homepage Welcome to WebmasterWorld Guest from 54.196.225.45
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Hardware and OS Related Technologies / Website Technology Issues
Forum Library, Charter, Moderators: phranque

Website Technology Issues Forum

This 34 message thread spans 2 pages: 34 ( [1] 2 > >     
How to block a country from accessing my website?
zeus




msg:3474188
 8:52 pm on Oct 10, 2007 (gmt 0)

how can I block a country to access my site and maybe only allow a few IPs or just a city is that possible.

 

londrum




msg:3474198
 9:02 pm on Oct 10, 2007 (gmt 0)

you can't really block just one city, because it's highly unlikely that everyone in the city will be using an internet provider from the same city.

you can be fairly sure that they will be using one from the same country, though. so you just need to get a list of IP addresses associated with that country.

if you do a google search for 'IP addresses country blocks' you should be able to find an updated list.

zeus




msg:3474215
 9:22 pm on Oct 10, 2007 (gmt 0)

if i get that list how do i block them then.

londrum




msg:3474646
 8:53 am on Oct 11, 2007 (gmt 0)

the usual way is to put them all into a database, and then check them against each user when they visit. but if you just want some easy PHP at the top of your pages then something like this should do it...


$deny=array(
"111.111.111",
"222.222.222",
"333.333.333"
);

if(in_array($_SERVER['REMOTE_ADDR'],$deny)){exit;}

rocknbil




msg:3489487
 9:42 pm on Oct 27, 2007 (gmt 0)

If you have an Apache server, you can do this without scripting. Scripting will still allow them to poke around your site. Additionally you'd have to do it on all files, and change it every time a new one comes up.

This is a little complex, things can go wrong, so fully research before you drop in an .htaccess file with deny directives. Once you are familiar it, it as simple as creating a plain text file containing something like this, and naming it ".htaccess." "#" are comments and will not affect the functioning of the directives.

order allow,deny
<Limit GET POST>
allow from all

# specific IP address
deny from 123.123.123.123
# deny a range: 123.123.0.0 - 123.123.255.255
deny from 123.123.0.0/16
# the whole class: 123.0.0.0 - 123.255.255.255
deny from 123.0.0.0/8
# shorthand for previous
deny from 123
</Limit>

zeus




msg:3491338
 12:09 pm on Oct 30, 2007 (gmt 0)

yes I have blocked some now, works fine

benevolent001




msg:3495412
 10:37 am on Nov 3, 2007 (gmt 0)

To block whole country or some IP ranges you may use mod geoip its best free solution i have seen till now ( for apache only)

Rosalind




msg:3495456
 11:48 am on Nov 3, 2007 (gmt 0)

Where are the most up-to-date IP lists to be found? I never know which lists are the most current, so although it's not too hard to find IP lists I'm never sure how accurate they are.

henry0




msg:3495459
 12:12 pm on Nov 3, 2007 (gmt 0)

benevolent001
I just finished reading your July post

about mod geoip
[webmasterworld.com]

How did you end the "saga"?

If you could finish it
then it will become a valuable tutorial :)
Thanks

amznVibe




msg:3495520
 2:19 pm on Nov 3, 2007 (gmt 0)

I have this same urge all the time but keep in mind the following:

1. Even the maxmind database, which is probably the most complete available, still has lots of holes. I've hand written dozens of IP range patches for it.

2. Unless you setup a caching system, doing an IP lookup for every single http access can bring a busy server to it's knees.

bsterz




msg:3495545
 3:05 pm on Nov 3, 2007 (gmt 0)

I use the MaxMind API and only block access to specific areas such as login, purchase, etc.

It works great. I setup a failsafe country ISO code of XX. Because from time to time it fails to respond - in which case I assume the visitor is from a "friendly" country and I log the blocked visit as from "XX". This way I can monitor how many failed lookups I get.

Bill

henry0




msg:3495548
 3:13 pm on Nov 3, 2007 (gmt 0)

I tried to only accept US IP
but it was a tough proposition
I too have added a bunch of ranges
but had to quit doing it
reason:
There is no way to get the ATT DSL range from them
and my DB had too many holes so I decided against that system.

adysartjr




msg:3495552
 3:37 pm on Nov 3, 2007 (gmt 0)

There is a website you can use to look up ip addresses by country.

Since we can't put web addresses on this message board....

Type in "block a country" in Google. 1st result.

masterchief




msg:3495556
 3:51 pm on Nov 3, 2007 (gmt 0)

we use maxmind api, and works great fast and reliable, althogh you need to update frequently

superclown2




msg:3495557
 3:53 pm on Nov 3, 2007 (gmt 0)

Use your firewall to block off the IP ranges of whole regions such as Apnic, Ripe, Afrinic and Lacnic. A lot of the time you can block a whole /8 but much of the time you'll be blocking /24 blocks so you'll need a lot of patience. My IP tables scripts are hundreds of lines long but it doesn't seem to slow my servers down at all.

swa66




msg:3495637
 6:49 pm on Nov 3, 2007 (gmt 0)

Don't forget that no matter how accurate the database (none ae very accurate), you will still have errors with people who are on a a trip abroad, with companies surpassing country boundaries and their internal network having just a few exits in just a few countries. And the I didn't even talk about TOR or open proxies used to evade geo-targeting.

In general I don't think it works well enough to be of much use beyond targeting advertising to audiences (where it's no big deal if you miss a few).
If you want to make sure nobody from country X can access your site, I doubt it'll work.
If you want to be sure people of country X cannot buy your stuff (cause you don't want to ship there or have too much trouble with getting paid properly), ask the shipping address and if you don't like it, quit there.

