![]() These might be a DigitalOcean Droplet or a bare metal server from InMotionHosting or Rackspace for example. From software firewalls to hosting software and control panels, it’s all in your hands. The two main types are: Bare MetalĪ bare metal or VPS is a machine that you have complete control over. Most hosting companies provide servers in such a way as to make this a feature they cannot offer. Use a Hosting Company That Has Blocking as Part of Their Built-in Controls You can get much more advanced, such as limiting based on what protocol is used, but this is the basic idea. You can generate code by using this tool. htaccess can be as simple as this: Order Deny,Allow ![]() htaccess route anyway, and want to get an accurate, ‘right from the source’, daily updated list of IPs by country, you might start by reading what this guy has done to automate things. It may be fine for a handful of IPs, but these files are read on every request and are not cached it will hurt you eventually. htaccess or Apache config or any other web server ACL to try and block countries. To block the US, you need over 150,000 lines of text! htaccess to block a country, try using ip2location. If you want to see how many lines it would take in. htaccess or Apache config file (or other ACL/firewall) is likely to grow to hundreds of thousands of lines of text if you wanted to block countries yourself this way. It is also a losing game because there are over four billion IPv4 IPs out there and no easy way to segregate them by country. Legitimate users might use proxies too! Be aware if you block a not-so-bad country just because you think they are irrelevant to your traffic, you may have users using proxies or VPNs in that country. A real hacker would not use their own personal IP and there is no guarantee that the IP will always remain with an unscrupulous user. Web admins will rarely block an IP simply because that IP did naughty things once. Just because an IP is from China, it doesn’t mean blocking that IP will do a lick of good in the long run. Legit hackers use proxies or bot farms to do their dirty work. If you are a web admin, you may know that trying to do some things (like block entire countries through. You will have to decide (and check your web stats!) whether blocking particular countries will benefit you or not.īelow are many of the common ways to block countries, with some pros and cons and code samples. ![]() ![]() The same argument can be used for fancy restaurants, resorts, car rentals, commuter services and so on. Even though they cater only to local people who walk in the door for a stay, foreigners traveling to the area will be searching for hotels before they get there. There are some reasons against blocking access to countries too. But when I know that 99% of it is bogus, bots, brute force hacks, vulnerability scanners, and web crawlers, then why wouldn’t I just block China from accessing my site? The difference between 1.9 million pages and 134,000 pages is pretty large, and 1.86GB of bandwidth is not the end of the world. Approximately 50 to 100 brute force attempts at ‘guessing’ the passwords to legitimate user names comes from Chinese IP addresses every day on this site. I also happen to know that 99% of all brute force user password hack attempts are from Chinese IP addresses. The site does not even offer Chinese translation or speak to Chinese issues. We don’t cater specifically for China or advertise to attract Chinese residents. While it is certainly possible that Chinese people may find the content of the forum useful, there is really no explanation for this activity. Here is a screenshot of Awstats telling me that China is responsible for the second-largest volume of traffic to a certain web forum I manage. If you run a personal or even private website, such as a family blog, you may want to highly restrict traffic by default. The same might be true of a carwash, or babysitters, or lawn mowing. If you have a local bookstore and your primary market is local people walking into your store, then there is no need to let any other countries index or waste bandwidth on your server. So, you should not expect significant traffic from them as a matter of course. Many websites are simply not relevant to people in other countries. If you run a website, then by default it is accessible to the whole planet.
0 Comments
Leave a Reply. |