Block Country Script

General General Questions
1

This script only runs as root and allow you to block country via IPTables.



As you see below in COUNTRIES = I have already input country ISO code which are the TOP countries known for Fraud such as Ghana.



Search on Google and add more ISO country code and run this script your server will be protected by those MOTHER F**** FRAUD people. I HATE aLL OF THEM I DONT KNOW WHy they do those things, but anyway here is your script.




#!/bin/bash<br />
###BLOGAMA.ORG###<br />
 <br />
###PUT HERE COMA SEPARATED LIST OF COUNTRY CODE###<br />
COUNTRIES="GH NE MK"<br />
WORKDIR="/root"<br />
#######################################<br />
 <br />
cd $WORKDIR<br />
wget -c --output-document=iptables-blocklist.txt http://blogama.org/country_query.php?country=$COUNTRIES<br />
if [ -f iptables-blocklist.txt ]; then<br />
  iptables -F<br />
  BLOCKDB="iptables-blocklist.txt"<br />
  IPS=$(grep -Ev "^#" $BLOCKDB)<br />
  for i in $IPS<br />
  do<br />
    iptables -A INPUT -s $i -j DROP<br />
    iptables -A OUTPUT -d $i -j DROP<br />
  done<br />
fi<br />
rm -f $WORKDIR/iptables-blocklist.txt<br />
2

You can’t be serious! Do you have any idea how much memory you’ll use or what the performance impact is trying to block IP lists of whole countries?



Not only that, IP’s continuously change so you would have to rebuild your tables frequently.



There is a better way! :wink:



Get the “C Library” for GeoIP from Maxmind



Get the Apache module for GeoIP from Maxmind



Update the GeoIP database



Once installed (takes only like 5 minutes) then you can block any country you

like and don’t need any IP addresses whatsoever!



All visitors have additional variables attached beyond their IP that includes country and continent and all scripts have access to this information as does .htaccess!



I can block 10 different countries on my server with a single command and not

have to worry about keeping up with thousands of IP blocks or loading down

my server from putting in too many iptable or dead routing blocks! :wink:

3

geoip is already installed as part of CS-Cart as I recall under “Access Restrictions”