Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

block whole countries / regions?


Guest

Recommended Posts

certain areas of the world are more problematic than others, is there a way to block certain regions from accessing the whole site ...or countries without affecting anyone else?

 

for example:

huge problem with people from china spamming the contact forum with their websites

people from indonesia creating several fake orders one after the other, etc.

Link to comment
Share on other sites

certain areas of the world are more problematic than others, is there a way to block certain regions from accessing the whole site ...or countries without affecting anyone else?

 

for example:

huge problem with people from china spamming the contact forum with their websites

people from indonesia creating several fake orders one after the other, etc.

 

You can use mod_geoip from Maxmind.

 

It works great and it's free! , but the problem is that you must have some extra reseurces ( ram & CPU mostly ) otherwise your pages will take ages to show.

 

Cheers

Franco

Outside links in signatures are not allowed!

Link to comment
Share on other sites

That was my idea too : no point going through all the DB when you only want to check/ban few countries.

I could not edit the file ( I tried all the known editors ). May be someone in the forum could help editing the dat file ( if it's not protected of course )

 

Franco

Outside links in signatures are not allowed!

Link to comment
Share on other sites

if you just want to control the countries you could try this contribution

 

http://www.oscommerce.com/community/contributions,3607

 

but this will not ban ips just setup the dbase with the countries you want.

 

BTW its not a good idea to remove the countries from your dbase because of the shipping table rates you deployed with the hard-coded countries ids. Removing-Adding countries later may break it.

Link to comment
Share on other sites

i don't want to touch the database at all, i want to keep them off the entire website.

 

for instance: today, some indonesian just ordered nearly $1000 worth of stuff, selects money order for payment, then proceeds to enter somebody's credit card info in the notes box <_<

 

i get spammed repeatidly by chinese people telling me to check out their site

 

simply getting rid of database entries won't stop them from using somebody else's address or spamming the contact form

 

i would like to redirect them to google or somewhere before they even see the site

Link to comment
Share on other sites

i don't want to touch the database at all, i want to keep them off the entire website.

 

for instance: today, some indonesian just ordered nearly $1000 worth of stuff, selects money order for payment, then proceeds to enter somebody's credit card info in the notes box <_<

 

i get spammed repeatidly by chinese people telling me to check out their site

 

simply getting rid of database entries won't stop them from using somebody else's address or spamming the contact form

 

i would like to redirect them to google or somewhere before they even see the site

 

Any news ?

Outside links in signatures are not allowed!

Link to comment
Share on other sites

ok countries contributions do not remove entries from the dbase. They just enable/disable the countries so if someone creates an account he does not have the whole list of countries (therefore cannot set shipping to any coountry as the address is confined to those entries selected).

 

for instance: today, some indonesian just ordered nearly $1000 worth of stuff, selects money order for payment, then proceeds to enter somebody's credit card info in the notes box

 

how did you figured out he was from indonesia? Did he create an account setting up indonesia as the country to ship? If so countries contributions could help as you could disable the countries you dont want.

Link to comment
Share on other sites

The mod_geoip works well and it's accurate. If only I could edit the file and leave only the banned countries...

 

Leaving the file like it is now ( huge ) kills your server.

Outside links in signatures are not allowed!

Link to comment
Share on other sites

ok countries contributions do not remove entries from the dbase. They just enable/disable the countries so if someone creates an account he does not have the whole list of countries (therefore cannot set shipping to any coountry as the address is confined to those entries selected).

how did you figured out he was from indonesia? Did he create an account setting up indonesia as the country to ship? If so countries contributions could help as you could disable the countries you dont want.

 

 

i don't think doing this would detour them, they would just pick a different country using their correct address & postal address, hoping it would slip past us after the postage has been paid (happened before!)

 

i knew this guy was from indonesia because:

shipping address: indonesia

customer address: indonesa

billing address: nevada

 

 

 

they selected MONEY ORDER as payment method, entered cc info in the notes box :lol:

offered a nevada phone number, a single search in google w/ this # leads to a school :lol:

a simple search for the billing address NAME leads to the same address, along with a # ...this guy is getting a phone call tomorrow

 

this is just one of many instances. the entire existance of this site, we've had MANY attempts like this, and never a SINGLE legit order from indonesia.

they are a pain in the butt!

Link to comment
Share on other sites

The mod_geoip works well and it's accurate. If only I could edit the file and leave only the banned countries...

I do not see why a geoip like module has an effect in this case. These people obviously will use at least an anonymous proxy and that renders ip detection useless.

 

i knew this guy was from indonesia because:

shipping address: indonesia

customer address: indonesa

billing address: nevada

 

Right, so for example with the active countries contribution they won't be able to set these addresses because indonesia won't be in the enabled countries in your catalog (will still be in the dbase). So they will have to ship in US or Europe etc. (and create an account likewise), and that makes your shop not so useful to them.

Link to comment
Share on other sites

This is such a pointless thread. These scammers are a fact of life if you do business on the internet. Trying to prevent them form EVER making an order will cost you much more time than just dealing with it when it happens.

 

Vger

Link to comment
Share on other sites

This is such a pointless thread. These scammers are a fact of life if you do business on the internet. Trying to prevent them form EVER making an order will cost you much more time than just dealing with it when it happens.

 

Vger

I totally disagree with what you just said.

The problem with those scammers is that they make you loose a lot of time deleting fake orders, refunding visas ( still paying commissions ), deleting fake accounts, etc.etc. I would never even think of replying to Mr. JOJO from Nigeria asking me whether we take credit cards and be able to ship to his flipping country.

I just don't want mr JOJO around the website.

Actually I would like to redirect scammers to hell !

Outside links in signatures are not allowed!

Link to comment
Share on other sites

This is such a pointless thread. These scammers are a fact of life if you do business on the internet. Trying to prevent them form EVER making an order will cost you much more time than just dealing with it when it happens.

 

Vger

 

 

i agree 100% with tomcat.

i have spent way more time deleting their orders, deleting their countless emails begging me to take their credit cards than i did cutting & pasting a htaccess 403 deny.

 

i also have to pay for the bandwidth them and their spambots keep hammering me with. if they are no potential for a customer, why should i have to pay for their visit? :rolleyes:

 

 

 

These people obviously will use at least an anonymous proxy and that renders ip detection useless.

in this sense, there is absolutely nothing that can be done to keep 100% of them away. at least by putting some sort of a block on our website, we will slow SOME of them down, it's better than doing nothing and to keep getting irritated by them

 

Right, so for example with the active countries contribution they won't be able to set these addresses because indonesia won't be in the enabled countries in your catalog (will still be in the dbase). So they will have to ship in US or Europe etc. (and create an account likewise), and that makes your shop not so useful to them.

when i used to have a javascript cart with indonesia removed, they would pick a friendly country like new zealand as their country, and still use their indonesian postal code and mailing address.. assuming we wouldn't know better to do a lookup on their postal code before we drop it off at the post office.

 

by accident, i have posted the wrong country on people's invoices before. if it hadn't been for somebody hand-mailing them at an outlet, the clerk would have simply fixed the country on the label and mailed it off, unknowning to the company.. i'm sure this has happened to these indonesians before, they probably had a successful theft by doing this, so they're gonna try it on everybody.

Link to comment
Share on other sites

by accident, i have posted the wrong country on people's invoices before. if it hadn't been for somebody hand-mailing them at an outlet, the clerk would have simply fixed the country on the label and mailed it off, unknowning to the company.. i'm sure this has happened to these indonesians before, they probably had a successful theft by doing this, so they're gonna try it on everybody.

 

Yea, but that won't happen if you have zones for each country as these modules filter out but the zones (cities) for the selected country. So even if the zip is incorrect Country+City/state the mail goes to NZ. And so it is not too useful to them since they aren't receiving anything.

 

So if its to ship in USA/NY aint going to asia for example.

Link to comment
Share on other sites

Okay, a little more explanation.

 

If they have a dedicated ip address then block it by all means. I do this myself.

 

If they route through a proxy, use a variable ip address range (dial-up), or just plain fake their ip address, then there's nothing you can do.

 

IP addresses are not exactly geographical. Someone posted a week ago that they were going to block all ip addresses beginning with 195. because of someone in Nigeria causing problems. I pointed out that if they did that then they would block me too - and I live in the UK.

 

All I'm saying is - spend most of your time on your real customers and developing your website, take a little time to deal with these criminals but don't let it become an obsession.

 

Vger

Link to comment
Share on other sites

Yea, but that won't happen if you have zones for each country as these modules filter out but the zones (cities) for the selected country. So even if the zip is incorrect Country+City/state the mail goes to NZ. And so it is not too useful to them since they aren't receiving anything.

 

So if its to ship in USA/NY aint going to asia for example.

 

so the modification can read the zip codes/address and compare it to the country to ensure it's valid? i will have to check it out..

 

 

If they have a dedicated ip address then block it by all means. I do this myself.

i don't know much about ips, so i stay out of that realm unless i happen to notice a high amount of peculiar actions from 1 address, i won't filter any blocks or partial addresses though.

 

If they route through a proxy, use a variable ip address range (dial-up), or just plain fake their ip address, then there's nothing you can do.

that's the type of thing we just have to deal with, but it doesn't hurt to try and detour them :thumbsup:

 

All I'm saying is - spend most of your time on your real customers and developing your website, take a little time to deal with these criminals but don't let it become an obsession.

i agree, but like i said.. copying & pasting a few lines into htaccess didn't consume all that much of my time :)

Link to comment
Share on other sites

I just received a free trial offer to an IP filtering service. In anyone's opinion, is it worth suscribing to? What it does is block users form viewing the site depending on which country their IP address is attributed to. This service is located on another server, thus should not cause any performance issues.

 

Is there a huge problem with having everyone generally being able to access my site? This is my first website, so I am a little unaware of the problems webmasters face.

 

Kind Regards,

 

Peter

CE PHOENIX SUPPORTER

Support the Project, go PRO and get access to certified add ons

Full-time I am a C-suite executive of a large retail company in Australia. In my spare time, I enjoying learning about web-design.

Download the latest version of CE Phoenix from gitHub here

Link to comment
Share on other sites

I just received a free trial offer to an IP filtering service. In anyone's opinion, is it worth suscribing to? What it does is block users form viewing the site depending on which country their IP address is attributed to. This service is located on another server, thus should not cause any performance issues.

 

Is there a huge problem with having everyone generally being able to access my site? This is my first website, so I am a little unaware of the problems webmasters face.

 

Kind Regards,

 

Peter

No problem accessing the website from Italy.

Can you post the url of the service you are testing ?

 

Franco

Outside links in signatures are not allowed!

Link to comment
Share on other sites

No problem accessing the website from Italy.

Can you post the url of the service you are testing ?

 

Franco

 

Hi there, i haven't yet set it up. I'm asking if blocking whole countries is something that is recommended... I don't want to lose legitimate customers, yet at the same time I am unsure about potential threats...

 

 

 

--Peter

CE PHOENIX SUPPORTER

Support the Project, go PRO and get access to certified add ons

Full-time I am a C-suite executive of a large retail company in Australia. In my spare time, I enjoying learning about web-design.

Download the latest version of CE Phoenix from gitHub here

Link to comment
Share on other sites

i wouldn't pay anybody to block people from my website. as it has been discussed by many different people in this topic - that this is something that's next to impossible. (thoroughly block people from certain countries)

 

a lot of these thieves we have to deal with have been doing it for years, and they most likely know how to get around these blocks.

 

for instance: you pay to block nigeria from your website

thief in nigeria has aol account, which uses a u.s. server / proxy; your website thinks his hit is from the usa.

 

 

i have employed an htaccess block of china, indonesia and nigeria. it doesn't bog my server down, use high resources and it didn't take a lot of time to put on my site, so.. i won't be as angry when they get through my filter and spam me with fraudulent orders or spam my forms :)

 

i would be foaming at the mouth if i had even paid somebody $1.00 to set up a filter and somebody from a banned country got through it..

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...