Banning IP ranges?

[Zorro67]

Hi All,

 

i know this is possible to do, but i thought I'd ask for some recommendations from fellow 'CSers.

 

Reading past posts about spammers, is it possible, either in cpanel or WHMCS, or by .htacess, of banning ranges of IP addresses from signing up or even accessing the site?

 

Why i ask is that I'm in Australia, selling basically to local businesses, and I relly don't want to waste time with a 'potential client' from say Nigeria, or some other location with operators known to behave less than above board.

 

If so, can anyone the method, and/or suggest what actual IP ranges would be best avoided?

[lww]

You can automatically generate country based allow and deny lists for use in .htaccess files here: http://www.countryipblocks.net/

 

--Bill

[chrismfz]

In your root shell:

 

# iptables -A INPUT -s 192.168.100.0/24 -j DROP

where 192.168.100.0 the range you want to block

or something like

# iptables -A INPUT -s 192.0.0.0/8 -j DROP

to "ban" (basically block) a entire

A class which is used for countries and regions (APNIC etc) very often (if for example you want to block entire china)

[Zorro67]

Thanks Chris & Bill for your recommendations.

the link gave me exactly what I needed (you might need to check your altas when using).

 

That site was able to give me a text file in the format of my choosing, which I choose to insert into .htaccess.

 

For those following, I don't use root access often, and I wanted an audit trail that is obvious for me later when I forgot how I got there

[generic]

i heard that this really slows down your server, i tried putting a bunch of ips into my server firewall and it crashed (too many ip's)

 

Have you had success with htaccess and the ip 's

[Zorro67]

Hard to know. Seems to be working ok.

Just checked my .htaccess file and its grown by about 190 K . uh-oh

 

Maybe I'll have another look at this as to how to do it perhaps better.

[Zorro67]

Any suggestions about banning blocks by NIC, rather than by IP?

[LeMarque]

I find

 

http://www.configserver.com/cp/csf.html

 

does everything I need - also very active on the cPanel.net forum.

[generic]

yes that is exactly what I use and what crashed when you put in too many ip addresses.

 

if anyone finds a solution that is proven to work other than what is discussed here already, I would be very interested.

[LeMarque]

How many ip's?

Did you block them by range? i.e. 216.109.112.0/24

 

or individually

[Zorro67]

Had to take them out temporarily, due to size.

 

below is the first part of the code

 

# http://www.countryipblocks.net/index.php

 

<Limit GET HEAD POST>

order allow,deny

# Country: AFGHANISTAN

# ISO Code: AF

# Total Networks: 14

# Total Subnets: 65,792

deny from 58.147.128.0/19

deny from 117.55.192.0/20

deny from 117.104.224.0/21

deny from 119.59.80.0/21

deny from 121.58.160.0/21

deny from 121.100.48.0/21

deny from 121.127.32.0/19

deny from 125.213.192.0/19

deny from 202.56.176.0/20

deny from 202.86.16.0/20

deny from 203.174.27.0/24

deny from 203.215.32.0/20

deny from 210.80.0.0/19

deny from 210.80.32.0/19

## Country: AFRICAN REGIONAL INTELLECTUAL PROPERTY ORGANIZATION

# ISO Code: AP

# Total Networks: 95

# Total Subnets: 451,584

deny from 61.14.0.0/18

deny from 61.14.128.0/19

deny from 61.14.160.0/19

deny from 114.29.192.0/19

deny from 119.161.120.0/21

deny from 120.29.192.0/19

etc, etc for another 11000 lines.

 

there must be a better way to do this, such as block a whole NIC, which would include all these ranges.

 

Then all I would have insert the specific code to allow some countries through.

[LeMarque]

Don't think you can do that

 

Here's what I do. Go here... http://www.rustyparts.com - you see 'scripts' at the top menu and grab "phpErrorDoc.php"

 

Be sure when you configure the log file that you use the full path, i.e. /home/yoursitename/phplog/ - or whatever you use.

 

Then when it sends me emails, if I feel it warrants it, I'll enter that ip into CSF.

[Zorro67]

Thanks LeMarque,

 

had a look, but don't think its going to do what I want to do.

 

Sure that logs the IP address of emails in, but I don't want to have to do an IP lookup for every address to see if its from a valid country.

 

What i'm looking to do is essentially be invisible to a range of IP address that many classify as high risk.

 

the spam we take care of another way. I'm look to avaoid the fraud/hacks from those area.

 

Of course there's maxmind, and i'll get to that.

 

I just don't want to be seen by a portion of the planet.

 

Any other ideas, or have I read the purpose of your suggested app wrong?

[ur]

If you have geop IP installed as a module on your server, it makes it quick and easy.

 

There is a solution from maxmind, either using a paid (more accurate) or a free version. You can do just about anything with it, plus it can eleviate firewall stress, as putting too many IP blocks in there can cause slow load times or failures.

[LeMarque]

"phpErrorDoc.php" doesn't log emails, it logs and emails you when a 404 or the like occurs - I found that it not only alerts me to script kiddies but pages that might not be found by the search engines. Without my having to check server logs.

 

But I think you'll overload your server entering that many ips into a software based firewall. As an example go here... http://software77.net/cgi-bin/ip-country/geo-ip.pl

 

and halfway down the page on the right side enter TR (for Turkey) where it says "Country Lookup" and check "show all ips". Then scroll up to the top of the page and you'll see just how many ips you'd need to enter just to block that one country!!!

 

Let MaxMind take care of Fraud, IMHO

[Zorro67]

Thanks for the clarification. Improved error handling would be nice

 

Re maxmind, yes, that's what I'm thinking. Unless some-one else case come up with a couple of line repsonese to blocking an NIC, its just not an option to bloat your .htaccess file by 200kb (and that was just for Africa and middle East)

[Nick]

Perhaps you'd find it easier to change it round; block everything then specifically allow the area you want let through.

[Zorro67]

thanks nick, had thought of that, but imagine if I only let in the US, UK & AUS. The list would still be huge & I end up with the same problem, a huge .htaccess file.

[ur]

Try what I previously suggested. Then all you need to do is add an htaccess directive or some other php/per/ruby script that checks the apache_note("GEOIP_COUNTRY_CODE"). GEOIP_COUNTRY_CODE contains the 2-letter ISO code.

[Zorro67]

Thanks ur, geop Ip not currently on server, so will have to do reearch.

 

however, another thought came to mind.

 

Is it possible to specify wildcards in place of IP addresses?

eg 203.174.*.*

[silentkiller]

Are you guys using Maxmind Min or the paid version?

[Zorro67]

Not yet. I do want that for fraud protection obviously.

 

However my primary concern is to for my sites to become invisible from certain locations. - if you cant be found, its harder to be 'caught'. As the old saying goes - 'an ounce of prevention is worth more than a larger quantity of cure' (paraphrasing badly, he says)

 

However, just had a BFO (Blinding Flash of the Obvious)

cpanel has a built in tool (IP Deny manger) that effectively has a wildcard feature which I might be able to use.

 

Obviously it will require me to sort the list of IP that I want to deny, and then summarise down to a list of something less than 11000 ranges.

 

But its do-able.