PhilG
10-01-2004, 08:15 PM
Hello,
Well I for one am tired of fraudulent orders from the same old countries and I want to educate as many people as possible about stopping or at least lowering such orders on the internet. So here goes my first How-To :-)
Okay lets start.
Step 1 - Obtaining the country codes
Firstly, lets download the database of countries to IP address (which is provided courtesy of webhosting.info):
http://ip-to-country.webhosting.info/node/view/6
Download the zip file, extract it and then upload it to your server.
Step 2 - Setting up the database
Now create two MySQL tables using the following:
CREATE TABLE `country_list` (
`IP_FROM` double NOT NULL default '0',
`IP_TO` double NOT NULL default '0',
`country_code` char(2) NOT NULL default '',
`country_code2` char(3) NOT NULL default '',
`country_name` varchar(50) NOT NULL default ''
) TYPE=MyISAM;
CREATE TABLE country_blocks (
id int(5) NOT NULL auto_increment,
country_code char(2) NOT NULL default '',
KEY id (id)
) TYPE=MyISAM;
Okay now we want to load all the data into the country_list table. It's very quick if you can run this command from a MySQL prompt:
LOAD DATA INFILE '/directory/ip-to-country.csv' INTO
TABLE `country_list` FIELDS TERMINATED BY ',' ENCLOSED BY '"'
ESCAPED BY '\\' LINES TERMINATED BY '\r\n'
Lets also load some countries that have high fraud stats:
INSERT INTO `country_blocks` (`id`, `country_code`) VALUES (1, 'AF');
INSERT INTO `country_blocks` (`id`, `country_code`) VALUES (2, 'DZ');
INSERT INTO `country_blocks` (`id`, `country_code`) VALUES (3, 'BD');
INSERT INTO `country_blocks` (`id`, `country_code`) VALUES (4, 'BG');
INSERT INTO `country_blocks` (`id`, `country_code`) VALUES (5, 'CN');
INSERT INTO `country_blocks` (`id`, `country_code`) VALUES (6, 'HR');
INSERT INTO `country_blocks` (`id`, `country_code`) VALUES (7, 'ID');
INSERT INTO `country_blocks` (`id`, `country_code`) VALUES (8, 'JP');
INSERT INTO `country_blocks` (`id`, `country_code`) VALUES (9, 'MY');
INSERT INTO `country_blocks` (`id`, `country_code`) VALUES (10, 'NG');
INSERT INTO `country_blocks` (`id`, `country_code`) VALUES (11, 'RO');
INSERT INTO `country_blocks` (`id`, `country_code`) VALUES (12, 'SG');
INSERT INTO `country_blocks` (`id`, `country_code`) VALUES (13, 'TW');
INSERT INTO `country_blocks` (`id`, `country_code`) VALUES (14, 'VN');
INSERT INTO `country_blocks` (`id`, `country_code`) VALUES (15, 'EG');
Blocks access from these countries:
AFGHANISTAN, ALGERIA, BANGLADESH, BULGARIA, CHINA, CROATIA, EGYPT, INDONESIA, JAPAN, MALAYSIA, NIGERIA, ROMANIA, SINGAPORE, TAIWAN, VIET NAM.
Step 3 - Doin the PHP
Great, that's that hard stuff! Now lets do the PHP stuff - its pretty easy!
Usually all sites created from php have a common.php or a file that is loaded before anything else if yours is like this then add the following function into that file:
function ip_access_check($ip)
{
$result = mysql_query("SELECT country_code FROM country_list WHERE IP_FROM <= inet_aton('" . $ip . "') AND IP_TO >= inet_aton('" . $ip . "')") or mysql_err();
$row = mysql_fetch_array($result);
$result = mysql_query("SELECT country_code FROM country_blocks WHERE country_code = '" . $row["country_code"] . "'") or mysql_err();
if ($row = mysql_fetch_array($result))
{
header("Location: /blocked.html");
exit;
}
}
If you don't have a common.php or similar then simply create a file called common.php with the function in it and include it in every page that you want using the include(); function.
Notice the "header("Location: /blocked.html");" in the above php function, well you can change this to point to a page that displays a message saying why you have blocked the page.
Now in your index.php and any other pages add the following just after calling the common.php file:
<?
ip_access_check($REMOTE_ADDR);
?>
Step 3 - Testing it
Test by adding your country into the country_blocks and then access that page which you have added the php code to.
Conclusion
I do hope this does lower any fraudulent orders you may get.. Good Luck with your endeavors and please let me know how it goes for you!
