FAQs

Everything You Wanted to Know About Country IP Blocks

Country IP Blocks was created as a resource to protect servers, systems and websites from spam, malware, cross-site scripting, website hijacking, hacking, cracking and other malicious activities. When properly implemented, using our network data in your security scripts, firewalls, Access Control Lists or .htaccess files will dramatically improve your I.T. security. More…

Policies Affecting Access and Use of the Website and Database

Currently, all IP data is free to use in your commercial or freeware applications but may not be redistributed or sold. More…

  1. June 28th, 2009 at 04:33 | #1

    I would like to include your address ranges in my product, Proto Balance – protobalance.com

    This would make possible a number of extensions to my product that would be useful to my clients.

    Would your be interested to discuss some kind of arrangement where I could re-distribute your IP address range list?

    Paul Sheer

  2. Mike
    September 18th, 2009 at 22:13 | #2

    My webpage only serves customers in the US. Given the IP range size in the US, what is better to use, allow US or deny World-US? Also what are the performance impacts? And 3rd is it best to put this in hosts.allow/deny or in the firewall?

  3. David
    September 19th, 2009 at 14:44 | #3

    I currently have website under DDOS attack. I’d like to upload you a list of IP’s from my apache log and have you spit out the CIDR’s / ACL in Cisco format that i need to block and also tell me a breakdown by country of where the attack is coming from. Do you know of a tool that can do that for me?

  4. admin
    September 21st, 2009 at 09:32 | #4

    @David
    David:

    Yes, we have such a tool. But we are currently rewriting the code to improve performance. The finished tool she be available soon.

  5. admin
    September 21st, 2009 at 09:49 | #5

    @David
    Based on size, it would be more efficient to do a U.S. Allow.

    The performance imapcts of using such a large list will vary depending on your components: CPU, RAM, etc. We’ve tested some very large ACL’s and noticed fairly insignificant performance impacts on systems with adequate hardware.

    Deciding whether to use hosts.allow/deny, .htaccess or a hardware firewall will be totally dependent on your individual system. Country IP Blocks suggests that you test each option you are considering and choose the one that best suits your needs.

  6. December 1st, 2009 at 13:40 | #6

    Hello
    Last 2 days somone with lebanonis ip is trying to attack my server.
    i got from this web site the list of subnet ips of lebanon
    but it looks that some or meny subnets of lebaon is missing.
    is someone can give me the full list of subnets of lebaon ?
    i need to block it in my iis server.
    thanks in advance :-)
    Issac

  7. admin
    December 1st, 2009 at 16:39 | #7

    Isaac: The complete list of allocated Lebanon IP Blocks is available in our Countries list. The data includes the network block, but not the refined whois data or further segmentation after allocation.

  8. December 23rd, 2009 at 16:31 | #8

    I have been attacked in the past weeks three times by muslims hackers from Syria, Tunisia, Gaza, Lebanon. The firs time they stolen my Administrator password and deleted my template, then I improved as far as I could the securty of my website.
    Then they just defaced the index.php
    I’m just a teacher whit an educational website and I’m not an expert in programming. I use Joomla 1.5.15 in my website. How to block and where the Ips from those countries?

    Thanks for your useful website

  9. Joel
    January 21st, 2010 at 22:19 | #9

    Any word on your Cisco ACL converter?

  10. Stewart White
    January 25th, 2010 at 18:59 | #10

    It is one of many projects we are currently developing. No word on a final release yet.

  11. Dj Padzensky
    March 18th, 2010 at 14:36 | #11

    @Joel- You could always download the list in netmask format, and pass it through a filter like this:

    perl -ne ‘next unless /^\d/; local $”=”.”; ($ip,$nm) = split(“/”); @nmb = split(“\\.”,$nm); foreach(0..3) { $nmb[$_] ^= 255; }; print “access-list 101 deny ip ${ip} @nmb any\n”;’

  12. April 9th, 2010 at 08:41 | #12

    Is there any timeframe for adding IPv6 networks?

  13. Stewart White
    April 9th, 2010 at 10:39 | #13

    We are currently working on adding IPv6 networks to our database.

  14. Davis
    May 13th, 2010 at 22:29 | #14

    Thank you very much for so good solution of ip Blocks.

    But I’ve found many hackers attack my website via web proxy.

    Is there any way to block any access via web proxy as well as the software proxy?

    Thanks !

    (edited by admin to remove hyperlink)

  15. Rick Klein
    May 25th, 2010 at 19:06 | #15

    Question – does adding more elements to your .htaccess file slow down the performance of your website in any way for people who are not blocked? I have a .htaccess file blocking a number of countries, mostly Russia, India, etc.

    Thanks,

    Rick

  16. Stewart White
    May 26th, 2010 at 10:27 | #16

    An extremely large .htaccess file may have a detrimental effect on a website. Whether it does or not will depend on the system. You should test new .htaccess files against the benhmarks you establish and in necessary adjust the size of the file and/or the type of processing performed.

  17. Rick Klein
    May 27th, 2010 at 12:47 | #17

    Thanks for the response – can you tell me though, in terms of bytes, what would be considered an “extremely large” .htaccess file?

    @Stewart White

  18. Stewart White
    May 28th, 2010 at 10:43 | #18

    Keep in mind that the .htaccess file will be read (processed) each time the directory and related subdirectories are accessed. This will be the case regardless of the size of the .htaccess file. Therefore, if you are using .htaccess there will always be a performance hit, though this is usually measured in microseconds and completely unnoticeable.

    Our recommendation is to always use the least amount of data possible in your .htaccess file. This means that you should consider your goals. If your goal is to only allow access to one specific country you should set up your .htaccess file to allow the specific country and by default deny all others. This is more efficient than specifically denying all other countries and by default allowing the one.

    Using the above general rule of thumb you can create the most restrictive and most efficient .htaccess file.

    With that said, we have clients who use thousands of lines in their .htaccess file and experience little to no visible performance degradation. Our recommendation is to develop a security plan and slowly begin testing your .htaccess file. When you begin noticing an unacceptable performance hit then your .htaccess file is too large.

  19. May 28th, 2010 at 16:46 | #19

    Hello,
    Any chance of ever seeing these lists pre-formatted as Cisco ACLs? That would be FANTASTIC! :)

  20. Stewart White
    May 28th, 2010 at 17:09 | #20

    We can do that. We are in the process of deciding on additional formats based on the needs and input of our website visitors. As we provide all our data freely, we need to establish whether to do so with additional ACLs or to provide the custom data services at a very nominal fee to pay for our overhead.

    We would appreciate additional feedback.

  21. George
    June 6th, 2010 at 01:30 | #21

    How can I test to see if an IP block is working. Any way to simulate coming from another country?

  22. Stewart White
    June 7th, 2010 at 09:48 | #22

    You can:

    1.) set up an internal network, simulating various IPs (be cautious not to traverse the internet in this manner or you could experience serious legal and financial repurcussions) and see if your blocks are working.

    2.) Block the IPs of firends and then ask them to try to visit your website, network, etc.

  23. Aaron
    June 9th, 2010 at 17:29 | #23

    Any chance to “consolidate” the lists, or is that an option I’m currently missing? For instance, the US list has 6.0.0.0 – 6.255.255.255 and 7.0.0.0 – 7.255.255.255. That could be consolidated down to one line, saving a lot of space throughout the entire file. If not, does anyone know of any program or script that would chew up the list and spit out a consolidated one?

  24. Stewart White
    June 10th, 2010 at 10:37 | #24

    This is one of the many things we are planning. It’s a matter of progammers and programming time.

  25. June 18th, 2010 at 16:26 | #25

    which of the formats you provide should be used with IIS 7?
    is there a way to add these IPs withouth adding them one by one? Is there a file in IIS 7 that I could copy ranges to?

  1. No trackbacks yet.