SLUG Mailing List Archives - Re: [SLUG] Banning non Australian IP's from Aussie ecommerce site

To: Ben Donohue <donohueb@xxxxxxxxxxxx>
Subject: Re: [SLUG] Banning non Australian IP's from Aussie ecommerce site
From: darrin hodges <darrin.hodges@xxxxxxxxx>
Date: Mon, 11 Oct 2010 15:18:19 +1100
Cc: slug@xxxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=VpUKBmNywHKfp8edjQNpc25mp1vgGPBs4ixMwp/0ra4=; b=fqh/+1XKgKKNznbNaCBmZsrmY0W9aj8PIljalU6x7sxXBikUwXsBKyKZcSVDHKBU46 bJA9VFYEww9SPc+j2CH5z9O0nyRwBMLqtsVaufJV2aGqlDZtbhhB4BrUto9kHk6tis24 zDw3MbPPmqOEFb9r0fUvicrG16RYkRfsCQxs4=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=pah4VJ+CnWh8ONXacqJQIDu8EA3piU4L5/+uZaZzVPu9Fq75s2/Vq7iavQSK191He4 SxMSbAf3zbYqe7vO9vu41nBELPmCy3RgxFKnW8XutWDyTxVSIjr/QP/JWr3h4TtoEQRl PKwGZPY5wstZNrVn9XUljiwxZQ/VCvNPEKka0=

If you're running an e-commerce site, the last thing you want to do is
inadvertently prevent legitimate customers from using it.  You could set up
an IDS to alert you and possibly configure it to auto-block offending source
address', but in my experience persistent attacks tend to come from only a
couple of countries, which I have consequently blocked with iptables using
lists generated from sites like this -> http://www.countryipblocks.net/  but
it can become unwieldy if you do it for more than a couple of countries.

Darrin.

On Mon, Oct 11, 2010 at 1:29 PM, Ben Donohue <donohueb@xxxxxxxxxxxx> wrote:

>  Hi all,
>
> I'm running an ecommerce site and currently I only deal with Australian
> shoppers.
>
> However there are many hacking attempts from non Aussie IP addresses.
>
> I'm looking at blocking everything that is non-Australian.
>
> Has anyone done this? Any issues/ gotcha's/ tips/ etc?
>
> Should I do it at the ISP or iptables? (would need a hand with IP tables)
>
> I've found geoip, still looking into it.
>
> --
> Thanks,
> Ben Donohue
> donohueb@xxxxxxxxxxxx
> Goodlets PTY Limited
> www.goodlets.com
>
> --
> SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
> Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
>

References:
- [SLUG] Banning non Australian IP's from Aussie ecommerce site
  - From: Ben Donohue

Messages sorted by: [ date | thread ]
Prev by Date: Re: [SLUG] Banning non Australian IP's from Aussie ecommerce site
Next by Date: Re: [SLUG] Banning non Australian IP's from Aussie ecommerce site
Previous by thread: Re: [SLUG] Banning non Australian IP's from Aussie ecommerce site
Next by thread: [SLUG] Re: Banning non Australian IP's from Aussie ecommerce site