FAQs
November 21st, 2011
Everything You Wanted to Know About Country IP Blocks
Country IP Blocks was created as a resource to protect servers, systems and websites from spam, malware, cross-site scripting, website hijacking, hacking, cracking and other malicious activities. When properly implemented, using our network data in your security scripts, firewalls, Access Control Lists or .htaccess files will dramatically improve your I.T. security. More…
Policies Affecting Access and Use of the Website and Database
Currently, all IP data is free to use in your commercial or freeware applications but may not be redistributed or sold. More…
You may want to add 80.89.176.0/20 to your Nigerian blocks. We’re
getting forum spammers from that range.
where do i paste the code on my .htaccess page. I got the code to allow us only ips and pasted it below my existing htaccess code. But it does not work i am still getting foreighn visitors. can you tell me specifically what the page should look like?
Depending on your version of Apache you should be able to post it anywhere within your .htacess file. Make sure your Access Control List is encapsulated within the appropriate commands. For example:
<Limit GET HEAD POST>
order allow,deny
deny from x.x.x.x
...
allow from all
</Limit>
hi,
just wanted to know if there is a way to query your database from my website to get the country of a given ip? for example something like countryipblocks.net/lookup.php?ip=123.123.212.123
thanks
Hello,
I would like to use your IP list in my WHM server, under the Host Access Control screen.
There is an option to Deny All, which is great but allowed IP ranges must be entered one at a time. Is there a file to pre-populate with the ‘allowed’ US Ip ranges so I would not have to enter them one at a time in WHM?
Thank you for a very useful service!
Victor
I see my post got removed again. So I’ll try to be simpler this time:
Can you explain how could 168.177.0.0/14 include 168.180.0.0/16?
To be clear, I calculated the following:
168.177.0.0 = 10101000.10110001.00000000.00000000
168.180.0.0 = 10101000.10110100.00000000.00000000
Hopefully this post won’t be considered a span.
Thanks,
I’d like to, but we’ve already explained it in a previous response. Please scroll back and read. If that doesn’t work contact CISCO and consider taking a CCNA course. You will find it very beneficial.
Thanks.
First of all, I really liked what I found on this site and think it’s tremendously useful. Thanks for providing the data.
That said, I’m trying to build an IP -> Country map using you CIDR data. And there is an entry for US:
168.177.0.0/14
I’m not sure how to make sense of it. ’177′ in binary format is ’10110001′ and the first 6 digit is included as part of network address. This make the ending two digits ’01′ useless and
essentially make this the same as
168.176.0.0/14
And this contains another ’168.176.0.0/16′ entry for Columbia.
My question is, are you aware of such situations in data? is it possible to improve/correct the data in future release? My preliminary result shows there are 1107 similar situations in the data (cidr texts for all continents)
My posts under ‘continents’ yesterday somehow disappeared. Maybe I shouldn’t have posted 4 ~ 5 of them in a row. Hopefully I can get some response on this one.
Thanks,
I appreciate you writing, and yes, if you appear to spam the board with too many comments coming at one time then it is possible or likely that your comments will be removed.
In reading and rereading your comment I have come to the conclusion that one of us is confused. Either I am misreading your post or your binary math is flawed.
Let’s deal with 168.177.0.0/14 first. The CIDR /14 allows for 262144 potential IP addresses (including the network and broadcast addresses) within this specific network address space. This would cover the assigned range of 168.177.0.0 – 168.180.255.255.
ARIN has then broken this address space down even further by dividing it into three distinct networks:
168.177.0.0/16
168.178.0.0/15
168.180.0.0/16
If you know your binary math you will be easily able to see how the above is broken out of a CIDR /14 address space.
A CIDR /16 has 65,536 addresses in the range. A CIDR /15 has 131,072. Looking at the three networks above we have the following potential number of addresses:
/16 = 65,536
/15 = 131,072
/16 = 65,536
Add the address space together and you get 262,144 addresses or a CIDR /14.
You state:
Your assertion is incorrect.
You go on to say:
Your imaginary network 168.176.0.0/14 does indeed include the range 168.176.0.0/16. But that’s because you’ve erroneously created the larger block.
Our data, referred to in your post, is correct. Unless you are referring to data other than that listed above, our data does not need to be corrected in your situation.
which of the formats you provide should be used with IIS 7?
is there a way to add these IPs withouth adding them one by one? Is there a file in IIS 7 that I could copy ranges to?
Any chance to “consolidate” the lists, or is that an option I’m currently missing? For instance, the US list has 6.0.0.0 – 6.255.255.255 and 7.0.0.0 – 7.255.255.255. That could be consolidated down to one line, saving a lot of space throughout the entire file. If not, does anyone know of any program or script that would chew up the list and spit out a consolidated one?
This is one of the many things we are planning. It’s a matter of progammers and programming time.
How can I test to see if an IP block is working. Any way to simulate coming from another country?
You can:
1.) set up an internal network, simulating various IPs (be cautious not to traverse the internet in this manner or you could experience serious legal and financial repurcussions) and see if your blocks are working.
2.) Block the IPs of firends and then ask them to try to visit your website, network, etc.
Hello,
Any chance of ever seeing these lists pre-formatted as Cisco ACLs? That would be FANTASTIC!
We can do that. We are in the process of deciding on additional formats based on the needs and input of our website visitors. As we provide all our data freely, we need to establish whether to do so with additional ACLs or to provide the custom data services at a very nominal fee to pay for our overhead.
We would appreciate additional feedback.
Thanks for the response – can you tell me though, in terms of bytes, what would be considered an “extremely large” .htaccess file?
@Stewart White
Keep in mind that the .htaccess file will be read (processed) each time the directory and related subdirectories are accessed. This will be the case regardless of the size of the .htaccess file. Therefore, if you are using .htaccess there will always be a performance hit, though this is usually measured in microseconds and completely unnoticeable.
Our recommendation is to always use the least amount of data possible in your .htaccess file. This means that you should consider your goals. If your goal is to only allow access to one specific country you should set up your .htaccess file to allow the specific country and by default deny all others. This is more efficient than specifically denying all other countries and by default allowing the one.
Using the above general rule of thumb you can create the most restrictive and most efficient .htaccess file.
With that said, we have clients who use thousands of lines in their .htaccess file and experience little to no visible performance degradation. Our recommendation is to develop a security plan and slowly begin testing your .htaccess file. When you begin noticing an unacceptable performance hit then your .htaccess file is too large.
Question – does adding more elements to your .htaccess file slow down the performance of your website in any way for people who are not blocked? I have a .htaccess file blocking a number of countries, mostly Russia, India, etc.
Thanks,
Rick
An extremely large .htaccess file may have a detrimental effect on a website. Whether it does or not will depend on the system. You should test new .htaccess files against the benhmarks you establish and in necessary adjust the size of the file and/or the type of processing performed.
Thank you very much for so good solution of ip Blocks.
But I’ve found many hackers attack my website via web proxy.
Is there any way to block any access via web proxy as well as the software proxy?
Thanks !
(edited by admin to remove hyperlink)
Is there any timeframe for adding IPv6 networks?
We are currently working on adding IPv6 networks to our database.
@Joel- You could always download the list in netmask format, and pass it through a filter like this:
perl -ne ‘next unless /^\d/; local $”=”.”; ($ip,$nm) = split(“/”); @nmb = split(“\\.”,$nm); foreach(0..3) { $nmb[$_] ^= 255; }; print “access-list 101 deny ip ${ip} @nmb any\n”;’
Any word on your Cisco ACL converter?
It is one of many projects we are currently developing. No word on a final release yet.
I have been attacked in the past weeks three times by muslims hackers from Syria, Tunisia, Gaza, Lebanon. The firs time they stolen my Administrator password and deleted my template, then I improved as far as I could the securty of my website.
Then they just defaced the index.php
I’m just a teacher whit an educational website and I’m not an expert in programming. I use Joomla 1.5.15 in my website. How to block and where the Ips from those countries?
Thanks for your useful website
Hello
Last 2 days somone with lebanonis ip is trying to attack my server.
i got from this web site the list of subnet ips of lebanon
but it looks that some or meny subnets of lebaon is missing.
is someone can give me the full list of subnets of lebaon ?
i need to block it in my iis server.
thanks in advance
Issac
Isaac: The complete list of allocated Lebanon IP Blocks is available in our Countries list. The data includes the network block, but not the refined whois data or further segmentation after allocation.
@David
Based on size, it would be more efficient to do a U.S. Allow.
The performance impacts of using such a large list will vary depending on your components: CPU, RAM, etc. We’ve tested some very large ACL’s and noticed fairly insignificant performance impacts on systems with adequate hardware.
Deciding whether to use hosts.allow/deny, .htaccess or a hardware firewall will be totally dependent on your individual system. Country IP Blocks suggests that you test each option you are considering and choose the one that best suits your needs.
@David
David:
Yes, we have such a tool. But we are currently rewriting the code to improve performance. The finished tool she be available soon.
I currently have website under DDOS attack. I’d like to upload you a list of IP’s from my apache log and have you spit out the CIDR’s / ACL in Cisco format that i need to block and also tell me a breakdown by country of where the attack is coming from. Do you know of a tool that can do that for me?
My webpage only serves customers in the US. Given the IP range size in the US, what is better to use, allow US or deny World-US? Also what are the performance impacts? And 3rd is it best to put this in hosts.allow/deny or in the firewall?
I would like to include your address ranges in my product, Proto Balance – protobalance.com
This would make possible a number of extensions to my product that would be useful to my clients.
Would your be interested to discuss some kind of arrangement where I could re-distribute your IP address range list?
Paul Sheer