Results 1 to 18 of 18
  1. #1

    How to block traffic from all countries but US

    Anyone know an efficient way to block all traffic from countries other than US, UK, AU? I have a specific site that I would like to block all other visitors from, but can't think of a simple solution to doing so.
    Dan Grossman - dan @ awio.com
    My Blog | Affiliate Program for Web Hosts

  2. #2
    Join Date
    Jul 2004
    Location
    Kent, UK
    Posts
    699
    Well, this isn't fool proof, but use GeoIP.
    This basically finds out where the IP address is from using the IP whois database (i think).

    If it's not too critical, you could just do it by region to keep it simple.
    Basically, the first numbers in an IP address are assigned to a certain IP registry (e.g Ripe, ARIN etc etc). Each one basically represents a continent, so you could block it like that.

    http://www.iana.org/assignments/ipv4-address-space shows you where the IP's are.
    I'm not too sure how accurate the last method is anymore, since IP's are all over the place now.
    The top method is the best.
    Andrew Thomas

  3. #3
    They can always use proxy to access the site.

  4. #4
    Join Date
    Dec 2002
    Location
    chica go go
    Posts
    11,858
    I know thebear aka douglas is working on an website that will serve such a purpose. You might be able to catch him on whtirc.

  5. #5
    Originally posted by WireNine
    They can always use proxy to access the site.
    It'll still reduce the amount of work I'm doing.

    Thanks for the suggestion Thomas. I went to MaxMind and installed their Apache module for IP to country. Is anyone outside the US which can test it? I set up a page which contains only:

    PHP Code:
    $country_code apache_note("GEOIP_COUNTRY_CODE");
    $country_name apache_note("GEOIP_COUNTRY_NAME");
    echo 
    "Country: $country_code$country_name"
    http://www.picvault.info/ip.php

    I plan to check if country_code equals US, AU or GB in mod_rewrite rules. Any obvious problems? Thanks again.
    Dan Grossman - dan @ awio.com
    My Blog | Affiliate Program for Web Hosts

  6. #6
    Join Date
    Jul 2004
    Location
    Kent, UK
    Posts
    699
    It got me alright :-)
    Country: GB, United Kingdom
    Andrew Thomas

  7. #7
    Join Date
    Oct 2002
    Location
    EU - east side
    Posts
    21,913
    That link redirects me to awardwinninghosts.com/?from=picvaultban

    "Targeted Visitors" also redirects me to Overture and has been doing so for about a year now.

    Should I be offended?

  8. #8
    Join Date
    Apr 2003
    Location
    Atlanta, Jawja
    Posts
    3,066
    Dan, ouch, LOL! At least he's sending people to a decent page, rather than a page that insults people...
    Douglas Hazard - Certifiable Sports Junkie and Sports Community Enthusiast

    Host of Two Cents Radio - Follow @TwoCentsRadio on Twitter (@BearlyDoug on Twitter)

  9. #9
    I hope by "that link" you meant my signature, since the link in the post contains only what I posted, output of the country from the MaxMind database I just installed.

    I figure I should do something with the traffic rather than waste it, right? I have been banning IP ranges by hand on picvault, and some of those banned users actually bought hosting at the affiliate site. Same for targetedvisitors where I got a list of "problem country" IP ranges from this forum I use, and redirect those to Overture's affiliate program.

    Sorry Dan but you must be getting caught in one of those ranges
    Dan Grossman - dan @ awio.com
    My Blog | Affiliate Program for Web Hosts

  10. #10
    I restricted access to the free image host to: US, GB (UK), AU, NZ, CA, NO (have some friends there)

    Suddenly... NAC's traffic graph for the switch dips down and my average output drops from 7mbps to 1.2mbps. I think the downloads of asian porn have stopped.
    Dan Grossman - dan @ awio.com
    My Blog | Affiliate Program for Web Hosts

  11. #11
    Join Date
    Oct 2002
    Location
    EU - east side
    Posts
    21,913
    Sorry Dan but you must be getting caught in one of those ranges
    I sure am. Maybe I should relocate.

    Dan, ouch, LOL! At least he's sending people to a decent page, rather than a page that insults people...
    That's true. I don't really like it that the inhabitants of my country can't be allowed to see the site though. I can understand not to provide them with the services, but this... Next thing you know, I'll be needing a visa to browse the web.

    BTW Douglas, it seems there's a need for the service you're developing. Good luck with it!

    Suddenly... NAC's traffic graph for the switch dips down and my average output drops from 7mbps to 1.2mbps. I think the downloads of asian porn have stopped.
    So you only have caucasian porn now? (sorry, couldn't resist)

  12. #12
    Originally posted by ldcdc
    That's true. I don't really like it that the inhabitants of my country can't be allowed to see the site though.
    I hate blocking people, really. I have friends all over the world and some of them can't reach some of my sites. However... if I allowed those countries access to the ecommerce sites, but denied them at the payment stage, wouldn't that frustrate you more?

