How to block IP-addresses or ISPs of certain countries ?

[erich37]

am just reading a story about internet scams and in this story it is mentioned that "Most ecommerce sites block Nigerian ISPs."

How to do this with XenForo? Is there a way to block e.g. IPs or ISPs from Nigeria ?

http://techcrunch.com/2011/05/15/the-chilling-story-of-genius-in-a-land-of-chronic-unemployment/

 

[Dean]

Maybe?

I use the firewall on my server, have not tried this, though it should work..

 

[erich37]

so now still need to figure the IPs of Nigeria........

 

[HannahP]

I don't know if I would do that.

I work in a business where all of our sales are online, and we get a fair amount of fraud from Nigeria. But we get an equal (or greater at times) number of legitimate accounts from Nigeria. If we blocked them we would miss out on dozens of new accounts every month. Not a lot, but also not a number you would want to turn away at the door.

Unless you're having a very serious problem with Nigeria, blocking them for no reason is counterproductive. It's a big country, and not everyone in it is a thief.

 

[a legacy reborn]

You probably should not block a country...but this should work

41.58.0.0/16
41.67.128.0/18
41.71.128.0/17
41.73.0.0/19
41.73.128.0/19
41.73.224.0/19
41.75.16.0/20
41.75.80.0/20
41.75.192.0/20
41.76.64.0/21
41.76.72.0/21
41.76.80.0/21
41.76.152.0/21
41.76.192.0/21
41.76.248.0/21
41.77.40.0/21
41.78.8.0/22
41.78.12.0/22
41.78.80.0/22
41.78.88.0/22
41.78.100.0/22
41.78.156.0/22
41.78.172.0/22
41.78.208.0/22
41.78.224.0/22
41.78.252.0/22
41.79.4.0/22
41.79.64.0/22
41.84.160.0/19
41.86.128.0/19
41.87.64.0/19
41.138.160.0/19
41.139.64.0/18
41.155.0.0/17
41.184.0.0/16
41.189.0.0/19
41.190.0.0/19
41.190.240.0/22
41.191.108.0/22
41.203.64.0/19
41.203.96.0/19
41.204.224.0/19
41.205.160.0/19
41.206.0.0/19
41.206.224.0/19
41.211.192.0/18
41.215.244.0/22
41.216.160.0/20
41.216.232.0/22
41.217.0.0/17
41.217.204.0/22
41.219.128.0/18
41.219.192.0/18
41.220.64.0/20
41.221.112.0/20
41.221.160.0/20
41.222.40.0/21
41.222.64.0/21
41.222.144.0/21
41.222.208.0/22
41.223.64.0/22
41.223.128.0/22
41.223.136.0/22
41.223.144.0/22
41.223.168.0/22
62.173.32.0/19
62.193.160.0/19
80.248.0.0/20
80.250.32.0/20
82.128.0.0/17
193.189.0.0/18
193.189.64.0/23
193.189.128.0/24
195.166.224.0/19
196.1.133.0/24
196.1.176.0/20
196.3.60.0/22
196.3.180.0/22
196.10.202.0/24
196.22.6.0/24
196.27.128.0/17
196.29.208.0/20
196.32.224.0/23
196.40.192.0/18
196.43.215.0/24
196.45.48.0/20
196.46.20.0/24
196.46.27.0/24
196.46.240.0/21
196.200.64.0/20
196.200.112.0/20
196.207.0.0/20
196.216.144.0/22
196.216.148.0/22
196.216.184.0/22
196.216.251.0/24
196.216.253.0/24
196.216.255.0/24
196.220.0.0/19
196.220.64.0/19
196.220.192.0/20
196.220.240.0/20
197.244.0.0/16
197.253.0.0/18
197.255.0.0/18
197.255.160.0/20
197.255.208.0/20
212.100.64.0/19
217.14.80.0/20
217.117.0.0/20

My bad...that is for a firewall...here is a list for .htaccess

<Limit GET HEAD POST>
order allow,deny
deny from 41.58.0.0/16
deny from 41.67.128.0/18
deny from 41.71.128.0/17
deny from 41.73.0.0/19
deny from 41.73.128.0/19
deny from 41.73.224.0/19
deny from 41.75.16.0/20
deny from 41.75.80.0/20
deny from 41.75.192.0/20
deny from 41.76.64.0/21
deny from 41.76.72.0/21
deny from 41.76.80.0/21
deny from 41.76.152.0/21
deny from 41.76.192.0/21
deny from 41.76.248.0/21
deny from 41.77.40.0/21
deny from 41.78.8.0/22
deny from 41.78.12.0/22
deny from 41.78.80.0/22
deny from 41.78.88.0/22
deny from 41.78.100.0/22
deny from 41.78.156.0/22
deny from 41.78.172.0/22
deny from 41.78.208.0/22
deny from 41.78.224.0/22
deny from 41.78.252.0/22
deny from 41.79.4.0/22
deny from 41.79.64.0/22
deny from 41.84.160.0/19
deny from 41.86.128.0/19
deny from 41.87.64.0/19
deny from 41.138.160.0/19
deny from 41.139.64.0/18
deny from 41.155.0.0/17
deny from 41.184.0.0/16
deny from 41.189.0.0/19
deny from 41.190.0.0/19
deny from 41.190.240.0/22
deny from 41.191.108.0/22
deny from 41.203.64.0/19
deny from 41.203.96.0/19
deny from 41.204.224.0/19
deny from 41.205.160.0/19
deny from 41.206.0.0/19
deny from 41.206.224.0/19
deny from 41.211.192.0/18
deny from 41.215.244.0/22
deny from 41.216.160.0/20
deny from 41.216.232.0/22
deny from 41.217.0.0/17
deny from 41.217.204.0/22
deny from 41.219.128.0/18
deny from 41.219.192.0/18
deny from 41.220.64.0/20
deny from 41.221.112.0/20
deny from 41.221.160.0/20
deny from 41.222.40.0/21
deny from 41.222.64.0/21
deny from 41.222.144.0/21
deny from 41.222.208.0/22
deny from 41.223.64.0/22
deny from 41.223.128.0/22
deny from 41.223.136.0/22
deny from 41.223.144.0/22
deny from 41.223.168.0/22
deny from 62.173.32.0/19
deny from 62.193.160.0/19
deny from 80.248.0.0/20
deny from 80.250.32.0/20
deny from 82.128.0.0/17
deny from 193.189.0.0/18
deny from 193.189.64.0/23
deny from 193.189.128.0/24
deny from 195.166.224.0/19
deny from 196.1.133.0/24
deny from 196.1.176.0/20
deny from 196.3.60.0/22
deny from 196.3.180.0/22
deny from 196.10.202.0/24
deny from 196.22.6.0/24
deny from 196.27.128.0/17
deny from 196.29.208.0/20
deny from 196.32.224.0/23
deny from 196.40.192.0/18
deny from 196.43.215.0/24
deny from 196.45.48.0/20
deny from 196.46.20.0/24
deny from 196.46.27.0/24
deny from 196.46.240.0/21
deny from 196.200.64.0/20
deny from 196.200.112.0/20
deny from 196.207.0.0/20
deny from 196.216.144.0/22
deny from 196.216.148.0/22
deny from 196.216.184.0/22
deny from 196.216.251.0/24
deny from 196.216.253.0/24
deny from 196.216.255.0/24
deny from 196.220.0.0/19
deny from 196.220.64.0/19
deny from 196.220.192.0/20
deny from 196.220.240.0/20
deny from 197.244.0.0/16
deny from 197.253.0.0/18
deny from 197.255.0.0/18
deny from 197.255.160.0/20
deny from 197.255.208.0/20
deny from 212.100.64.0/19
deny from 217.14.80.0/20
deny from 217.117.0.0/20
</Limit>

 

[Anthony Parsons]

http://www.ipdeny.com/ipblocks/ is one quick way to get the most current lists.

There are companies that you can subscribe with, incorporate their software into your website, and thus automatically block countries using a tick and flick approach as you see fit. Just depends on your budget and how far you want to go.

http://www.ip2location.com is probably the biggest of them all that provide more professional solutions, maintaining up to the minute lists on country IP registration blocks.

 

[maidos]

mod_geoip
if you have root access to your server you can just block any country by adding a geoip code on your htaccess

maxmind is a good company as they frequently update their ip database.

alternative is that you install csf and theres an option on control panel either on directadmin, cpanel or just go to csf configuration to block there, where you can block an entire country however the firewall does consume a bit more cpu resources

 

[Ingenious]

Totally agree with maidos, GeoIP is the easiest way to do this, if you have it on your server. You then just specify country codes rather than IP addresses (the actual IP addresses being maintained by GeoIP).

 

[borbole]

There is a mod I believe that allows you to deny contries from registering at your forum.

 

[erich37]

There is a mod I believe that allows you to deny contries from registering at your forum.

for XF?
which one ?

 

[borbole]

for XF?
which one ?

http://xenforo.com/community/threads/deny-countries-from-registering.6176/

 

[erich37]

Maybe?

I use the firewall on my server, have not tried this, though it should work..

View attachment 17079

View attachment 17080

what is the difference in XF ACP of "Banned IP Addresses" and "Discouraged IP Addresses" ?
Will "Banned IP Addresses" be discouraged from registering new accounts or do I need to put the "Banned IP Addresses" into the "Discouraged IP Addresses" are in order to prevent those from registering again ?

in ACP:
how do I move "Banned IP-addresses" towards "Discouraged IP-addresses" ? I want to have the "banned" also to be "discouraged".
Copy & Paste ?

 

[erich37]

the other question I have is this:

If I do not want to block certain "countries", but just IP-addresses of Spammers, is there a way to install this directly on the server instead of using "stopforumspam.com" ?
What is the best or better say most effective way of getting rid of spammers but still be open for normal users ?

Is the hosting-provider generally providing some sort of "IP black-list" to be installed on the server?

Thanks again!

 

[a legacy reborn]

what is the difference in XF ACP of "Banned IP Addresses" and "Discouraged IP Addresses" ?
Will "Banned IP Addresses" be discouraged from registering new accounts or do I need to put the "Banned IP Addresses" into the "Discouraged IP Addresses" are in order to prevent those from registering again ?

in ACP:
how do I move "Banned IP-addresses" towards "Discouraged IP-addresses" ? I want to have the "banned" also to be "discouraged".
Copy & Paste ?

Banned can not view any part of your forum and can not register

Discouraged can view the forum but go through hell to do so and can not register(if you enable that option)

the other question I have is this:

If I do not want to block certain "countries", but just IP-addresses of Spammers, is there a way to install this directly on the server instead of using "stopforumspam.com" ?
What is the best or better say most effective way of getting rid of spammers but still be open for normal users ?

Is the hosting-provider generally providing some sort of "IP black-list" to be installed on the server?

Thanks again!

CloudFlare would work for this as it uses project honeypot or you could install project honeypot yourself. I personally use CloudFlare and rarely get spammers(my more active sites get maybe 3-4 spammers/wk and my less active maybe 1/mo.

 

[erich37]

just blocked Ghana and Nigeria via GEO_IP.

Thanks a lot guys for your great help on this !!!!

 

[damoncloudflare]

Hi,

What you could do if using CloudFlare:
1. Go to your threat control panel.
2. Block by IP or IP range (this fully blocks them before hitting your server).
3. OR you could block by country in your CloudFlare threat control, which would challenge all visitors from those countries with a captcha/challenge page (Bots obviously wouldn't be able to pass).

You can also do create rules in .htacess to accomplish this as well.