Don't forget the Internet is what it is in part because of the surpassing of obsolete country borders. All geo-targeting does is building in those borders again, and it'll backfire as the adopters of the Internet will not agree with you in the long run.

webwannabee




msg:3495679
 8:16 pm on Nov 3, 2007 (gmt 0)

How to block china:

Here is trick I used once and I don't know if it stil works, but the Chinese communist party blocks information regarding Tianamen Square; so what I did was to add a few links to Tienamen square along with anchor text regarding same at the bottom of the page and it worked.

It takes a while until their censors pick up on it but it worked 2 years a go when i tried it.

mattb




msg:3495703
 8:55 pm on Nov 3, 2007 (gmt 0)

I echo the use of Geoip from Maxmind. We block pricing and cart from countries outside the US and Canada. It works well and does not slow down the pages. A subscription to the country database is cheap around $100 per year. The db is downloaded and resides on your server for fastest results. You can also buy the city version but it's much more expensive.

Moncao




msg:3495940
 7:47 am on Nov 4, 2007 (gmt 0)

So then they use proxies.

superclown2




msg:3495981
 11:01 am on Nov 4, 2007 (gmt 0)

"So then they use proxies"

Most people won't. I'm in the UK and I've blocked off the 'bad neighbourhoods' from our servers for years and our spam level is as near zero as makes no difference and I can't recall the last serious attempt at an intrusion. Blocking potential trouble areas is the most worthwhile way for a sysadmin to spend time IMO. Of course you can never be 100% but it's like fitting extra locks to deter burglars, most of them will go off to find easier victims, and there are plenty of those unfortunately. Or perhaps fortunately<G>?

zeus




msg:3495989
 11:39 am on Nov 4, 2007 (gmt 0)

I can say now I have found a site where you can choose a country, then they have a .htaccess code/list of IPs which is then blocked worked perfect and its free.

superclown2




msg:3496134
 4:31 pm on Nov 4, 2007 (gmt 0)

I'd be careful of free lists, there are certain IP addresses we DON'T want to block.

mrjohncory




msg:3496285
 10:48 pm on Nov 4, 2007 (gmt 0)

Just out of curiosity, what are some of the reasons one would want to deny an entire country access to their site?

superclown2




msg:3496315
 12:02 am on Nov 5, 2007 (gmt 0)

It's an unfortunate fact that certain countries contain a high proportion of spammers, con merchants and general pains in the proverbial, and a low proportion of potential customers. It's probably illegal here in the UK to name the countries concerned but I think most of us know who they are.

klown




msg:3496353
 1:31 am on Nov 5, 2007 (gmt 0)

Most of the spam comes from the US and the UK I've heard. Then again most of it is routed through Chinese and Indian servers. Its too bad you guys don't try alternative spam protection techniques instead of blocking millions of potential customers (China for instance has millions of expats such as myself), nearly all of whom use the Internet.

bw3ttt




msg:3496355
 1:31 am on Nov 5, 2007 (gmt 0)

Just out of curiosity, what are some of the reasons one would want to deny an entire country access to their site?

You would want to block certain countries (China and Russia) because the overwhelming majority of spam, intrusions, scams, bad bots and copyright infringement originate in these countries.. China in particular has the potential to cause a huge number of clicks but the "people" will never buy anything.. In short, nothing good will come from these countries, but plenty of bad things will so it is in the interest of many, if not most western web sites to block traffic from these countries altogether..

I did it a long time ago and guess what?

no break-ins, no bots, 80% reduction in spam

bw3ttt




msg:3496374
 1:52 am on Nov 5, 2007 (gmt 0)

Most of the spam comes from the US and the UK

<snicker> yeah it must be a conspiracy to frame the Chinese.. Thanks for the great advice comrade..

klown




msg:3496453
 3:59 am on Nov 5, 2007 (gmt 0)

I'm just living in China, I'm actually an Oregonian.

It might be true that you can block a majority of your spam by blocking IPs within China. Then again you could block most of the spam via normal spam blocking techniques such as hidden fields, searching forms for certain keywords, searching forms for links, multiple form submissions from the same IP during a certain period of time, etc. I generally use CAPTCHAs as a last resort however if you add in CAPTCHAs you'll see an even smaller percent of spam getting through.

Personally I just don't like to exclude anybody who might be a valuable customer or community member. Plus I'm freaking sick of getting blocked when going to sites (mostly due to the Chinese gov of course).

superclown2




msg:3496579
 9:23 am on Nov 5, 2007 (gmt 0)

"Plus I'm freaking sick of getting blocked when going to sites (mostly due to the Chinese gov of course)."

Hopefully people in these countries will get so sick of being blocked off from the rest of the world that they'll pressure their governments into doing something to stop the antics of the spammers conmen and virus distributors. Until then they are permanently blocked from all my company's servers, it's much simpler than trying to filter out their spam garbage, much of which is pretty disgusting and highly offensive. We block because of necessity, not choice.

Rugles




msg:3496828
 4:02 pm on Nov 5, 2007 (gmt 0)

It's an unfortunate fact that certain countries contain a high proportion of spammers, con merchants and general pains in the proverbial, and a low proportion of potential customers. It's probably illegal here in the UK to name the countries concerned but I think most of us know who they are.

I think you are allowed to mention Canada. ;-)

This 34 message thread spans 2 pages: 34 ( [1] 2 > >
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Website Technology Issues
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved