This article is about one of your first lines of defence – blocking unwanted visitors/bots from your site, by IP location. Part 2 will look at blocking by User Agent.
Assumptions: you know what an IP address is, you are able to edit .htaccess, or have relevant role/permissions on IIS etc to deny IP addresses.
- Is blocking by country effective?
- Does blocking slow your website down?
- Are there any other disadvantages?
- Which countries should I block?
- Websites listing country IP ranges, and providing code to block them:
Spam: enough said. Hacking: Even new and low visability sites attract hackers. If you regularly check your access logs, chances are you will see series of 404 not founds for similar sounding filenames in a variety of directories. Yep its another script kiddy trying to find vulnerabilities in your website using “off the shelf” black hat programs. They are not fussy, even if you have a static site without database or personal data it WILL be a target. In addition to the security risk, your bandwidth allowance is being used up.
Blocking “visitors” from specific countries – is it effective?
I remember one US ISP blocking all emails from the UK because of one spam email, and a technician who didn’t understand “top level” domains. So I don’t usually adopt the scatter gun approach; however ……
some countries are the origin of more bad than others; so if your aren’t interested in visitors from these places consider blocking them by IP location.
Country of origin can be “faked” and I expected blocking by IP location would only have a small impact on unwanted visits. I was totaly wrong, I blocked 4 countries on my first site and the volume of malicious visitors fell by 2/3rds (guesstimate).
Does blocking slow your website down?
In my experience, not noticeably, when using .htaccess to block 3 to 5 countries. Countries may have a large number of non-consecutive IP ranges; so adding, say France, to your htaccess will increase its size by about 85kb – a lot more file for your server to interpret. However, on my sites, blocking 3 to 5 countries does not noticeably delay page load.
Are there any other disadvantages?
The IP details you obtain for blocking will probably be xx days old so may not be completely up to date; and IP ranges allocated to countries change (slowly) over time. I haven’t checked the rules, but I guess it is possible that a tiny fraction of the IP addresses you block may be re-allocated to countries you do want visitors from. An annual review of countries to block and refresh your blocking list may be advisable.
Issues of completeness and freshness are even more important if you are going to use IP ranges to determine which visitors to allow rather than deny – you may end up disallowing some legitimate visitors.
Another point to remember is that blocking by country IPs will obviously block ALL traffic from these countries, so you won’t be crawled by their local search engines etc but this probably doesn’t matter if your site is of no legitimate interest to people from these locations.
Which countries should I block?
First check your logs (404 not founds etc), much of your unwanted trafffic may be from one or two countries. Ditto the IP address of spam comments.
You could also Google “the top countries for spam” etc. Freshness is important, a list from 3 years ago may not reflect the current sitution.
Countryipblocks.net publish top 10 (black)lists with reasonable regularity. I couldn’t find the lists via their menus, but using their search box (“top 10″ or “top countries”) did the trick.
The US and UK often appear in these lists, these are my key audience so I don’t block them (and I guess it will be the same for many of you).
Websites listing country IP ranges and providing code to block them:
When I first did this I spent ages trying to find a site with reasonably up to date listings of IP by country that were in a copyable form. I then had to spend time editing the copy to insert the relevant block command for each IP address range.
There are now user friendly sites (detailed below) that do much of the work for you. I’ve not commented on the freshness of data – you can check this on the individual sites.
My favourite is Countryipblocks.net, which in addition to its lists identifying which countries originate most spam (see above) also offers a great range of formats for its country listings. Unfortunately, whilst I was writing this article it announced that choice of format will be withdrawn from their free service (I guess only a simple CIDR list will be provided for free). So if you wish to take advantage of their wide choice of formats for free then do so quickly.
You can select a single or multiple countries make (hold down the CTRL key while selecting each country or the SHIFT key to select a range of countries) and choose the format you want.
There are a variety of formats for different systems including htaccess rules for Apache/Nix (just cut and paste the output into your own htaccess, upload, and your done). There is even an “htaccess allow rules format” useful if you have an Apache server and only want say to allow visitors from one or two countries.
ipinfodb.com has a tool to generate a basic CIDR list for one to 20 countries (selected from a list) in one go. It is also possible, via a laborious process, to generate iptable or htaccess rules for single countries.
ip2location.com will generate a list for a single country as CIDR, htaccess allow/deny, or iptables. If you register you can select up to 30 countries in one go.
ipdeny.com single country CIDR (simple list) format
blockacountry.com when I checked: “blockacountry.com is being configured. We’ll be back soon!”.
Author Andy W+