How can I deny certain countries access to my website
For about a month one of my websites (or rather the "Contact Us" form on that website) has been under regular, daily, attack from hackers. The attacks are consistently coming from IP Addresses in Rumania and Russia. Each time an attack occurs I use my webhost's cPanel to manually add the IP to my cPanel "IP Deny Manager" list. This is however becoming rather tedious and time consuming and seems the wrong way round to do things as I am denying IP Addresses AFTER they have tried to hack in rather than blocking them BEFORE they attempt it. Is there a way I can simply deny access to my website (or, better, just it's home-made PHP based "Contact Us" form) to all Eastern European visitors? Alternatively, since my website is primarily focused on UK customers, would there be an easier way to deny all visitors access unless they came from UK, USA Canada, Eire or Australia? I realise that this is not specifically a Linux question but any suggestions would be welcome. Ian.
Have a look at http://ipinfodb.com/ip_location_api.php - it will give you a country based upon an IP address. A little bit of scripting should allow you to only enable your "Contact Us" form to work for the countries you select. There's even a bit of PHP to get you started ... Greg On 18 November 2011 09:25, Ian Douglas <aluger@k1ngph1cher.com> wrote:
For about a month one of my websites (or rather the "Contact Us" form on that website) has been under regular, daily, attack from hackers. The attacks are consistently coming from IP Addresses in Rumania and Russia. Each time an attack occurs I use my webhost's cPanel to manually add the IP to my cPanel "IP Deny Manager" list. This is however becoming rather tedious and time consuming and seems the wrong way round to do things as I am denying IP Addresses AFTER they have tried to hack in rather than blocking them BEFORE they attempt it.
Is there a way I can simply deny access to my website (or, better, just it's home-made PHP based "Contact Us" form) to all Eastern European visitors?
Alternatively, since my website is primarily focused on UK customers, would there be an easier way to deny all visitors access unless they came from UK, USA Canada, Eire or Australia?
I realise that this is not specifically a Linux question but any suggestions would be welcome.
Ian.
_______________________________________________ main@lists.alug.org.uk http://www.alug.org.uk/ http://lists.alug.org.uk/mailman/listinfo/main Unsubscribe? See message headers or the web site above!
On Friday 18 November 2011 09:25:58 Ian Douglas wrote:
For about a month one of my websites (or rather the "Contact Us" form on that website) has been under regular, daily, attack from hackers. The attacks are consistently coming from IP Addresses in Rumania and Russia. Each time an attack occurs I use my webhost's cPanel to manually add the IP to my cPanel "IP Deny Manager" list. This is however becoming rather tedious and time consuming and seems the wrong way round to do things as I am denying IP Addresses AFTER they have tried to hack in rather than blocking them BEFORE they attempt it.
Is there a way I can simply deny access to my website (or, better, just it's home-made PHP based "Contact Us" form) to all Eastern European visitors?
Alternatively, since my website is primarily focused on UK customers, would there be an easier way to deny all visitors access unless they came from UK, USA Canada, Eire or Australia?
I realise that this is not specifically a Linux question but any suggestions would be welcome.
Ian.
There is a chargeable service that may help: http://www.ip2location.com/tutorials/redirect-web-visitors-by-country-using-... and-mysql-database
_______________________________________________ main@lists.alug.org.uk http://www.alug.org.uk/ http://lists.alug.org.uk/mailman/listinfo/main Unsubscribe? See message headers or the web site above!
__________ Information from ESET Mail Security, version of virus signature database 6639 (20111117) __________
The message was checked by ESET Mail Security. http://www.eset.com
Stuart Bailey BSc (hons) CEng CITP MBCS LinuSoft (Managing Director) Linux Specialist & Software Developer ~~~~~~~~~~~~~~~~~~~~~~~ Phone: (0845) 658 3563 Direct: +44 (0) 1953 878162 Fax: +44 (0) 1603 858583 ~~~~~~~~~~~~~~~~~~~~~~~ http://www.linusoft.co.uk __________ Information from ESET Mail Security, version of virus signature database 6640 (20111118) __________ The message was checked by ESET Mail Security. http://www.eset.com
On 18 Nov 09:25, Ian Douglas wrote:
For about a month one of my websites (or rather the "Contact Us" form on that website) has been under regular, daily, attack from hackers. The attacks are consistently coming from IP Addresses in Rumania and Russia. Each time an attack occurs I use my webhost's cPanel to manually add the IP to my cPanel "IP Deny Manager" list. This is however becoming rather tedious and time consuming and seems the wrong way round to do things as I am denying IP Addresses AFTER they have tried to hack in rather than blocking them BEFORE they attempt it.
Is there a way I can simply deny access to my website (or, better, just it's home-made PHP based "Contact Us" form) to all Eastern European visitors?
Alternatively, since my website is primarily focused on UK customers, would there be an easier way to deny all visitors access unless they came from UK, USA Canada, Eire or Australia?
I realise that this is not specifically a Linux question but any suggestions would be welcome.
Add a GeoIP lookup to the ContactUs page, and if it's not from where you want display a different output - e.g. "Sorry, you're not allowed to visit this site", or change the response to a redirect to a different contact page. -- Brett Parker
On 18/11/11 10:16, Brett Parker wrote:
Add a GeoIP lookup to the ContactUs page, and if it's not from where you want display a different output - e.g. "Sorry, you're not allowed to visit this site", or change the response to a redirect to a different contact page.
I'd second Brett's suggestion. There are GeoIP libraries for PHP, and for Ubuntu at least all it takes is "sudo apt-get install php5-geoip" to get them installed. Then: geoip_country_code_by_name("<ip.addr.here>") .. will get you the country code. Actually for your purposes, just a continent code lookup may suffice: http://www.php.net/manual/en/function.geoip-continent-code-by-name.php -- Mark Rogers // More Solutions Ltd (Peterborough Office) // 0844 251 1450 Registered in England (0456 0902) 21 Drakes Mews, Milton Keynes, MK8 0ER
I run a forum and the number of spam signups was getting beyond the joke. I used to do as you have been doing and block the IP's but they always popped up again. The majority are from bots and most now can crack a Captcha. What has proved to be most effective is having a simple questions and answer, I just have four that randomly rotate on each sign up. Haven't had a single spam sign up since I done it. http://www.xaprb.com/blog/2006/01/28/captchas-done-better/ gives an idea for PHP coding. ----- Original Message ----- From: "Ian Douglas" <aluger@k1ngph1cher.com> To: "ALUG List" <main@lists.alug.org.uk> Sent: Friday, November 18, 2011 9:25 AM Subject: [ALUG] How can I deny certain countries access to my website
For about a month one of my websites (or rather the "Contact Us" form on that website) has been under regular, daily, attack from hackers. The attacks are consistently coming from IP Addresses in Rumania and Russia. Each time an attack occurs I use my webhost's cPanel to manually add the IP to my cPanel "IP Deny Manager" list. This is however becoming rather tedious and time consuming and seems the wrong way round to do things as I am denying IP Addresses AFTER they have tried to hack in rather than blocking them BEFORE they attempt it.
Is there a way I can simply deny access to my website (or, better, just it's home-made PHP based "Contact Us" form) to all Eastern European visitors?
Alternatively, since my website is primarily focused on UK customers, would there be an easier way to deny all visitors access unless they came from UK, USA Canada, Eire or Australia?
I realise that this is not specifically a Linux question but any suggestions would be welcome.
Ian.
_______________________________________________ main@lists.alug.org.uk http://www.alug.org.uk/ http://lists.alug.org.uk/mailman/listinfo/main Unsubscribe? See message headers or the web site above!
On Fri, Nov 18, 2011 at 1:56 PM, Tony <tony@ttiger.co.uk> wrote:
I run a forum and the number of spam signups was getting beyond the joke. I used to do as you have been doing and block the IP's but they always popped up again. The majority are from bots and most now can crack a Captcha. What has proved to be most effective is having a simple questions and answer, I just have four that randomly rotate on each sign up. Haven't had a single spam sign up since I done it. http://www.xaprb.com/blog/2006/01/28/captchas-done-better/ gives an idea for PHP coding.
Have you noticed any drop off in the number of new user sign ups since you implemented the questions? It's surprising how many people can fail to answer even the most seemingly simple questions correctly.
"Tony" <tony@ttiger.co.uk>
[...] The majority are from bots and most now can crack a Captcha. What has proved to be most effective is having a simple questions and answer, I just have four that randomly rotate on each sign up. Haven't had a single spam sign up since I done it.
When they crack that, http://textcaptcha.com/ is probably the next step. Trouble is, any sufficiently popular site will also attract human spammers, so you also need some anti-spam measures, like not letting people post links just because they've signed up (like: no homepage link in the profile until after they've made N links). As well as most of them being fairly crackable automatically, image and sound captchas also block users with even fairly minor disabilities, so I think they probably make one fall foul of the Equality Act 2010, but I also think we're still waiting for case law. Good luck! -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. Webmaster, Debian Developer, Past Koha RM, statistician, former lecturer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire for various work through http://www.software.coop/
On Fri, 18 Nov 2011 18:16:11 +0000 (GMT) MJ Ray <mjr@phonecoop.coop> allegedly wrote:
"Tony" <tony@ttiger.co.uk>
[...] The majority are from bots and most now can crack a Captcha. What has proved to be most effective is having a simple questions and answer, I just have four that randomly rotate on each sign up. Haven't had a single spam sign up since I done it.
When they crack that, http://textcaptcha.com/ is probably the next step.
I quite like this one: http://random.irb.hr/signup.php But then it may discourage some real signups. Mick
Oh bother. I sent it direct instead of to the list. sorry. On 18/11/11 09:25, Ian Douglas wrote:
For about a month one of my websites (or rather the "Contact Us" form on that website) has been under regular, daily, attack from hackers. The attacks are consistently coming from IP Addresses in Rumania and Russia. Each time an attack occurs I use my webhost's cPanel to manually add the IP to my cPanel "IP Deny Manager" list. This is however becoming rather tedious and time consuming and seems the wrong way round to do things as I am denying IP Addresses AFTER they have tried to hack in rather than blocking them BEFORE they attempt it.
Is there a way I can simply deny access to my website (or, better, just it's home-made PHP based "Contact Us" form) to all Eastern European visitors?
Alternatively, since my website is primarily focused on UK customers, would there be an easier way to deny all visitors access unless they came from UK, USA Canada, Eire or Australia?
I realise that this is not specifically a Linux question but any suggestions would be welcome.
I check $_SERVER["HTTP_REFERER"] at the top of the php in the contact form. If it's not set (ie blank) or it is not the url of the page(a) with the "contact us" button on then I kick them back to page(a). While not foolproof it deters most of the script kiddies. Also you can pick up the .ru etc. from the referer and kick them out. If you are using apache2 with mod_rewrite enabled you have more but rather complicated options. -- nev
Hi Folks, Thanks for all your interesting and useful suggestions. I will try some of them out tomorrow. Thanks again for all your suggestions, Ian.
participants (10)
-
Brett Parker -
Greg Thomas -
Ian Douglas -
Mark Rogers -
mick -
MJ Ray -
nev young -
Ricky Bruce -
Stuart Bailey -
Tony