FAQs
May 13th, 2009
Everything You Wanted to Know About Country IP Blocks
Country IP Blocks was created as a resource to protect servers, systems and websites from spam, malware, cross-site scripting, website hijacking, hacking, cracking and other malicious activities. When properly implemented, using our network data in your security scripts, firewalls, Access Control Lists or .htaccess files will dramatically improve your I.T. security. More…
Policies Affecting Access and Use of the Website and Database
Currently, all IP data is free to use in your commercial or freeware applications but may not be redistributed or sold. More…
I would like to include your address ranges in my product, Proto Balance – protobalance.com
This would make possible a number of extensions to my product that would be useful to my clients.
Would your be interested to discuss some kind of arrangement where I could re-distribute your IP address range list?
Paul Sheer
My webpage only serves customers in the US. Given the IP range size in the US, what is better to use, allow US or deny World-US? Also what are the performance impacts? And 3rd is it best to put this in hosts.allow/deny or in the firewall?
I currently have website under DDOS attack. I’d like to upload you a list of IP’s from my apache log and have you spit out the CIDR’s / ACL in Cisco format that i need to block and also tell me a breakdown by country of where the attack is coming from. Do you know of a tool that can do that for me?
@David
David:
Yes, we have such a tool. But we are currently rewriting the code to improve performance. The finished tool she be available soon.
@David
Based on size, it would be more efficient to do a U.S. Allow.
The performance imapcts of using such a large list will vary depending on your components: CPU, RAM, etc. We’ve tested some very large ACL’s and noticed fairly insignificant performance impacts on systems with adequate hardware.
Deciding whether to use hosts.allow/deny, .htaccess or a hardware firewall will be totally dependent on your individual system. Country IP Blocks suggests that you test each option you are considering and choose the one that best suits your needs.
Hello
Last 2 days somone with lebanonis ip is trying to attack my server.
i got from this web site the list of subnet ips of lebanon
but it looks that some or meny subnets of lebaon is missing.
is someone can give me the full list of subnets of lebaon ?
i need to block it in my iis server.
thanks in advance
Issac
Isaac: The complete list of allocated Lebanon IP Blocks is available in our Countries list. The data includes the network block, but not the refined whois data or further segmentation after allocation.
I have been attacked in the past weeks three times by muslims hackers from Syria, Tunisia, Gaza, Lebanon. The firs time they stolen my Administrator password and deleted my template, then I improved as far as I could the securty of my website.
Then they just defaced the index.php
I’m just a teacher whit an educational website and I’m not an expert in programming. I use Joomla 1.5.15 in my website. How to block and where the Ips from those countries?
Thanks for your useful website
Any word on your Cisco ACL converter?
It is one of many projects we are currently developing. No word on a final release yet.
@Joel- You could always download the list in netmask format, and pass it through a filter like this:
perl -ne ‘next unless /^\d/; local $”=”.”; ($ip,$nm) = split(“/”); @nmb = split(“\\.”,$nm); foreach(0..3) { $nmb[$_] ^= 255; }; print “access-list 101 deny ip ${ip} @nmb any\n”;’
Is there any timeframe for adding IPv6 networks?
We are currently working on adding IPv6 networks to our database.
Thank you very much for so good solution of ip Blocks.
But I’ve found many hackers attack my website via web proxy.
Is there any way to block any access via web proxy as well as the software proxy?
Thanks !
(edited by admin to remove hyperlink)
Question – does adding more elements to your .htaccess file slow down the performance of your website in any way for people who are not blocked? I have a .htaccess file blocking a number of countries, mostly Russia, India, etc.
Thanks,
Rick
An extremely large .htaccess file may have a detrimental effect on a website. Whether it does or not will depend on the system. You should test new .htaccess files against the benhmarks you establish and in necessary adjust the size of the file and/or the type of processing performed.
Thanks for the response – can you tell me though, in terms of bytes, what would be considered an “extremely large” .htaccess file?
@Stewart White
Keep in mind that the .htaccess file will be read (processed) each time the directory and related subdirectories are accessed. This will be the case regardless of the size of the .htaccess file. Therefore, if you are using .htaccess there will always be a performance hit, though this is usually measured in microseconds and completely unnoticeable.
Our recommendation is to always use the least amount of data possible in your .htaccess file. This means that you should consider your goals. If your goal is to only allow access to one specific country you should set up your .htaccess file to allow the specific country and by default deny all others. This is more efficient than specifically denying all other countries and by default allowing the one.
Using the above general rule of thumb you can create the most restrictive and most efficient .htaccess file.
With that said, we have clients who use thousands of lines in their .htaccess file and experience little to no visible performance degradation. Our recommendation is to develop a security plan and slowly begin testing your .htaccess file. When you begin noticing an unacceptable performance hit then your .htaccess file is too large.
Hello,
Any chance of ever seeing these lists pre-formatted as Cisco ACLs? That would be FANTASTIC!
We can do that. We are in the process of deciding on additional formats based on the needs and input of our website visitors. As we provide all our data freely, we need to establish whether to do so with additional ACLs or to provide the custom data services at a very nominal fee to pay for our overhead.
We would appreciate additional feedback.
How can I test to see if an IP block is working. Any way to simulate coming from another country?
You can:
1.) set up an internal network, simulating various IPs (be cautious not to traverse the internet in this manner or you could experience serious legal and financial repurcussions) and see if your blocks are working.
2.) Block the IPs of firends and then ask them to try to visit your website, network, etc.
Any chance to “consolidate” the lists, or is that an option I’m currently missing? For instance, the US list has 6.0.0.0 – 6.255.255.255 and 7.0.0.0 – 7.255.255.255. That could be consolidated down to one line, saving a lot of space throughout the entire file. If not, does anyone know of any program or script that would chew up the list and spit out a consolidated one?
This is one of the many things we are planning. It’s a matter of progammers and programming time.
which of the formats you provide should be used with IIS 7?
is there a way to add these IPs withouth adding them one by one? Is there a file in IIS 7 that I could copy ranges to?