Banning by IP range

DigNap15

Adherent
Joined
Sep 14, 2019
Messages
454
I am new to all of this, and we all have different needs, eg my site is just New Zealand orienated, so I do not want much or any International traffic, other than western orientated Search Engines. other people want all western traffic or Indian or Chinese
I have been doing some research on IP numbers.
ASnd I suddenly thought that would not it have been great if the whole world had a IP numbering systemse simialr to out landlines.
Eg the USA is 00, The Uk is 44, Australia is 61, and New Zealand 64.
So if China had say for exampe IP numbers starting with 22, 23 24 and 25 and New Zealand 64, then it would be easy to ban or allow one country at a server level.
 

mysiteguy

Migration Expert
Joined
Feb 20, 2007
Messages
3,175
I am new to all of this, and we all have different needs, eg my site is just New Zealand orienated, so I do not want much or any International traffic, other than western orientated Search Engines. other people want all western traffic or Indian or Chinese
I have been doing some research on IP numbers.
ASnd I suddenly thought that would not it have been great if the whole world had a IP numbering systemse simialr to out landlines.
Eg the USA is 00, The Uk is 44, Australia is 61, and New Zealand 64.
So if China had say for exampe IP numbers starting with 22, 23 24 and 25 and New Zealand 64, then it would be easy to ban or allow one country at a server level.

You don't want to do it that way, you will in all likelihood block many unintended consequences.

Many IPs, corporate entities, and hosting providers have either sold or leased their IP ranges or parts of them to others, so if you block entire /8 ranges you may end up blocking people in your country by mistake. For instance, there are some Chinese IP ranges inside some of the USA's blocks, and visa versa. Pacific/Asian islands can be especially tricky, since many including Australia and New Zealand have overlap inside of other Asian country ranges.

Use of the other IP range services, select by country, and use that list to block. https://www.countryipblocks.net/acl.php is one of them. And you should update it monthly, IP addresses change hands often. It needs to be a very fined grained approach, which is why I recommend not using .htacccess for it (too much overhead after a few thousand ranges). Use an IPSET with your firewall, which can filter hundreds of thousand ranges with about the same overhead as it would filtering a handful of ranges.
 

DigNap15

Adherent
Joined
Sep 14, 2019
Messages
454
MySite guy
Thankyou very much for the detailed reply.
I have banned three IP ranges with a /8, and the amount of Guests I get has gone way down.
I know there are no New Zealand IP addreses in those ranges. (bearig in mind what you said above)
I had a quick look at that site your recommend, but at $50 per month it is a bit out of the question.
I also need to learn up on the technology of firewalls
I have seen that you do not recommend Cloudfare.
 

Doug Heffernan

Enthusiast
Joined
Feb 28, 2018
Messages
156
MySite guy
Thankyou very much for the detailed reply.
I have banned three IP ranges with a /8, and the amount of Guests I get has gone way down.
I know there are no New Zealand IP addreses in those ranges. (bearig in mind what you said above)
I had a quick look at that site your recommend, but at $50 per month it is a bit out of the question.
I also need to learn up on the technology of firewalls
I have seen that you do not recommend Cloudfare.

No need to pay a lot of money for this. It can be easily done with a mod. You can post a request at xf forum about this.
 

mysiteguy

Migration Expert
Joined
Feb 20, 2007
Messages
3,175
MySite guy
Thankyou very much for the detailed reply.
I have banned three IP ranges with a /8, and the amount of Guests I get has gone way down.
I know there are no New Zealand IP addreses in those ranges. (bearig in mind what you said above)
I had a quick look at that site your recommend, but at $50 per month it is a bit out of the question.
I also need to learn up on the technology of firewalls
I have seen that you do not recommend Cloudfare.

That site has free IP lists. The subscription is if you want automated access to their lists that are updated daily, versus their free monthly updated lists.

Cloudflare is great for static pages, or dynamic pages which do not change often. But for dynamic often updated pages like forums, I prefer to a regular CDN.

Keep in mind when you blocked those ranges, you may have blocked search engine crawlers.
 

MagicalAzareal

Magical Developer
Joined
Apr 25, 2019
Messages
758
China is the top country for spam harvesting. The USA is 2nd. This isn't the same as sending spam.
China is the top country for spam-sending. The USA is 2nd.
China is the 2nd country for dictionary attacks. India is 1st, the USA is third.
China is the top country to comment spamming. The USA is 2nd.
China brings little to no "real" human traffic to most sites outside of China. The USA brings enormous amounts of real traffic to countries all over the world (much like the EU does, the UK and Germany are my #2 and #3 sources of traffic after the USA).
- This information is from projecthoneypot.org, which has close ties with the folks at Cloudflare, and they probably have a better idea of traffic trends than just about anyone. Projecthoneypot is one of the largest and oldest sources of harvesting and bad behavior tracking.

I get it, you're sensitive about China for some reason. But facts are facts, China is notorious for low-quality traffic. Its Internet ecosystem is to a large degree "in country" due to language barriers, the Great Firewall of China, and homegrown search and social networks. There's a valid reason large numbers of people have been asking how to block China for 20 years, because it's a large problem. You'll rarely see people ask how to block the EU, USA, Australia, etc. You do see them asking how to block China, Ukraine, Russia and other sites which have little "positive" traffic.

And frankly, given China's horrific track record with stealing intellectual property, I'd block them on principle alone even if they weren't a scraping source. I have little use for a government that looks the other way while it's businesses rip off hundreds of billions of dollars of intellectual property from the rest of the world. That's not a remark about the people of China, those I've met have been very nice.
That post is from eight years ago lol

I see humans from China occasionally. There are plenty of sites which are not blocked by the Great Firewall, although if you're in China, you will likely find yourself having to use VPNs a lot to access the outside internet.
MySite guy
Thankyou very much for the detailed reply.
I have banned three IP ranges with a /8, and the amount of Guests I get has gone way down.
I know there are no New Zealand IP addreses in those ranges. (bearig in mind what you said above)
I had a quick look at that site your recommend, but at $50 per month it is a bit out of the question.
I also need to learn up on the technology of firewalls
I have seen that you do not recommend Cloudfare.
I do not know much about the laws of New Zealand, but quite a few people in Australia are using VPNs for privacy reasons due to legislation mandating that service providers collect internet search histories and other data.

Some people are not comfortable with the government watching them like this, particularly as none of these players have a particularly good privacy / security track record.
 
Top