China and India

though all of this is relative to where you do business and what business you do.

jason77




msg:906455
 12:11 pm on Mar 13, 2006 (gmt 0)

if you block china, you block yahoo and other crawlers.

Well, I dont think anyonw should help those scammers
by posting instructions on how to do hide your ip,

In other foruns maybe, but in this context you are definitely helping criminals to continue their illegal activities.

I think your posting should be removed!

jason77




msg:906456
 12:13 pm on Mar 13, 2006 (gmt 0)

I would not block Turkey though! There are too many "normal" websrufers from there and also there are google ads in turkish!

Mopar93




msg:906457
 3:17 am on Mar 22, 2006 (gmt 0)

I was looking for a way to block entire countries on my web server and couldn't find a suitable solution, so I wrote my own solution. The software creates a new iptables rules file that can be installed into the Linux kernel. This has helped tremendously. No offense intended to anyone living in the countries that I am now blocking, but it was something that had to be done.

The software will be free for downloading from a new website I just created.

It's mostly ready for public use except for just a litte more testing and polishing. In the meantime, you can check out a demo and read the documentation at fixingtheweb.com.

-Maurice

Mopar93




msg:906458
 1:18 pm on Mar 23, 2006 (gmt 0)

The country blocking package I developed is now ready and can be downloaded for free from fixingtheweb.com. It's very easy to setup and use. You simply pick the countries you want to block and it will create a file containing all the IP ranges belonging to those countries that can be used by iptables running on a Linux server. A simple command then installs the iptables rules for you. And it's easy to change when you want to add a country or delete a country. Easy to follow documentation is included.

-Maurice

surfin2u




msg:906459
 4:11 pm on Mar 23, 2006 (gmt 0)

Hi Mopar93, I took a look at your site, downloaded your code and also downloaded the CSV file with the list of IP ranges and countries. I'm a bit reluctant to trust all this, for fear that I might accidentally block an important robot, such as googlebot. If there were an error in the IP country data, or in your code's use of that data, then my fears could be realized.

The result of such an error could be disasterous for my site and my income. I realize that it's unlikely, but even a small chance of such a problem needs to be considered.

I was looking at your code and noticed some code that seems questionable. In your file iptocountry.php you have a couple of loops that look like this:

$i=0;
do {

//...code inside that loop does not reference $i

} while ($i>0);

Is this coding an error, or is there a reason for having loops that can only execute once?

Mopar93




msg:906460
 9:27 pm on Mar 23, 2006 (gmt 0)

>Is this coding an error, or is there a reason for
>having loops that can only execute once?

The two sections of code that you're referring to builds the left and right columns of data. For the time being, that "while" loop is only executed once. If you study those two loops you'll see some other variables that aren't used anywhere else in the program. I did that for some future coding that I might add.

For this release, the intention was to run through those "while" loops just once.

The iptocountry.php program doesn't make any changes anywhere on your system. It only reads the data from the database files and displays it in the browser.

The countryiptables.php program writes to files, however. But it only writes within the directory where it is running from. It will update the countries.php file if you save your default settings. And it will create the iptables file if you choose to do so. But it only creates a file, nothing else. You still haven't blocked any countries until you manually enter a command from a shell prompt to insert your newly created file into the kernel. Running this command only takes about 3 seconds to insert over 7000 lines of iptables rulesets into my firewall machine.

You can look at the file that gets created with any text editor. If you think there are ranges of IP addresses in a particular country that you want to "mostly" block out, but not all of it, you can delete the ranges you want to allow using the text editor. Then when you are happy with it, put it to use.

This is all you have to do to install the file into the running kernel:

iptables-restore < badiptlist.txt

(or whatever you chose to call the file)

From this point on, none of the ipranges listed in the file will make it into your machine. The incoming packets will just get dropped. At the other end, it will look like your ip address isn't connected to anything. These people will just go away and bother someone else instead.

-Maurice

surfin2u




msg:906461
 2:00 am on Mar 24, 2006 (gmt 0)

Maurice, thanks for your detailed reply. I am quite confident that your solution works, as I said earlier. My concern is that a future mistake, for example with the downloaded data, could result in the accidental blocking of important visitors, such as googlebot.

Mopar93




msg:906462
 2:44 am on Mar 24, 2006 (gmt 0)

I agree, blocking google would be a big concern. On my system, I'm blocking a great deal of problem countries and google, msn, and yahoo, as well as several other top search engines are still finding my site and crawling it every day. My main website always shows up on the first page of these search engines whenever a relevant keyphrase search is used. Many times, it's at the top or at least within the top 3 or 4. Do a search for "JiffyDOS" and "Commodore" and "GEOS" and you'll see my site at cmdrkey.com show up.

The real accuracy is not in the programs I wrote, it's in the country database. And the blocking power is in the Linux kernel and iptables. My programs are just the interface that helps put it all together.

-Maurice

Receptional




msg:906463
 9:22 am on Mar 24, 2006 (gmt 0)

I think blocking whole coutries is not a very clever move.

Yes - I would never trust a credit card sale again from Indonesia, but then let's look at this:

Indonesia: Population 188 Million
Russia: Population 145 Million

That's more than the entire poulation of the USA right there.

Mopar93




msg:906464
 1:44 pm on Mar 24, 2006 (gmt 0)

> I think blocking whole coutries is not a very clever move.

Blocking countries isn't for everyone. Some need to allow the whole world in. But there are many, many people who have no need for certain countries to access their systems.

In my case, I have never had a customer from Korea, China, Taiwan, Russia, Poland, Romania, Bulgaria, Indonesia, India, Iran, Iraq, Saudi Arabia, Africa, or most of South America. I had one customer living in Hong Kong for awhile. I think he's moved back to Australia now. So, I also block Hong Kong. If I block all of those countries in their entirety, it won't hurt my business in the least. It actually helps it because I have much less monitoring to do because there was so much garbage coming from all of those countries. I got nothing but spam and hacking attempts. It's disgusting and I got tired of it.

So, my thinking is, if I get nothing but trouble from a country and no customers and no other benefit whatsoever, I don't feel bad about banning that entire country.

There is no law that says I have to leave my system open for the entire world. I can pick and choose where I want my traffic coming from. And so can everyone else.

I still get spam attempts on my email server, but not much anymore. It's mostly coming from the US, France, Germany, and Spain. I think in the last 24 hours, there was maybe 2 dozen spam attempts showing in the log files. None of them got through because they are all using stupid stuff like "HELO friend" or using phony FROM email addresses. It gets rejected by my server. I'm thinking most of this is coming from people who have allowed spammers to infest their computer and route email for them. Probably viruses or something.

I like it the way I have it right now. My bandwidth is reserved for the top search engines to use and all of my legitimate customers and other people who enjoy visiting my site and sending me legitimate email.

-Maurice

Mopar93




msg:906465
 4:38 pm on Mar 24, 2006 (gmt 0)

For anyone who has already downloaded my country blocking package, I have just made a slight upgrade which allows you to use your choice of either the ip-to-country database or the geoip database.

You don't have to do any special configuration, the new setup program will find whichever database file you have copied to the working directory and use it.

-Maurice

fischermx




msg:906466
 4:53 pm on Mar 24, 2006 (gmt 0)

Hey, I have friends in Ukraine, what's wrong with them!?
Seriously, what kind of problems are we talking about?

surfin2u




msg:906467
 4:55 pm on Mar 24, 2006 (gmt 0)

The real accuracy is not in the programs I wrote, it's in the country database.

Maurice, I completely agree with that statement. Can you imagine if some hacker got into the country database and inserted the ip for googlebot. How many sites would be screwed by such a move? Hard to say. How long would it take them to figure out what happened? They might never.

