PDA

View Full Version : Block Countries?



Todd W
09-12-2006, 07:21 PM
How do I figure out the IP ranges of some countries so that I can block them from my site?

I have a couple countries really visiting and hitting hte site hard but of course $0 to a few pennys a day in income since adsense and even my affiliate offers are NO GOOD for China.

How do I block this junk traffic?

I have a Geo-Trageting DB that I could cross-reference each IP with but I would rather simply BAN the entire country or 20+ IP Masks.

Thanks
-Todd

Todd W
09-12-2006, 07:23 PM
Looks like I can use:

http://www.hackingspirits.com/cyb_forensic/fsic_articles/loc_place.html

And a simple if statement to check the range.

Chris
09-12-2006, 08:11 PM
maxmind.com has a database.

Todd if you have your own dedicated server I recommend APF firewall. Get them to do the install for you and ask them to include banning for whatever countries you do not want.

Personally I've banned china & russia entirely from some of my servers. Its unfortunate for the people in those countries who are honest, but there are too many dishonest people.

Todd W
09-13-2006, 10:45 AM
Good call Chris. I run APF and I think I will have them ban those countries as well.

I was going to use MaxMind but didn't want to have to run a query on each pageload. I'll be trying APF now.

Todd W
09-13-2006, 10:57 AM
I'm going to have them ban:


Turkey
Brazil
China
Russia
Iran


Not sure about: Kuwait, Hong Kong, South Korea, Algeria, Saudi Arabia, Syria

What are you guys thinking about the "NOt sure" countries? Ban them or not.

Todd W
09-13-2006, 10:58 AM
I did a little searching on google and it seems these are good to block too if yo don't want whois.sc snooping.

#whois.sc & inteldomain
169.207.0.0/16
169.207.1.89
198.78.175.26
198.78.175.27
198.78.175.28
198.78.175.29
198.78.175.30

CHina & Korean IP's
http://www.okean.com/sinokoreacidr.txt

Guess I coulda added them to APF myself.... oh-well for $25 I'll be able to get ALL the coutnries blocked, latest apf installed and tweaked :)

Chris
09-13-2006, 11:59 AM
indonesia is another good one, and consider ukraine,

deronsizemore
09-13-2006, 12:34 PM
Is there a way to block countries if I don't have a dedicated server/firewall setup?

Chris
09-13-2006, 12:54 PM
you can always fill your .htaccess with their IP ranges.

AmbulanceBlues
09-14-2006, 03:10 AM
...

Personally I've banned china & russia entirely from some of my servers. Its unfortunate for the people in those countries who are honest, but there are too many dishonest people.

Question from a noob: Are they dishonest because they're stealing your content or because of malicious activity?

Chris
09-14-2006, 07:40 AM
Both, but the reason I block them is mainly the malicious activity.

Todd W
09-14-2006, 10:39 AM
Well RFX has not gotten back to me and I ordered yesterday AM. I e-mailed their sales last night too, and nothing.

I also foundit funny they charged me sales tax and I believe they are in Canada atleast their e-mail was a .CA

Hmm..

I'm blocking them for malicious activity as well as resource/bandwidth hog w/no return for myself.

Todd W
09-17-2006, 12:06 PM
No response from RFX yet, going to call them on monday.

Chris
09-17-2006, 02:04 PM
hmm, suprising.

Todd W
09-18-2006, 04:22 PM
hmm, suprising.

Yep, no one answered "everyone busy".

I left a detailed vmail and am hoping they get back to me soon.

Chris
09-18-2006, 04:33 PM
That is discouraging, of course the fact that APF is their software sorta is a point in their favor for this kind of work. I know other server security companies install APF so you could use them, but going right to the developer seems like the smarter solution.

You could try PMing them on the EV1servers forums, I know they're active there.

Todd W
09-18-2006, 10:21 PM
That is discouraging, of course the fact that APF is their software sorta is a point in their favor for this kind of work. I know other server security companies install APF so you could use them, but going right to the developer seems like the smarter solution.

