Country IP Blocks™

After blocking Russia/China/Europe & Africa the malicious unregulated individuals from Russia (Mostly Ukraine) went after the spam device units. I had already blocked the ROGUE ranges from ALL of these countries. However, they managed to perform a Denial of Service attack on the Barracuda(s).

However, they were NOT able to reach any of the email servers, web_servers and the IP(s) got put into the Firewall Appliance!

I use this site almost everyday, it has saved the email servers from these malicious attacks that the iptables had no problem dropping their connection so they get ‘dead air’.

The damage they could have done to the email server(s), by trying to fill up the queue or brute_forcing the Linux boxes.

As one person noted Vietnam is horrible, but I am finding the Russian Federation/India/China to all be in the same league of polluted sewer traffic.

I wish they could have their own network, segregated out so they could enjoy spamming/hacking/DoS_attacks to themselves.

Keep up the EXCELLENT work!

Is there a way to contact your to ask some questions about changing to SSL?

Stewart White :

Stewart said: “…found in the 75.0.0.0/10 block.”

OK I just figured out CIDR numbering : ) How certain is it that the list does contain *all* U.S. IPs though?

Stewart said: “Can you clarify your question?”

Just what you explained, that some of the /8 blocks that the IANA chart shows assigned to ARIN, etc. may not just be for those regions anymore. But I’d be interested in whether there might still be some big distribution patterns that could contain all US/Canada IP’s while excluding most/all of the rest of the world.

One thing I did notice is that the database seems to have adjacent blocks that could be merged. For example in looking at the 75.xxx.xxx.xxx section (US allow-only list), it looks like the 68 current “allow” lines could (possibly?) be merged into just “75/8″.

Thanks

@Stewart White
Hi Stewart, thanks for your response. The app sounds interesting, but I’m not in any pressing need here, just doing some research on spam-blocking approaches. So I’ll wait for your final release and check it out then. Security would be a big concern BTW (I’d be leery of any automatic ACL-update feature or web-based login form). And on a shared server can’t be something running continuously in the background.

A general issue I just found is that (if I’m not mistaken) a rotating IP I myself had today from ATT in California is not on the US list — 75.36.xxx.xxx range. That seems to make an “allow US only” approach unusable. (You might warn people of this and recommend only using “exclude” instead.)

Getting back to my concept of “coarser” ranges, is there some reason why even giant blocks like this can’t be used, if you for example just want to block anything outside ARIN (US/Canada)?:

http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml

Has ARIN redistributed some of its assigned IP blocks to other regions or something??

I worry about the server load/response time of running these gigantic lists. (I’d be doing it as htaccess on a hosted shared server.)

What would be useful as an alternative is a coarser approach using larger ranges of IP’s that will allow/block “most” of what you’re trying to do without worrying about being absolute.

I’d personally like a coarse list that will intentionally allow all US/Canada IP’s (this must be certain), while blocking as much of the rest of the world as possible. IP’s from Western Europe/Australia/NZ/Japan OK to let in as efficiency dictates. A target of like maybe 1000 IP ranges listed in total in the htaccess file.

With a few versions expanding this to Western Europe, etc. and the needs of most administrators could be met. If Mongolia gets blocked along with Nigeria not a crisis for a US celebrity gossip blog.

It would be nice if you made your data available in bulk (e.g. via a compressed zip file). That way we wouldn’t have to crawl your /e_country_data directory to get it all

Similarly, if you had a weekly “delta changes” file that would be nice. Something conceptually similar to a weekly backup and daily differential. That way I only have to download the diffs, and hopefully reduce the burden on your webserver.

Overall, thanks for a great service! It is a real PITA to do this anywhere else.

Imquite intrested in this – how do i install it on wordpress ? do i just add the code to the home page?

I get daily visits from india and pakistan and recenly had issues with copyied content from sites designed in those countires and Im getting fed up with it.

@Stewart White
+1 it’s not about freedom of access to the internet, it’s about protecting your assets against bad guys who don’t give a &^%$ about freedom.

It is a shame that there are services like this which undermines freedom of access in the web.

@ JWSmythe
Thanks for sharing this info and script.
I’m keen to use something like this and with perl, as my current bash script is very slow. I tried your script and get an error:
line 3, near “= ;”

I’m not the best when it comes to perl, any suggestions to what is causing this?

Also is anyone using IPSET with Debian to load up the blocked addresses, I understand IPSET is specifically made for speeding up this type of function with iptables. The problem is IPSET requires some sort of kernel patching which I’m not keen to do.

Thanks

Really nice tool !
No more worry about Rus Spammers !

@RS

Actually, these files drop in very nicely in iptables rules. You just have to make your firewall script a little smart about it. This may be drop-in code. Adjust to your liking. This is just a snippet from one of my scripts.

— Bash script to create enemies.list —
# download the *_netmask.txt lists of your choice
cd /etc/firewall
wget -q http://www.countryipblocks.net/e_country_data/CN_netmask.txt
wget -q http://www.countryipblocks.net/e_country_data/RU_netmask.txt
cat *_netmask.txt | grep -v ^# > /etc/firewall/enemies.list
— End Bash script

— Begin Perl script —
$enemy_list = “/etc/firewall/enemies.list”;
open (IN, “$enemy_list”) || print “No enemies found in $enemy_list.\n”;
@enemies = ;
close (IN);

foreach $curenemy(@enemies){
$curenemy =~ s/\n//g;
print “Blocking $curenemy\n”;
$c = “iptables -A INPUT -s $curenemy -j DROP”;
system(`$c`);
};
— end Perl script

Just wanted to say a quick thanks for such a fantastic resource.
Since using your top 10 list, my malicious traffic has dropped from around 1500 attempts per day to 4-5.

Thank you so much for this fantastic service. I can stop India from offering me a top placement website now.

i have a query…
for a site..the client need to
deny only Canada country ..i do that by htaccess http://www.countryipblocks.net/ by this…is works fine

But now they ask allow one url like contact us page…..of that site to Canada people…is this possible if yes give me a solution

The following address does not seem to be listed as a Belgian IP:
84.199.12.xx

Best regards,

@Stewart White
Stewart, great site! I love it and use it all of the time.

Two really good ideas I have…

First: When selecting from that list. I always have to hold down Ctrl and scroll through all of the countries and click each one. Sometimes I let go of Ctrl and I have to start clicking all over again. Would be cool if there was a side by side selection. Where the select window was on one side and you can select one and click a button and it would copy that single selection to another select window. So you can like build your list that way.

Second: When clicking the button to process the country list, if there are a ton of entries, it takes forever for all that info to load in the browser and literally slows down my beefy computer to copy and paste that whole window into textpad. Because when I select my countries there are over 10,000 CIDR entries (lines). So, instead of opening another window and listing all of the entries, just have it open a pre-processed txt file so I can save it to my desktop.

Thanks again,

Shawn

Your website is awesome! Let the public know if there is any funding option needed!

Ready to collab!

Cheers from Ireland

I am working on a new !joomla Website and I came across your site while researching the security checklist. I think that this one of the best resources I have found so far for blocking I.P addresses.

This brings me to 2 questions….
Do you provide access to your IP data in a remotely accessible format (IE can I link to your table data for importing updates to my .htaccess files) and 2. would you consider supporting a !Joomla Admin component that would allow potential customers/ site traffic to rely on your database as a resource for providing IP blocking security to their sites? Just a thought…

Can you rename my country as Taiwan, not “Taiwan, Province of China”? All people on earth know Taiwan is not part of China, except China communist government.

Thanks for this service.

I couldn’t find an email address anywhere on your website, in case I’d want to start a conversation about reusing the data that you have in a service.

You have my email address now (had to put it in to be able to post), so please contact me

Thanks for the great recourse, it is a valuable tool for spam reduction/hacking attempts. It would be nice to have the option to block by continent. Keep up the great work!

Hi, This is a great reference. I though am not so script savvy and wondered if you can help with something. I currently am using .htaccess to use your blocks and I do use that same file for other things in my site. I don’t like to play with a file like that too frequently. I use cPanel and wondered if all that you have talked about here has anything in reference to automatically updating IP Blocks. Also, in my admin part of my site I have the ability to block IPs as well. I wondered if one of your files I can simply import to the php database for example.

Thank you for such a great site and reference.

Ken

I cant seem to find an actual answer to this thought google, my sites country specific so i used the allow script to only allow the ip ranges within my country as my site serves absolutely no purpose to anyone in any other country.

By using this allow/block method/s does that also mean that if America is blocked am i then effectively blocking all American search engines like google and yahoo or do they fall outside the provided range and if not could you perhaps point me in the direction of blocking countries but allowing specific bots.

Thanks

I agree with the iptables list. I ultimately just use your lists (with a little bit of doctoring via vi) to just flat out deny postfix connections. Works well.

iptables -I input -s subnet/cidr -j DROP # Country name i.e. china

would really be quite wonderful.

Thank you for making this website, I had thought we needed a site like this before. I personally am a big fan of banning whole countries, and do it on a lot of my sites or servers where I am, quite frankly, not the least bit interested in serving russian customers, or whatever. For sites that are only meant for a single country, or say, english speaking westerners, banning the notorious countries (russia, india, north korea, all of africa, etc) reduces almost all your spam.

Hello, I’m wondering if it is possible to block ip’s by states (in USA) using the htaccess format and where I can find the ranges. Regards.

Is a tool available that can accept a list of IP addresses and simplify/shorten it as much as possible?

Wonderful service. Thanks!

Hi, no results from the following:

# Country: KOREA, DEMOCRATIC PEOPLE’S REPUBLIC OF
# ISO Code: KP
# Total Networks: 0
# Total Subnets: 0

Hi,
My site is private and no one knows about it. I check my access logs and I see some guys from Turkey. I copied and paste the entire deny codes from your site but there are some that aren’t on it because I still see them around. Sorry but I’m not an expert in IPs at all. My questions are:

1) Doesn’t a user’s ip address changes constantly?

2) If so, how do you block that user if his ip keeps changing?

3) For example, if his IP is 64.57.64.57 for today and tomorrow it’s something else, how do you go about blocking him?

4) Can you provide a sample deny code with above ip address to get an idea how the code is structured?

Thank you!

Do you have an external API where your db can be queried (for input into iptables, etc)?

Also, how frequently to you verify your db information?

Lastly, this is great, as I have been looking for this (or do it myself) for a long time now.

-DTH

Super duper.. had to come back to see what you thought.

iptables -A INPUT -s 62.217.192.0/18 -m state –state NEW -j DROP

And create a script that adds the iptables -A INPUT -s to the front,
and -m state –state NEW -j DROP to the rear of your IP block lists.

This would be very helpful. Not too many admins are willing to change firewalls, or scripts all the time. And as I mentioned, many of the scripts will not allow for having a list in the formats that you have on the site.

I would add an iptables format to your site. and then have your script generate the iptables commands for the lists you already have.

This would be “very” useful.

This would be pretty good if you would add a true iptables script. Where it output in complete iptables format. Many firewalls do not support full blown blacklist by subnet. But if it generated complete iptables rules for each of the subnet, you could dump it and run a simple script to block.

Just some thoughts

Got a spam message from the following IP in Brazil – seems this company’s IPs aren’t on anyone’s list yet:

189.27.177.184

Hi…whenever I try to add the .htaccess deny code to my .htaccess file, I get a Server Error 500. I’m on GoDaddy, and using FileZilla with the transfer mode set to ASCII. I’ve heard of using Cpanel, but GoDaddy doesn’t seem to have that.

My firewalls are so noisy with traffic, I don’t know where to begin. But your website helps me to create the necessary deny rules to cut down the noise to a manageable level. Its far easier to allow traffic to questionable zones then to just allow “all” and block only when “discovered”.

Thanks a billion and keep up the good work.

Rob

A great service!

Thank you for the information.

Thanks,
Anthony

Dear Sirs,

Thanks you for great service. It is best tool which i ever use to ban the IP from Vietnam.

Thanks you again.

VU KIMSON
Sale administrator

KIMSON Handicraft Co., LTD