you can't really block just one city, because it's highly unlikely that everyone in the city will be using an internet provider from the same city.

you can be fairly sure that they will be using one from the same country, though. so you just need to get a list of IP addresses associated with that country.

if you do a google search for 'IP addresses country blocks' you should be able to find an updated list.

if i get that list how do i block them then.

the usual way is to put them all into a database, and then check them against each user when they visit. but if you just want some easy PHP at the top of your pages then something like this should do it...

$deny=array(
"111.111.111",
"222.222.222",
"333.333.333"
);
if(in_array($_SERVER['REMOTE_ADDR'],$deny)){exit;} 

If you have an Apache server, you can do this without scripting. Scripting will still allow them to poke around your site. Additionally you'd have to do it on all files, and change it every time a new one comes up.

This is a little complex, things can go wrong, so fully research before you drop in an .htaccess file with deny directives. Once you are familiar it, it as simple as creating a plain text file containing something like this, and naming it ".htaccess." "#" are comments and will not affect the functioning of the directives.

order allow,deny
<Limit GET POST>
allow from all

# specific IP address
deny from 123.123.123.123
# deny a range: 123.123.0.0 - 123.123.255.255
deny from 123.123.0.0/16
# the whole class: 123.0.0.0 - 123.255.255.255
deny from 123.0.0.0/8
# shorthand for previous
deny from 123
</Limit>

yes I have blocked some now, works fine

To block whole country or some IP ranges you may use mod geoip its best free solution i have seen till now ( for apache only)

Where are the most up-to-date IP lists to be found? I never know which lists are the most current, so although it's not too hard to find IP lists I'm never sure how accurate they are.

benevolent001
I just finished reading your July post

about mod geoip [webmasterworld.com]

How did you end the "saga"?

If you could finish it
then it will become a valuable tutorial :)
Thanks

I have this same urge all the time but keep in mind the following:

1. Even the maxmind database, which is probably the most complete available, still has lots of holes. I've hand written dozens of IP range patches for it.

2. Unless you setup a caching system, doing an IP lookup for every single http access can bring a busy server to it's knees.

I use the MaxMind API and only block access to specific areas such as login, purchase, etc.

It works great. I setup a failsafe country ISO code of XX. Because from time to time it fails to respond - in which case I assume the visitor is from a "friendly" country and I log the blocked visit as from "XX". This way I can monitor how many failed lookups I get.

Bill

I tried to only accept US IP
but it was a tough proposition
I too have added a bunch of ranges
but had to quit doing it
reason:
There is no way to get the ATT DSL range from them
and my DB had too many holes so I decided against that system.

There is a website you can use to look up ip addresses by country.

Since we can't put web addresses on this message board....

Type in "block a country" in Google. 1st result.

we use maxmind api, and works great fast and reliable, althogh you need to update frequently

Use your firewall to block off the IP ranges of whole regions such as Apnic, Ripe, Afrinic and Lacnic. A lot of the time you can block a whole /8 but much of the time you'll be blocking /24 blocks so you'll need a lot of patience. My IP tables scripts are hundreds of lines long but it doesn't seem to slow my servers down at all.

Don't forget that no matter how accurate the database (none ae very accurate), you will still have errors with people who are on a a trip abroad, with companies surpassing country boundaries and their internal network having just a few exits in just a few countries. And the I didn't even talk about TOR or open proxies used to evade geo-targeting.

In general I don't think it works well enough to be of much use beyond targeting advertising to audiences (where it's no big deal if you miss a few).
If you want to make sure nobody from country X can access your site, I doubt it'll work.
If you want to be sure people of country X cannot buy your stuff (cause you don't want to ship there or have too much trouble with getting paid properly), ask the shipping address and if you don't like it, quit there.

Don't forget the Internet is what it is in part because of the surpassing of obsolete country borders. All geo-targeting does is building in those borders again, and it'll backfire as the adopters of the Internet will not agree with you in the long run.

How to block china:

Here is trick I used once and I don't know if it stil works, but the Chinese communist party blocks information regarding Tianamen Square; so what I did was to add a few links to Tienamen square along with anchor text regarding same at the bottom of the page and it worked.

It takes a while until their censors pick up on it but it worked 2 years a go when i tried it.

I echo the use of Geoip from Maxmind. We block pricing and cart from countries outside the US and Canada. It works well and does not slow down the pages. A subscription to the country database is cheap around $100 per year. The db is downloaded and resides on your server for fastest results. You can also buy the city version but it's much more expensive.

So then they use proxies.

"So then they use proxies"

Most people won't. I'm in the UK and I've blocked off the 'bad neighbourhoods' from our servers for years and our spam level is as near zero as makes no difference and I can't recall the last serious attempt at an intrusion. Blocking potential trouble areas is the most worthwhile way for a sysadmin to spend time IMO. Of course you can never be 100% but it's like fitting extra locks to deter burglars, most of them will go off to find easier victims, and there are plenty of those unfortunately. Or perhaps fortunately<G>?

I can say now I have found a site where you can choose a country, then they have a .htaccess code/list of IPs which is then blocked worked perfect and its free.

I'd be careful of free lists, there are certain IP addresses we DON'T want to block.

Just out of curiosity, what are some of the reasons one would want to deny an entire country access to their site?

It's an unfortunate fact that certain countries contain a high proportion of spammers, con merchants and general pains in the proverbial, and a low proportion of potential customers. It's probably illegal here in the UK to name the countries concerned but I think most of us know who they are.

Most of the spam comes from the US and the UK I've heard. Then again most of it is routed through Chinese and Indian servers. Its too bad you guys don't try alternative spam protection techniques instead of blocking millions of potential customers (China for instance has millions of expats such as myself), nearly all of whom use the Internet.

Just out of curiosity, what are some of the reasons one would want to deny an entire country access to their site?

You would want to block certain countries (China and Russia) because the overwhelming majority of spam, intrusions, scams, bad bots and copyright infringement originate in these countries.. China in particular has the potential to cause a huge number of clicks but the "people" will never buy anything.. In short, nothing good will come from these countries, but plenty of bad things will so it is in the interest of many, if not most western web sites to block traffic from these countries altogether..

I did it a long time ago and guess what?

no break-ins, no bots, 80% reduction in spam

Most of the spam comes from the US and the UK

<snicker> yeah it must be a conspiracy to frame the Chinese.. Thanks for the great advice comrade..

I'm just living in China, I'm actually an Oregonian.

It might be true that you can block a majority of your spam by blocking IPs within China. Then again you could block most of the spam via normal spam blocking techniques such as hidden fields, searching forms for certain keywords, searching forms for links, multiple form submissions from the same IP during a certain period of time, etc. I generally use CAPTCHAs as a last resort however if you add in CAPTCHAs you'll see an even smaller percent of spam getting through.

Personally I just don't like to exclude anybody who might be a valuable customer or community member. Plus I'm freaking sick of getting blocked when going to sites (mostly due to the Chinese gov of course).

"Plus I'm freaking sick of getting blocked when going to sites (mostly due to the Chinese gov of course)."

Hopefully people in these countries will get so sick of being blocked off from the rest of the world that they'll pressure their governments into doing something to stop the antics of the spammers conmen and virus distributors. Until then they are permanently blocked from all my company's servers, it's much simpler than trying to filter out their spam garbage, much of which is pretty disgusting and highly offensive. We block because of necessity, not choice.

It's an unfortunate fact that certain countries contain a high proportion of spammers, con merchants and general pains in the proverbial, and a low proportion of potential customers. It's probably illegal here in the UK to name the countries concerned but I think most of us know who they are.

I think you are allowed to mention Canada. ;-)