How to block entire Countries by IP address/range

[S Isaac]

I've seen where I can do this in Cpanel of my host. However, I don't know where to get the list of ip addresses.

Ideally I'd like to block Russia (tons of spoofed emails recently).

To be honest, I'd be quite happy to have just UK visitors with the exception of the required access for Google/Bing bots etc.

I have no interest in anyone from abroad as they would not be potential customers.

Has anyone done this with good results? Especially blocking all bar UK people?

 

[Schnell Solutions]

Have a look at this.

https://dev.maxmind.com/geoip/legacy/geolite/
https://www.maxmind.com/en/geoip2-country-database

 

[astutiumRob]

I've seen where I can do this in Cpanel of my host

Adding several hundred thousand IPs to a deny list is going to grind your site to a halt, assuming the host doesn't remove the ability to do it for causing issues to the server - if you're looking for that level of control they need to be blocked at the firewall on a dedicated server rather than in an application

And it's not _that_ uncommon to block everyone and only let certain IP ranges through

 

[Breffni Potter]

CloudFlare would be the best solution for this. You get plenty of other benefits too.

 

[clusterednet]

You can do this in ConfigFirewall although its not guaranteed as the CIDR lists are huge and may not be accurate.

CC_DENY
CC_ALLOW
CC_ALLOW_FILTER

Take at look at these options in /etc/csf/csf.conf

John

 

[TargetICT]

Configserver Security and Firewall is the best way I know too.

 

[Xtm_Mike]

CloudFlare has a feature baked right in for doing this very thing... you can even challenge (captcha) rather than outright block, in cases where you may still want to allow legitimate users to get through.

You get an additional benefit of an attack being stopped before it even hits your server. Not the case with CSF or any other on-server techniques.

 

[cloudSPRT]

If the problem is spoofed emails then (depending on the way these are generated) I would look at using a lookup (such as ipapi.co) to obtain the visitor info and if they are UK then use Javascript to add the elements to the page that previously has been used to generate the spoof email address (such as mailto tag or contact form). This could also deter bots as a lot of these also do not have Javascript enabled and then UK bots will not see this contact details either.

 

[Anderz]

In my Shopify Shop I use an app called country blocker and it works great. I only need UK traffic like you.

 

[HostXNow]

You may also checkout Imunify360 which allows you to block countries/IP ranges.

 

[Simon.P]

If you are using WordPress, wordfence premium will do this for you

 

[arnydnxluk]

I've seen where I can do this in Cpanel of my host. However, I don't know where to get the list of ip addresses.

It seems that nobody has answered this for you. You can use a tool like the below to generate block lists for your .htaccess file:

https://www.countryipblocks.net/country_selection.php

That said, it's not ideal to block entire countries at this level (the web server) or the application level (e.g. through a WordPress plugin).

Ideally you should block at the firewall level, as some have suggested, but this is unlikely to be of use to you if you're on shared hosting (if it's a managed server, ask your hosting provider to make the block for you).

CloudFlare is a good solution to this problem for shared hosting, you get full control over an application firewall in "the cloud" including the ability to deny entire countries.

Personally I have never in my life found the need to block entire countries. Instead it would be better to tackle the issue at hand - why are you receiving spoof emails? If it's a contact form, get an effective captcha on that. If it's normal spam email, get better spam controls in place!

 

[lazypbx]

Any hard coded solution is a bad idea as IP's will move over time. Your best bet is an API like maxmind . You specifically mention spoofed emails from russia (assuming you mean russian servers, as the emailers could originate from anywhere) in which case you need to address this on your mail server. You should check what blacklisting/greylisting techniques are used for your particular email server, there are various active blacklisting services. I'd recommend for email you'd be better looking at a more comprehensive spam management solution than thinking about IP blocking.

If you want to block other countries or provide a different experience (a better solution imho) then again building your site with an api like maxmind is the way to go, don't hardcode!

 

[blacknight]

You also need to be careful that you don't accidentally end up blocking traffic from Google and other places that you probably want. There are plenty of "sane" solutions that can help filter out "bad" traffic while leaving the legitimate stuff, though your options will depend on what you're using to run the site.