Mopar93




msg:906468
 6:49 pm on Mar 24, 2006 (gmt 0)

Hey, I have friends in Ukraine, what's wrong with them!?

There's probably nothing wrong with your friends in the Ukraine. However, I don't have any friends there, yet I've noticed attempted attacks in my log files from there. I've never had a legit email or order request from the Ukraine, so it doesn't affect me if I block that country. It would affect you because you have friends there, so you shouldn't block that country.

However, you can block all but the range of addresses that your friends are likely to use.

Two ways to do this. One is after creating the file that iptables will use, load it into a text editor and search for the line that contains the range of addresses that would block your friends. Then simply delete that line from the list.

Or, after loading the list in for iptables to use, enter a single command that would ACCEPT that particular range of addresses.

It's really pretty simple to do once you get used it.

-Maurice

Mopar93




msg:906469
 6:58 pm on Mar 24, 2006 (gmt 0)

Can you imagine if some hacker got into the country database and inserted the ip for googlebot.

On the other hand, can you imagine what would happen if some hacker got into your computer and messed with everything else?

Personally, I'd rather accidentally block someone that potentially allow a hacker to have access to my computer.

If I were to block google somehow, I'd figure it out eventually when I noticed that they were no longer crawling my site.

I've blocked Yahoo/China and it doesn't bother a thing. I don't care that Yahoo/China isn't crawling my site. All the good (in my opinion) Yahoo crawlers are hitting my site every day.

I'd just as soon block the msn crawler only because it's related to Microsoft, but I guess that wouldn't be too wise since a lot of my Commodore customers also use their stuff.

That'll probably get me some criticism. :)

-Maurice

rkhare




msg:906470
 7:28 pm on Mar 24, 2006 (gmt 0)

i would like to block US, is it possible?

Mopar93




msg:906471
 9:12 pm on Mar 24, 2006 (gmt 0)

i would like to block US, is it possible?

Of course. Just select "United States" when you are picking the countries you wish to block.

-Maurice

surfin2u




msg:906472
 9:38 pm on Mar 24, 2006 (gmt 0)

On the other hand, can you imagine what would happen if some hacker got into your computer and messed with everything else?

Personally, I'd rather accidentally block someone that potentially allow a hacker to have access to my computer.

If I were to block google somehow, I'd figure it out eventually when I noticed that they were no longer crawling my site.

My computer is protected from hackers, so that's not an issue here. If google stopped visiting your site would it occur to you that you had blocked them inadvertantly by some third party data that you downloaded to your server? Maybe you would think of it, but I'll bet not many other people would.

I block single addresses or ranges of IP address after I catch someone doing something on my site that I don't approve of. If you don't "attack" my site, then you are welcome to access the site. I am becoming more convinced by the discussion here that my approach is a good one. "Innocent until proven guilty" or something like that...

Mopar93




msg:906473
 12:11 am on Mar 25, 2006 (gmt 0)

I block single addresses or ranges of IP address after I catch someone doing something on my site that I don't approve of. If you don't "attack" my site, then you are welcome to access the site. I am becoming more convinced by the discussion here that my approach is a good one. "Innocent until proven guilty" or something like that...

That's a good approach and one that I used for awhile. However, I got sick and tired of having to manually type in a dozen blocks every day. Someone from Korea or China, or wherever would try something so I'd block that range of addresses. Later on, I'd see something similar from another range in the same country. So, I'd block that one.

After awhile, I decided that was it. The heck with the whole country. These guys just keep on finding new addresses to use in the same country. Or there's a bunch of different guys doing similar stuff.

-Maurice

surfin2u




msg:906474
 12:20 am on Mar 25, 2006 (gmt 0)

Maurice, I am in agreement with you and that's what brought me to this thread. I'm not ready to install the entire country to ip download, but would like to use it for reference. I want to be able to see where a particular block of ip addresses for a country begins and ends. I will then manually add the block of addresses to my list included by the code for all pages of my site. That way I still maintain control.

