SitePoint Sponsor

User Tag List

Results 1 to 13 of 13

Hybrid View

  1. #1
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,756
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    Blocking China and India...

    My website has been getting a fair amount of visitors from China.

    That spells trouble to me.

    How do I block visitors from China and India?

    Thanks,


    Debbie

  2. #2
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,644
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    DD,

    The ip2country websites have lists of IP addresses from all countries. Download their database (or use a look-up tool to log-in) and get those IP address blocks and DENY each block. Unfortunately, you'll find that there are a huge list of blocks (for each) and really should block in the server's conf (or your vhosts.conf) file.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  3. #3
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,756
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by dklynn View Post
    DD,

    The ip2country websites have lists of IP addresses from all countries. Download their database (or use a look-up tool to log-in) and get those IP address blocks and DENY each block.
    Do I have to pay to do that?


    Unfortunately, you'll find that there are a huge list of blocks (for each)
    How reliably can I say, "Block everyone coming from China"??


    and really should block in the server's conf (or your vhosts.conf) file.

    Regards,

    DK
    I have a VPS, so how would I do that?


    Debbie

  4. #4
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,644
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    DD,

    Quote Originally Posted by DoubleDee View Post
    Do I have to pay to do that?
    Generally, no. To use their FULL and frequently updated database, that would be a yes.
    How reliably can I say, "Block everyone coming from China"??
    Not. They can easily use a proxy in the US to circumvent showing their own IP. This can quickly become a game and there a lot of experts over there so you can bet on losing the game. It's just not worth the effort, IMHO.
    I have a VPS, so how would I do that?
    Editing your Apache2.conf file to include
    Code:
    <Directory />
        Options FollowSymLinks
        AllowOverride All
        Order deny,allow
        Deny from {list of IP address blocks}
     </Directory>
    Debbie
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  5. #5
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,756
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by dklynn View Post
    Quote Originally Posted by doubledee
    How reliably can I say, "Block everyone coming from China"??
    Not. They can easily use a proxy in the US to circumvent showing their own IP. This can quickly become a game and there a lot of experts over there so you can bet on losing the game. It's just not worth the effort, IMHO.
    But don't I have a reasonable concern??

    Why would anyone in Russia, China, Iran, etc want to visit my site - which is for U.S.-only consumption - unless they have nefarious intent?


    Quote Originally Posted by dklynn
    Quote Originally Posted by doubledee
    I have a VPS, so how would I do that?

    Editing your Apache2.conf file to include
    Code:
    <Directory />
        Options FollowSymLinks
        AllowOverride All
        Order deny,allow
        Deny from {list of IP address blocks}
     </Directory>
    What does <directory> do?


    What is FollowSymLinks used for?

    What is AllowOverride used for?

    I don't understand your code above.

    The way I have seen it online, you do...
    Code:
    Order Allow,Deny
    Deny From_____
    Allow From All

    It seems like your code doesn't account for Allowing IP's that are not on the Deny list?!


    Debbie

  6. #6
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,644
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    DD,

    Quote Originally Posted by DoubleDee View Post
    But don't I have a reasonable concern??
    Not really - websites are made to be available to the public.
    Why would anyone in Russia, China, Iran, etc want to visit my site - which is for U.S.-only consumption - unless they have nefarious intent?
    You'd be surprised how well foreigners read/speak English. Perhaps they're trying to sharpen their language skills? Okay, not all, certainly, but the gov't trained hackers would quickly get through just about any blocks you could install.
    What does <directory> do?
    Specifies the location you're concerned with, i.e., your root directory (and subdirectories) with the /.
    What is FollowSymLinks used for?
    Enables mod_rewrite.
    What is AllowOverride used for?
    Ditto.
    I don't understand your code above.
    It was pulled from my test server's httpd.conf and is basic to Apache's configuration.
    The way I have seen it online, you do...
    Code:
    Order Allow,Deny
    Deny From_____
    Allow From All
    Yes, but that would normally have a "wrapper" (the <Directory /> ... </Directory> performs that function).
    It seems like your code doesn't account for Allowing IP's that are not on the Deny list?!
    You want me to do your homework for you? The list is LONG and would go in the Deny where you've got the _____'s.
    Debbie
    I did a search for "block Chinese traffic" and received several great links:

    http://www.countryipblocks.net/count...elect-formats/ will provide the list of IP blocks by country in selectable formats.

    http://www.maxmind.com/app/mod_geoip provides an Apache module which you can install for a quick lookup on your server - directions are on the site.

    http://www.parkansky.com/china.htm gives the exact code for China, Russia, etc. by blocking IP address ranges.

    All these are TOO MUCH for an .htaccess file so be sure to only test there briefly before moving to your Apache2.conf file on the production server.

    One clue, though, since you only want US visitors. Reverse the Allow,Deny and list the US IP addresses in the Allow group and it will save you from my being able to view your website (from NZ), too!

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  7. #7
    SitePoint Member
    Join Date
    Feb 2012
    Posts
    10
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You can use a geo-targeting script.

    Using the script, you can choose to redirect China and India visitors to some other sites like Google.

  8. #8
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,756
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by joeyreyes View Post
    You can use a geo-targeting script.

    Using the script, you can choose to redirect China and India visitors to some other sites like Google.
    Can you elaborate some more?

    I'm not following you.


    Debbie


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •