SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Guru
    Join Date
    Jan 2007
    Posts
    967
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    Blocking third world countries—a good idea?

    A site I built for a designer was targeted by a brute force attack. The malicious ip addresses came from countries in the former Soviet Union, Thailand, and Vietnam. So I blocked ip addresses coming from those countries in the htaccess file. It worked!

    I was thinking of doing this routinely for all websites that don't have a reason for traffic from those regions. Are there any negative ramifications of doing this?Could it block search engine bots,etc..?

  2. #2
    SitePoint Enthusiast AndyGambles's Avatar
    Join Date
    Jul 2006
    Location
    Scarborough, North Yorkshire, United Kingdom
    Posts
    45
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by eruna View Post
    A site I built for a designer was targeted by a brute force attack. The malicious ip addresses came from countries in the former Soviet Union, Thailand, and Vietnam. So I blocked ip addresses coming from those countries in the htaccess file. It worked!

    I was thinking of doing this routinely for all websites that don't have a reason for traffic from those regions. Are there any negative ramifications of doing this?Could it block search engine bots,etc..?
    The only downside is nobody from those countries can access the site. You might want to look at using a WAF service like Incapsula or Cloudflare to protect your site instead.

  3. #3
    Barefoot on the Moon! silver trophy Force Flow's Avatar
    Join Date
    Jul 2003
    Location
    Northeastern USA
    Posts
    4,606
    Mentioned
    56 Post(s)
    Tagged
    1 Thread(s)
    I have no problem blocking visitors from foreign IPs, especially from countries where a majority of the population doesn't speak English (or whichever language your site is written in). I would rather keep my site a little safer and possibly block a few legitimate users outside of my target audience than risk exposing my site to potential known threats.

    Granted, blocking IPs can be a heavy-handed approach since it's probably safe to assume that there are networks of NATed devices behind each public-facing IP address, but it's free, quick, and easy.

    On the other hand, this practice is more reactive than proactive.
    Visit The Blog | Follow On Twitter
    301tool 1.1.5 - URL redirector & shortener (PHP/MySQL)
    Can be hosted on and utilize your own domain

  4. #4
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,650
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    ... and proxy servers can be used to get around the country IP blocks. This may be quick, it may be easy, but it won't deter anything but the simplest attacks.

    Security is a trade-off and there are better ways to block bad bots like monitoring IP addresses in real time and blocking specific ones based on the number of requests per time period ... Your host should have better implementations to block these attacks, too!

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  5. #5
    SitePoint Guru
    Join Date
    Jan 2007
    Posts
    967
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    There are some sites where there could be legitimate traffic from Uzbekistan, but a site for, say, a restaurant in Providence, RI couldn't possibly have a need for this traffic. So it sounds like there isn't really a downside to blocking traffic from these countries for a local site. Though, the peanut gallery thinks this approach is heavy-handed. The site I added the country wide IP blocking to did have other forms of locking out attackers, but I was getting hundreds of lockout notices a day.

    Thanks for the other tips.

    E

  6. #6
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,141
    Mentioned
    190 Post(s)
    Tagged
    2 Thread(s)
    Yes, if the target audience is local only there isn't much need to fine tune IP blocking for foriegn countries.
    The only legitimate ones that even remotely might be blocked are expatriots wanting to see what's up in the old stomping grounds.

  7. #7
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,650
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    Alan,

    Oh? Are you referring to me (a "Yank-iwi," i.e., a Yank in NZ)?

    Yes, targeting the audience is essential for every website and impacts range from languages (autonegotiation of the language presented or translation engines) to server location (for download speed) to blocking access via requesting IP address. Unfortunately, the latter (blocking access by IP) gets complex (look at the number of IP blocks assigned to the US or China) and CANNOT be successful because proxy servers enable a service request to be originated in the proxy server's country.

    IMHO, hosts do a better job of blocking attacks (they have the resources - $ and apps and knowledge) than any webmaster. Concentrate on the "localization" of your website to suit your target audience rather than trying to block "black hats." The "black hats" have far more tools at their disposal than you can ever hope to block ... and making it a challenge will only encourage them to attack until they beat your blocks (and, likely, deface your website).

    You also asked about blocking search engines. Yes, it can be done (again, more trouble than it's worth) but it's rarely done correctly (in the httpd.conf or httpd-vhosts.conf - which are read on Apache's start - rather than .htaccess - which must load and get parsed many times for EVERY request). Moreover, the {USER_AGENT} value is easily spoofed so "black hats" get around this easily and only the "good guys" will be blocked. Please refer back to the "black hat" comment in the prior paragraph.

    In summary, Website security is a trade-off between cost, convenience and security (data integrity). Unless you have unlimited funds and your visitors can accept delays in data presentation, concentrate on building a website with good (secure - check and double check any input data from a visitor) code and keeping it behind very strong passwords while hosting with a company which knows how to secure their servers from server attacks.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  8. #8
    SitePoint Wizard
    Join Date
    Oct 2005
    Posts
    1,832
    Mentioned
    5 Post(s)
    Tagged
    1 Thread(s)
    Within a few days of registering a new domain name and getting a parking page setup on my server I was getting probed by Russian/Ukranian and Chinese bots looking for vulnerabilities in files that did not exist. When I blocked referrer strings containing tlds from those countries on another site my forum spam dropped to next to nothing.

    My hope for IPv6 is that blocks of IP addresses will be allocated by country so it will be easy to block anyone coming from regions of the world where law is not respected. As far as proxy servers go, there is not much that can be done about that unless you want to spend the time to see if the requesting IP address allows anonymous connections and if so, block them. It wouldn't be feasible to do that on page requests but on login/registration or posting pages that could be done. Not a complete solution.

  9. #9
    SitePoint Member
    Join Date
    Aug 2011
    Posts
    24
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    "Cloudflare to protect your site instead. "

    Thanks for the mention. I just thought I would clarify that our country block would only challenge visitors with a challenge page from a country you "block" in our Threat Control, so human visitors could still enter the site by passing the captcha.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •