Blocking Specific Countries.

[TCH-Rob]

Hey gang,

 

I just got this email today;

 

I learnt to know about your store through one of our client.Our store(ALLSTORES )deals in different variety of knifes.My store is willing to purchase some knife  from your store and  It is going to be a very good opportunity for my company to deal with you. I  will want you to reply as soon as possible so that i can give you the quantity of what i want to buy.

 

             For your information my customers are really in need of this product urgently and i\'m short of it in my store,and i wish your store to supply me with these goods as soon as possible.And i will be paying with my credit card info and also will like to know the shipping cost thru FEDEX to nigeria.

 

The thing that caught me was the country to ship to, Nigeria. I am almost positive that Nigerians dont need collectable knives and swords, what with the unrest they are having I am sure they are just trying to survive. Not trying to discriminate or anything but I am also trying to cover my backside.

 

I want to block a few countries from getting to my site, those with high credit card fraud.

 

Should I do this using .htaccess or would that be hard on the server? Is there another alternative?

 

Edit: This is a security issue to me so forgive me if it is in the wrong place. Feel free to move it.

Edited July 21, 2003 by Critical Mass

[leezard]

thats an e-mail scam, i have gotten the same thing several times but they wanted to buy hardware instead (i dont sell hardware)

[TCH-Rob]

I am sure it is, like the Nigerian "I have $40 Million" scam. But it got me thinking, it would be a good idea to just not give those countries where a large percentage of credit card fraud comes from access to the site. I am looking for the best possible option for that.

[Ayman_]

Ok

 

Where do I start.

 

Well first of all my origins are from Pakistan. So this kinda hits home for me.

 

I truly understand the need to block certain users. But please remember, not everyone living in a certain country is bad. This post in no way represents the ideas or thoughts of Total Choice Web Hosting. Its just my ramblings!

 

On with the good stuff.

 

Easiest way to do this is using .htaccess

 

Here is how with .htaccess

 

<Limit GET>

order allow,deny

allow from all

deny from xxx.xxx.xxx.xxx

deny from xxx.

</LIMIT>

 

Simply replace the xxx.xxx.xxx.xxx with the Ip you want blocked. Then re-upload into your public_html folder and thats it. You can also use wildcards like so

 

111.111.111.*

 

Here is a downloadable list of IP to Country mappings.

 

IP to Country Mappings

 

This file is in excel format and is over 21MB in size!

 

This zip file is in excel format. I dont even remember where it came from, so I am sorry to say I cant give credit where credit is due. I compiled this list from .zips from somewhere, anyways the list includes IP to Country mappings for -

 

? Albania: Albania.zip

? Algeria: Algeria.zip

? Argentina: Argentina.zip

? Armenia: Armenia.zip

? Australia: Australia.zip

? Bahrain: Bahrain.zip

? Bangladesh: Bangladesh.zip

? Belarus: Belarus.zip

? Belgium: Belgium.zip

? Bosnia-Herzagovina: BosniaHerzagovina.zip

? Brazil: Brazil.zip

? Bulgaria: Bulgaria.zip

? Canada: Canada.zip

? China: China.zip

? Columbia: Columbia.zip

? Croatia: Croatia.zip

? Cuba: Cuba.zip

? Czech Republic: CzechRepublic.zip

? Denmark: Denmark.zip

? Egypt: Egypt.zip

? Estonia: Estonia.zip

? France: France.zip

? Georgia: Georgia.zip

? Greece: Greece.zip

? Germany: Germany.zip

? Hong Kong: HongKong.zip

? Hungary: Hungary.zip

? India: India.zip

? Indonesia: Indonesia.zip

? Iran: Iran.zip

? Ireland: Ireland.zip

? Israel: Israel.zip

? Italy: Italy.zip

? Japan, part one: Japan1.zip

? Japan, part two: Japan2.zip

? Jordan: Jordan.zip

? Kazakhstan: Kazakhstan.zip

? South Korea: Korea.zip

? Kuwait: Kuwait.zip

? Lativia: Lativia.zip

? Lebanon: Lebanon.zip

? Lithuania: Lithuania.zip

? Macedonia: Macedonia.zip

? Malaysia: Malaysia.zip

? Mexico: Mexico.zip

? Mongolia: Mongolia.zip

? Morocco: Morocco.zip

? Netherlands: Netherlands.zip

? Norway: Norway.zip

? Oman: Oman.zip

? Pakistan: Pakistan.zip

? Philippines: Philippines.zip

? Poland: Poland.zip

? Portugal: Portugal.zip

? Puerto Rico: PuertoRico.zip

? Qatar: Qatar.zip

? Romania: Romania.zip

? Russia: Russia.zip

? Saudi Arabia: SaudiArabia.zip

? Singapore: Singapore.zip

? Slovakia: Slovakia.zip

? Slovenia: Slovenia.zip

? Spain: Spain.zip

? Sri Lanka: SriLanka.zip

? Sudan: Sudan.zip

? Sweden: Sweden.zip

? Switzerland: Switzerland.zip

? Syria: Syria.zip

? Taiwan: Taiwan.zip

? Tajikistan: Tajikistan.zip

? Tanzania: Tanzania.zip

? Thailand: Thailand.zip

? Turkey: Turkey.zip

? Turkmenistan: Turkmenistan.zip

? Ukraine: Ukraine.zip

? United Kingdom: UnitedKingdom.zip

? Uzbekistan: Uzbekistan.zip

? Vatican City: VaticanCity.zip

? Vietnam: Vietnam.zip

? Yemen: Yemen.zip

? Yugoslavia: Yugoslavia.zip

 

Hope this helps.

 

Ayman

[Head Guru]

Ayman -

 

Nice post bro!

 

I am floored with that download you posted, where the heck did you get that kinda information from?

 

Anyways, I am glad your back! This post prooves you are the Spitwad of old!

 

Bill

[TCH-Rob]

Ayman,

 

I agree but a few bad apples make it tough. I am not making enough yet to be able to take any loss due to fraud. I would block only certain users if I knew the ones that were causing the problems. I suppose I could check import laws of those countries that dont allow what I sell and start from there. I dont want to single out an entire country but I am not sure how to stop a bad cc from passing through my site. Even with the extra 3 digit code I am not sure if it is enough.

 

BtW, that wasnt a bad file. I had it in 60 seconds.

[Lianna]

Rob,

 

There are cc processors out there (like 2checkout) that do some verification stuff for you to protect against fraud. It may be worth a look into unless you're dead set on your current process.

[TCH-Rob]

Lianna,

 

I am not dead set on anything yet, just looking into my options. I guess I will check with my cc company.

[TCH-Sales]

That was a whole lot of good information, so good I've added it to the Help and How-To's! I gave ya full credit for it as well Ayman!

 

http://www.totalchoicehosting.com/forums/i...=ST&f=20&t=3311

[Magenta]

wish i could block all of the netherlands they are sucking up all my bandwidth and directlinking in severe high amounts to my graphics! waiting to hear from the help desk if they will do a front door ban on the main ip's that are the worst! Ugh!

I am going to print out this thread and read it later =) Thank you for hitting the topic for me =)

[TCH-Rob]

Magenta,

 

Though I have decided against it, you should be able to hotlink protect against it. If you are looking at blocking all of it though, you can use .htaccess to block the entire country.