    And with the free services sites, 99.99% of the porno I was hosting (which I have no desire to host) was coming from or being viewed by users outside those countries I listed above, and was threatening to shut down the whole thing on time and costs to manage it. I tried automatically banning IPs when I removed images from the service, but someone else would just replace them with another few thousand images in a day. Since it's the viewing, not the uploading of images, that uses most of the bandwidth, only denying access to upload is insufficient. The uploaders are the sneaky ones that will use proxies and other methods to evade, not the viewers.

    I like providing these services for people, it's not just about money. My free counter/stats site has thousands of users, and does not pay for itself. I've been hosting guestbooks for 6 years, text counters for 3 years, serving millions of ads a month with a free ad rotator service for 3 years, and I take no cut out of the impressions.

    I don't want to have to classify entire countries as "bad", but I'm not seeing a better way to stop those that would abuse the services.

    http://www.awio.net/graph.png
    Dan Grossman - dan @ awio.com
    My Blog | Affiliate Program for Web Hosts

  13. #13
    Join Date
    Jul 2004
    Location
    Kent, UK
    Posts
    699
    Sorry you had to resort to blocking whole countries, but i suppose it's got to be done.

    There are a few alternatives you may like to consider.
    1. Limit uploading per IP address per day (i.e. only 3 uploads per day per ip).

    2. Limiting views for pictures (i.e a picture can only be viewed 20 times a day- you can use a php serving program to do this).

    3. Make users signup/verified/manually confirmed etc?

    I understand your situation though, those options above are time consuming, and will annoy legit users.

    Glad you've got it sorted though.
    Andrew Thomas

  14. #14
    Join Date
    Jul 2003
    Location
    Nothing but, net
    Posts
    2,062
    Obviously the others commenting on blocking countries haven't been in the free services industry long or at all.

    Dan's strategy is common due to abuse. That is just the way it is.

    These services are provided for free and I don't know of any law in place that states what we must do with the bandwidth that we buy.

  15. #15
    Originally posted by thomas7
    1. Limit uploading per IP address per day (i.e. only 3 uploads per day per ip).

    2. Limiting views for pictures (i.e a picture can only be viewed 20 times a day- you can use a php serving program to do this).
    One of the 'features' of my version that makes my friends online and off use it over others is that you can upload as many images as you want. To prevent someone using up tons of bandwidth before I catch it, each image is limited to 50MB per day in downloads. That hasn't stopped those that wish to abuse it, who have no problem writing scripts to mass upload their entire collection again.

    There's tons of tracking going on behind the scenes at the per-user and per-image levels so implementing other restrictions, such as images per user or requiring signup, would be possible in the future. This is one of the reasons this site requires its own database server separate from my others -- it averages around 100 queries per second right now. It needed its own hyperthreading CPU for the image resizing tools it offers, as enough people invoking imagemagick for that could slow down the entire site otherwise. I do want to avoid forcing registration; free as can be is best to me.
    Last edited by Dan Grossman; 05-23-2005 at 04:18 PM.
    Dan Grossman - dan @ awio.com
    My Blog | Affiliate Program for Web Hosts

  16. #16
    Join Date
    Jul 2004
    Location
    Kent, UK
    Posts
    699
    Originally posted by Dan Grossman
    One of the 'features' of my version that makes my friends online and off use it over others is that you can upload as many images as you want. To prevent someone using up tons of bandwidth before I catch it, each image is limited to 50MB per day in downloads. That hasn't stopped those that wish to abuse it, who have no problem writing scripts to mass upload their entire collection again.

    There's tons of tracking going on behind the scenes at the per-user and per-image levels so implementing other restrictions, such as images per user or requiring signup, would be possible in the future. However, I wish to avoid that route, as I don't want to force registration or any goofy anti-bot-checking either.
    Yeah, I understand. Like I said, all the restrictions would inconvience genuine users.
    Andrew Thomas

  17. #17
    Another related question for you guys... do you know if any of the major search engines would have IPs that do not map to the expected parent countries? I would hate to somehow send an Inktomi crawler off to a banned redirect by accident.
    Dan Grossman - dan @ awio.com
    My Blog | Affiliate Program for Web Hosts

  18. #18
    Join Date
    Jul 2004
    Location
    Kent, UK
    Posts
    699
    Originally posted by Dan Grossman
    Another related question for you guys... do you know if any of the major search engines would have IPs that do not map to the expected parent countries? I would hate to somehow send an Inktomi crawler off to a banned redirect by accident.
    Well,
    This is just a hunch.

    BUT, according to Google's About Us pages, they have servers all over the world, yet when i trace the IP's they ALWAYS go to Sunnyvale, CA, US.

    So, i'm in the UK, and that doesn't sound very local to me.
    I'm guessing they have servers closer, but I may be wrong.
    Perhaps all queries are routed to CA before been sent out to other servers maybe....
    Andrew Thomas

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •