Security Corner

Feb 26 2011   4:17PM GMT

Website Security – How to Block a Country

Ken Harthun Ken Harthun Profile: Ken Harthun

I often consult with people who are running online marketing businesses and soliciting opt-in subscribers to their newsletters. They do this through special landing pages that have forms specific to the information product they are offering. The danger in having such a form live on the web is not unknown–it’s relatively easy to initiate an SQL injection attack.

Another issue is spammers using robots to sign up for newsletters and then using the address of the marketer to attempt to hack the mailing list management service he uses. Most of these services use the marketer’s email address as the account username, so if a hacker or spammer has that information, they can then attempt an attack on the password.

Finally, there is the issue of junk traffic and subscriptions. Naturally, a marketer wants prospects that are not only interested in the products offered, but capable of buying them. Depending on the marketing methods used, traffic can come from anywhere in the world, and often does. My own newsletter at Ask the Geek has a worldwide subscriber audience.

Let’s say we want to block all traffic from China. It’s mostly useless, is spammer/hacker central and they don’t buy anything. Start with http://www.blockacountry.com. When you arrive at the site, look to the sidebar on the right and select the country or countries you want to block. You’ll be asked for your email address. This is OK, it’s just for update purposes. Click the submit button.

You’ll get a pre-configured text that you add to your .htaccess file on your web server. Here’s a look at the concatenated version of what I got:

ErrorDocument 403 http://www.proxynetwork.ws/blocked.html
<Limit GET HEAD POST>
order allow,deny
deny from 1.12.0.0/14
deny from 1.24.0.0/13
deny from 1.45.0.0/16
deny from 1.48.0.0/15
...[[huge list of every IP address in
the country]]...
allow from all
</LIMIT>

You can change the location of the 403 error document to one you have created on your server. Then, just copy and paste or upload the file to your www root folder and you’re good to go. Full instructions are on the referenced website.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: