TreoRenegade,

My advertisers are constantly under attack from Nigerian 419 scammers. I block their ISPs when I see them harassing my advertisers but it would be nice if I could just block the entire country of Nigeria (we service North America and Europe).

I've got the first part of your post. . .but. . .

This is a long list to code into .htaccess in cidr format.

Any suggestions on how to speed up this process?

-jay westmark

Let me go check out which IPs are involved. I'll get back to you here shortly...

1) [ec-clan.org...] (<< listings by country)
2) [ec-clan.org...] (<< Nigeria)
NE NER NIGER
63.100.194.128 -- 63.100.194.255
63.100.195.32 -- 63.100.195.39
63.100.200.96 -- 63.100.200.127
63.100.200.192 -- 63.100.200.223
192.136.57.0 -- 192.136.57.255
193.220.16.96 -- 193.220.16.111
193.220.180.0 -- 193.220.180.255
193.251.227.0 -- 193.251.227.79
193.251.227.82 -- 193.251.227.127
193.251.227.136 -- 193.251.227.183
193.251.227.192 -- 193.251.227.207
193.251.228.0 -- 193.251.228.255
194.54.77.64 -- 194.54.77.143
216.236.200.0 -- 216.236.200.31
216.236.201.64-- 216.236.201.127
216.236.202.0 216.236.202.15
217.113.76.0 -- 217.113.76.7

Following = examples of rewrite lines. Note: these lines are NOT highly optimized, as I want them to be relatively easy to understand here. Of course, you should precede each with the rewritecond, i.e.,
RewriteCond %{REMOTE_ADDR} ^63\.100\.194\.12[8-9]\. [OR]
Not added below, again, to ease comprehension...

# --------------------------------- 63.100.194.128 -- 63.100.194.255
63\.100\.194\.12[8-9]$ [OR]
63\.100\.194\.1[3-9][0-9]$ [OR]
63\.100\.194\.2[0-4][0-9]$ [OR]
63\.100\.194\.25[0-5]$ [OR]
# --------------------------------- 63.100.195.32 -- 63.100.195.39
63\.100\.195\.3[2-9]$ [OR]
# --------------------------------- 63.100.200.96 -- 63.100.200.127
63\.100\.200\.9[6-9]$ [OR]
63\.100\.200\.1[0-1][0-9]$ [OR]
63\.100\.200\.12[0-7]$ [OR]
# --------------------------------- 63.100.200.192 -- 63.100.200.223
63\.100\.200\.19[2-9]$ [OR]
63\.100\.200\.2[0-1][0-9]$ [OR]
63\.100\.200\.22[0-3]$ [OR]
# --------------------------------- 192.136.57.0 -- 192.136.57.255
192\.136\.57\. [OR]
# --------------------------------- (next range)
--- etc ---

I checked the by-numerical-listing pages, to see if you could reduce this to say, banning 63.100.194. That's a no go, as that block is split between the US and Nigeria. See pg 4 of [ec-clan.org...] (scroll down).

Alternatively, you could try
RewriteCond %{REMOTE_HOST} \.ne$ [OR]
but it's crucial to add the $delimiter at the end, otherwise you risk catching innocent dial-ups/dsl with ".ne" within the remote host string (ask me how I know this- ugh!).

I'm pretty much a newbie, who has studied dozens of postings in these forums. So if someone catches something wrong here, by all means correct it! Finally, a tip: when I'm testing htaccess, to protect myself, I use a special subdirectory. Only one html file lives there, with one word: ok. If I see it after uploading the htaccess file to that subdirectory, I figure it's "safe" for primetime. If I instead see the 500 server error message, I know I screwed up something, but at least the site itself is not adversely affected while I try to get it together.