You could try PMing them on the EV1servers forums, I know they're active there.

Good call I'll do that.

I have APF installed, and while it's not the current version and doesn't block countries... the fact of the matter is like you said I could have had someone else do it! But, for $25 why not have the developer do it and block countries :brow:


Grrrrr.... I'll be PM'ing them on EV1 forum and calling again.

Todd W
09-22-2006, 08:52 AM
Well no call back, no e-mail back.

I guess I need to search EV1 forums for them :flare:

Todd W
09-23-2006, 11:43 AM
No reply on ev1 forums.

Todd W
09-25-2006, 09:32 PM
No call, no e-mail, no pm, no NOTHING.

Did RFX just drop-off?!?!

If anyone has any contact info please provide.

Thanks
-Todd

Chris
09-26-2006, 09:20 AM
that is certainly no way to run a business.

webcs
10-03-2006, 09:16 AM
I'm going to have them ban:


Turkey
Brazil
China
Russia
Iran


Not sure about: Kuwait, Hong Kong, South Korea, Algeria, Saudi Arabia, Syria

What are you guys thinking about the "NOt sure" countries? Ban them or not.

There is a ton of fraud from Veitnam and Korea, I would definitely start there. It all depends what laws those countried enforce.

I mean Sudi Arabia has good laws in place and their policing is good, so it Kuwait. Better than Veitnam form experience, I am shocked that is not on your list.

Todd W
10-04-2006, 09:21 AM
Well RFX did charge my CC/paypal and no response from them.

I'll be calling AGAIN to see what's going on with this! Terrible!

Chris
10-04-2006, 09:47 AM
VEry terrible.

Westech
10-04-2006, 11:46 AM
Sorry to hear about this. I hope it's not indicative of bigger problems within the company. They have some really great products.

If you end up using Maxmind you might want to look into the Apache module (http://www.maxmind.com/app/mod_geoip) instead of using the php API. Of course, if security is part of your reason for doing this you're probably better off blocking them at the firewall level rather than the Apache level.

Todd W
10-04-2006, 11:55 AM
Sorry to hear about this. I hope it's not indicative of bigger problems within the company. They have some really great products.

If you end up using Maxmind you might want to look into the Apache module (http://www.maxmind.com/app/mod_geoip) instead of using the php API. Of course, if security is part of your reason for doing this you're probably better off blocking them at the firewall level rather than the Apache level.

I'll checkout the pache module! I will be using MaxMind for another site for City Geo-Targeting for statistics :)

Todd W
10-16-2006, 04:51 PM
Well I got around to installing the maxminx apache module and C module.

Works great!
I'm using:

GeoIPEnable On
GeoIPDBFile /path/to/GeoIP.dat [my path there though]

SetEnvIf GEOIP_COUNTRY_CODE CN BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE RU BlockCountry

Deny from env=BlockCountry

And am building a list of countries i'm blocking. I tested it blocking US and it said forbidden for me, then I adde dmy IP to allow list and I was let in :) Great!

Westech
10-17-2006, 10:26 AM
Glad to hear it! :)

Don't forget to keep your GeoIP.dat file updated. They release new ones once per month.

Todd W
10-17-2006, 12:44 PM
Well I had to remove the .htaccess file becuase something weird is going on!

It wasn't letting me view it even though I def. did NOT blocK US. If I went to the site it wouldn't load if I hit F5 it would load, if I hit F5 again it wouldn't load, and again it wouldn't load.. it was randomly loading and NOT loading for me.

I think it may have to do with the networksolutions DNS problems going on right now so I disalbed it and am going to test again soon.

Todd W
12-13-2006, 02:39 PM
Update:
Using MaxMind now and it's great. I have it integrated wit Apache + I use the php version for other stuff too.

RFX: NEVER Got back to me anywhere. (Forum, Phone, E-Mail, Etc) :flare: