How to ban all countries but a few from my website

StackOverflow https://stackoverflow.com/questions/8016707

  •  22-02-2021
  •  | 
  •  

Question

I host a forum where the target audience is ONLY U.S., Australia, and Oceania. I would like to know how I could ban all other countries from access to my forum except the three above. I've been having a problem with bots signing up and they are all coming from IPs from other countries, so I think this would fix the problem and would not bother my target audience.

Is there an easy way to do this? Advice would be appreciated.

Was it helpful?

Solution

Bots use proxy servers all around the world. People running bots know how to get around IP blocking.

Using GeoIP to prevent bots from signing up on your system will not really solve the core problem.

Captcha can help to some extent, however it's actually been broken (in the sense that well programmed bots can solve Captcha challenges) for several years.

The StackOverflow model is actually very good... don't let a new user do very much until they get a little bit of reputation (e.g. post something that gets upvoted by other users, or require the first few posts to receive moderator approval).

OTHER TIPS

MaxMind's GeoLite City free database can be easily downloaded, updated, and processed to localize IP addresses.

With this PHP code you may allow selected countries to view your site. All other users will be show blank page with message that they cant access site.

You may set any number of countries by adding && $country != "XY" where XY is code of country which you allow view your site.

It below example Korea and US may view the site while others not. With a little modification, you may also block or allow selected IP's if you want

$userIP = get_ipxx(false);
$country = file_get_contents('http://api.hostip.info/country.php?ip=' . $userIP);

if ($country != "KR" && $country != "US") {
    die ('ERROR : SITE IS UNAVAILABLE');
}

function get_ipxx($ip2long = true) {
    if($_SERVER['HTTP_CLIENT_IP']) {
        $ip = $_SERVER['HTTP_CLIENT_IP'];
    }else if($_SERVER['HTTP_X_FORWARDED_FOR']) {
        $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
    }else{
        $ip = $_SERVER['REMOTE_ADDR'];
    }
    if($ip2long) {
        $ip = ip2long($ip);
    }
    return $ip;
}

The easiest, but rather brute force way would be to get a list of IPs per country (they are normally allocated roughly by country, http://www.countryipblocks.net/). This has the possibility of accidentally blocking people who are legitimate customers, and still allowing people who are not legitimate in to the site, but it should handle 95-99% of the cases. You'll then just set up the firewall or webserver or whatever tech you choose to block any of those IPs.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top