-Phil
Well I for one am tired of fraudulent orders from the same old countries and I want to educate as many people as possible about stopping or at least lowering such orders on the internet. So here goes my first How-To :-)
Okay lets start.
Step 1 - Obtaining the country codes
Firstly, lets download the database of countries to IP address (which is provided courtesy of webhosting.info):
http://ip-to-country.webhosting.info/node/view/6
Download the zip file, extract it and then upload it to your server.
Step 2 - Setting up the database
Now create two MySQL tables using the following:
CREATE TABLE `country_list` (
`IP_FROM` double NOT NULL default '0',
`IP_TO` double NOT NULL default '0',
`country_code` char(2) NOT NULL default '',
`country_code2` char(3) NOT NULL default '',
`country_name` varchar(50) NOT NULL default ''
) TYPE=MyISAM;
CREATE TABLE country_blocks (
id int(5) NOT NULL auto_increment,
country_code char(2) NOT NULL default '',
KEY id (id)
) TYPE=MyISAM;
Okay now we want to load all the data into the country_list table. It's very quick if you can run this command from a MySQL prompt:
LOAD DATA INFILE '/directory/ip-to-country.csv' INTO
TABLE `country_list` FIELDS TERMINATED BY ',' ENCLOSED BY '"'
ESCAPED BY '\\' LINES TERMINATED BY '\r\n'
Lets also load some countries that have high fraud stats:
INSERT INTO `country_blocks` (`id`, `country_code`) VALUES (1, 'AF');
INSERT INTO `country_blocks` (`id`, `country_code`) VALUES (2, 'DZ');
INSERT INTO `country_blocks` (`id`, `country_code`) VALUES (3, 'BD');
INSERT INTO `country_blocks` (`id`, `country_code`) VALUES (4, 'BG');
INSERT INTO `country_blocks` (`id`, `country_code`) VALUES (5, 'CN');
INSERT INTO `country_blocks` (`id`, `country_code`) VALUES (6, 'HR');
INSERT INTO `country_blocks` (`id`, `country_code`) VALUES (7, 'ID');
INSERT INTO `country_blocks` (`id`, `country_code`) VALUES (8, 'JP');
INSERT INTO `country_blocks` (`id`, `country_code`) VALUES (9, 'MY');
INSERT INTO `country_blocks` (`id`, `country_code`) VALUES (10, 'NG');
INSERT INTO `country_blocks` (`id`, `country_code`) VALUES (11, 'RO');
INSERT INTO `country_blocks` (`id`, `country_code`) VALUES (12, 'SG');
INSERT INTO `country_blocks` (`id`, `country_code`) VALUES (13, 'TW');
INSERT INTO `country_blocks` (`id`, `country_code`) VALUES (14, 'VN');
INSERT INTO `country_blocks` (`id`, `country_code`) VALUES (15, 'EG');
Blocks access from these countries:
AFGHANISTAN, ALGERIA, BANGLADESH, BULGARIA, CHINA, CROATIA, EGYPT, INDONESIA, JAPAN, MALAYSIA, NIGERIA, ROMANIA, SINGAPORE, TAIWAN, VIET NAM.
Step 3 - Doin the PHP
Great, that's that hard stuff! Now lets do the PHP stuff - its pretty easy!
Usually all sites created from php have a common.php or a file that is loaded before anything else if yours is like this then add the following function into that file:
function ip_access_check($ip)
{
$result = mysql_query("SELECT country_code FROM country_list WHERE IP_FROM <= inet_aton('" . $ip . "') AND IP_TO >= inet_aton('" . $ip . "')") or mysql_err();
$row = mysql_fetch_array($result);
$result = mysql_query("SELECT country_code FROM country_blocks WHERE country_code = '" . $row["country_code"] . "'") or mysql_err();
if ($row = mysql_fetch_array($result))
{
header("Location: /blocked.html");
exit;
}
}
If you don't have a common.php or similar then simply create a file called common.php with the function in it and include it in every page that you want using the include(); function.
Notice the "header("Location: /blocked.html");" in the above php function, well you can change this to point to a page that displays a message saying why you have blocked the page.
Now in your index.php and any other pages add the following just after calling the common.php file:
<?
ip_access_check($REMOTE_ADDR);
?>
Step 3 - Testing it
Test by adding your country into the country_blocks and then access that page which you have added the php code to.
Conclusion
I do hope this does lower any fraudulent orders you may get.. Good Luck with your endeavors and please let me know how it goes for you!
-Phil