Welcome to WebmasterWorld Guest from 184.108.40.206
Forum Moderators: phranque
you can be fairly sure that they will be using one from the same country, though. so you just need to get a list of IP addresses associated with that country.
if you do a google search for 'IP addresses country blocks' you should be able to find an updated list.
This is a little complex, things can go wrong, so fully research before you drop in an .htaccess file with deny directives. Once you are familiar it, it as simple as creating a plain text file containing something like this, and naming it ".htaccess." "#" are comments and will not affect the functioning of the directives.
<Limit GET POST>
allow from all
# specific IP address
deny from 220.127.116.11
# deny a range: 18.104.22.168 - 22.214.171.124
deny from 126.96.36.199/16
# the whole class: 188.8.131.52 - 184.108.40.206
deny from 220.127.116.11/8
# shorthand for previous
deny from 123
1. Even the maxmind database, which is probably the most complete available, still has lots of holes. I've hand written dozens of IP range patches for it.
2. Unless you setup a caching system, doing an IP lookup for every single http access can bring a busy server to it's knees.
It works great. I setup a failsafe country ISO code of XX. Because from time to time it fails to respond - in which case I assume the visitor is from a "friendly" country and I log the blocked visit as from "XX". This way I can monitor how many failed lookups I get.
In general I don't think it works well enough to be of much use beyond targeting advertising to audiences (where it's no big deal if you miss a few).
If you want to make sure nobody from country X can access your site, I doubt it'll work.
If you want to be sure people of country X cannot buy your stuff (cause you don't want to ship there or have too much trouble with getting paid properly), ask the shipping address and if you don't like it, quit there.
Don't forget the Internet is what it is in part because of the surpassing of obsolete country borders. All geo-targeting does is building in those borders again, and it'll backfire as the adopters of the Internet will not agree with you in the long run.
Here is trick I used once and I don't know if it stil works, but the Chinese communist party blocks information regarding Tianamen Square; so what I did was to add a few links to Tienamen square along with anchor text regarding same at the bottom of the page and it worked.
It takes a while until their censors pick up on it but it worked 2 years a go when i tried it.
Most people won't. I'm in the UK and I've blocked off the 'bad neighbourhoods' from our servers for years and our spam level is as near zero as makes no difference and I can't recall the last serious attempt at an intrusion. Blocking potential trouble areas is the most worthwhile way for a sysadmin to spend time IMO. Of course you can never be 100% but it's like fitting extra locks to deter burglars, most of them will go off to find easier victims, and there are plenty of those unfortunately. Or perhaps fortunately<G>?
Just out of curiosity, what are some of the reasons one would want to deny an entire country access to their site?
You would want to block certain countries (China and Russia) because the overwhelming majority of spam, intrusions, scams, bad bots and copyright infringement originate in these countries.. China in particular has the potential to cause a huge number of clicks but the "people" will never buy anything.. In short, nothing good will come from these countries, but plenty of bad things will so it is in the interest of many, if not most western web sites to block traffic from these countries altogether..
I did it a long time ago and guess what?
no break-ins, no bots, 80% reduction in spam
It might be true that you can block a majority of your spam by blocking IPs within China. Then again you could block most of the spam via normal spam blocking techniques such as hidden fields, searching forms for certain keywords, searching forms for links, multiple form submissions from the same IP during a certain period of time, etc. I generally use CAPTCHAs as a last resort however if you add in CAPTCHAs you'll see an even smaller percent of spam getting through.
Personally I just don't like to exclude anybody who might be a valuable customer or community member. Plus I'm freaking sick of getting blocked when going to sites (mostly due to the Chinese gov of course).
Hopefully people in these countries will get so sick of being blocked off from the rest of the world that they'll pressure their governments into doing something to stop the antics of the spammers conmen and virus distributors. Until then they are permanently blocked from all my company's servers, it's much simpler than trying to filter out their spam garbage, much of which is pretty disgusting and highly offensive. We block because of necessity, not choice.
It's an unfortunate fact that certain countries contain a high proportion of spammers, con merchants and general pains in the proverbial, and a low proportion of potential customers. It's probably illegal here in the UK to name the countries concerned but I think most of us know who they are.
I think you are allowed to mention Canada. ;-)