Christi




msg:906475
 12:33 am on Mar 25, 2006 (gmt 0)

We block ranges of IP addresses manually too, once we see them trying to mess with our forms or spoof the return address.

But if you have widgets that appeal to people in many different countries, not all of them ones you'd normally think of, then blocking whole countries can be tricky. One of our best customers is in Lebanon. Another in Hong Kong (yes); others elsewhere including India.

Part of it is keeping hands-on with the customer service, watching the logs and watching those credit card attempts, and declines for sure. Communicating with customers or wannabe customers helps a lot. Do they communicate? How do they communicate?

We've been burned twice in nine years using this albeit "mom-and-pop" method. To my eye, that makes up for a lot of happy customers worldwide.

Christi

blend27




msg:906476
 3:46 pm on Mar 26, 2006 (gmt 0)

@Jason77 ---if you block china, you block yahoo and other crawlers. ----

yahoo crawlers from China have their IP-block asigned to them, as well as the ones from Japan.

I use something like SafeBotRange an addition to normal rules. Works perfect.

surfin2u




msg:906477
 4:46 pm on Mar 26, 2006 (gmt 0)

Maurice, you might already have this functionality or know where I can find it.

I'd like to go to a web page that can give me the country for a specific IP address. If I could see the range of addresses that that single address is part of, I'd find that useful.

I'd also like to be able to see a list of all of the IP address ranges for that country (for the one IP address I provided), in a separate web page.

The other thing that might be useful is just to see IP address ranges for a country, where I provide the country name or choose it from a list.

Right now I have an approximation to what I need by going to ARIN and to RIPE, but a more complete site would be helpful to me and probably to many others.

Mopar93




msg:906478
 9:59 pm on Mar 26, 2006 (gmt 0)

I'd like to go to a web page that can give me the country for a specific IP address. If I could see the range of addresses that that single address is part of, I'd find that useful.

The iptocountry.php program that is included in my downloadable package will do this for you. You have to set it up on your webserver and then just use a browser to access it to display the info for you.

If you don't want to set it up, I'm sure someone will do this eventually and make a public web site around it. I had thought about doing it on my web site, except it would probably eat up all my bandwidth. It would surely bring in a lot of traffic.

I'd also like to be able to see a list of all of the IP address ranges for that country (for the one IP address I provided), in a separate web page.

You can do this with the countryiptables.php program that is included in the package. Instead of picking a bunch of countries to actually use with iptables, just pick one single country and have the program create the file for you. Name the file according to the country. Then you can view the file in a text editor. A web browser can load it for viewing also. It will contain all of the ranges of ip addresses for that particular country.

You could create a separate file for each country you would like to gather the info on. You could also print these out and make a booklet that you can refer to.

The other thing that might be useful is just to see IP address ranges for a country, where I provide the country name or choose it from a list.

See above.

-Maurice

MrSupplier




msg:906479
 9:00 pm on Mar 27, 2006 (gmt 0)

I'm using maxmind's geoip databases with apache and php modules, and it works rather good.
If you running biz, you can buy geoipcity and check customers ips for matching coutry/city and same entered in forms -- makes alot of sense for fraudcheck. And communication works, too.

blend27




msg:906480
 12:02 am on Apr 2, 2006 (gmt 0)

MaxMind Says this 82.165.0.0 to 82.165.255.255 range belongs to US,

I dont think So.

gregbo




msg:906481
 2:51 am on Apr 2, 2006 (gmt 0)

MaxMind Says this 82.165.0.0 to 82.165.255.255 range belongs to US,
I dont think So.

One should use the numbers from MaxMind or any other geotargeting database with caution. The information can be out of date, or just plain wrong. IP addresses can be easily transferred between organizations.

FWIW, the RIPE database says this address block has been issued to a German business (which could very well operate at least in part within the US).

This 35 message thread spans 2 pages: 35 ( [1] 2 > >
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Website Analytics - Tracking and Logging
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved