December 22nd, 2013, 08:02 PM
Excessive visits from China
I have a dedicated server where I host a few domains struggling to make a living. One of the domains I host is there just for me to "play" and learn. I installed phpbb to learn how to configure it and learn from it. The forum was open only for me and no one else. Recently I checked the access graph and I saw that there were thousands of hist every day from China. Eventually the domain that I had reached its bandwidth limit and it stopped serving data.
They were hitting the server pages 30,000 to 80,000. My customers are all from the US. The customer has an ID and password and the data is there for the customers only and no one else.
Is there a way to block visitors from other countries? Or is there a scheme that I could implement to completely block rogue visitors?
December 22nd, 2013, 09:03 PM
maybe something like THIS?
December 22nd, 2013, 09:13 PM
I will check it out. I deleted the phpbb data because I didn't waste my bandwidth but I will recreate it and report here again.
First I will create the forum and wait for the hits to begin and then I will implement the suggested solution.
January 15th, 2014, 08:27 AM
Ip2location should help.
I am curious though: have you also considered blocking at a lower level than at apache(app) level?
January 15th, 2014, 09:42 AM
I will check your suggestion.
I found ipinfo.io that allows me to detect the country and I incorporated it into my websites. Now, I produce an error "Database Error! Connection Failed?" I also created a table and I add the failures and successes, country of origin, page they visited and if I decided to allow or block the visitor. Now I get visits from China but they go away and don't comeback.
I am very interested in learning how to do it in apache but I don't want to do it via IP.
There are lots of places where you can download a list of IPs for each country but the IPs I had did not match and I gave that idea up quickly.
January 15th, 2014, 09:50 AM
It is just that if you block at iptables or network level, your server will not be burdened as much as you will if you allow it to go to the web server(apache, here). But if you have a shared account on a server - and not root access - then a web site level block may be the only option.
If country is not the only block you want and you would also like to block other rogue IPs, you could use this free API. apis.secpanel.com
Originally Posted by epanagio