Tugger the SLUGger!SLUG Mailing List Archives

Re: [SLUG] Banning non Australian IP's from Aussie ecommerce site


If you're running an e-commerce site, the last thing you want to do is
inadvertently prevent legitimate customers from using it.  You could set up
an IDS to alert you and possibly configure it to auto-block offending source
address', but in my experience persistent attacks tend to come from only a
couple of countries, which I have consequently blocked with iptables using
lists generated from sites like this -> http://www.countryipblocks.net/  but
it can become unwieldy if you do it for more than a couple of countries.


Darrin.

On Mon, Oct 11, 2010 at 1:29 PM, Ben Donohue <donohueb@xxxxxxxxxxxx> wrote:

>  Hi all,
>
> I'm running an ecommerce site and currently I only deal with Australian
> shoppers.
>
> However there are many hacking attempts from non Aussie IP addresses.
>
> I'm looking at blocking everything that is non-Australian.
>
> Has anyone done this? Any issues/ gotcha's/ tips/ etc?
>
> Should I do it at the ISP or iptables? (would need a hand with IP tables)
>
> I've found geoip, still looking into it.
>
> --
> Thanks,
> Ben Donohue
> donohueb@xxxxxxxxxxxx
> Goodlets PTY Limited
> www.goodlets.com
>
> --
> SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
> Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
>