Guest Posted October 9, 2005 Share Posted October 9, 2005 certain areas of the world are more problematic than others, is there a way to block certain regions from accessing the whole site ...or countries without affecting anyone else? for example: huge problem with people from china spamming the contact forum with their websites people from indonesia creating several fake orders one after the other, etc. Link to comment Share on other sites More sharing options...
Tomcat Posted October 9, 2005 Share Posted October 9, 2005 certain areas of the world are more problematic than others, is there a way to block certain regions from accessing the whole site ...or countries without affecting anyone else? for example: huge problem with people from china spamming the contact forum with their websites people from indonesia creating several fake orders one after the other, etc. You can use mod_geoip from Maxmind. It works great and it's free! , but the problem is that you must have some extra reseurces ( ram & CPU mostly ) otherwise your pages will take ages to show. Cheers Franco Outside links in signatures are not allowed! Link to comment Share on other sites More sharing options...
Guest Posted October 10, 2005 Share Posted October 10, 2005 thank you :) out of curiosity, this page says it's a .dat file.: http://www.maxmind.com/app/geoip_country considering i only want to basically ban problematic countiries (uninterested in most of the world), would somehow editing this file make the speed and server load better? Link to comment Share on other sites More sharing options...
Tomcat Posted October 10, 2005 Share Posted October 10, 2005 That was my idea too : no point going through all the DB when you only want to check/ban few countries. I could not edit the file ( I tried all the known editors ). May be someone in the forum could help editing the dat file ( if it's not protected of course ) Franco Outside links in signatures are not allowed! Link to comment Share on other sites More sharing options...
Guest Posted October 10, 2005 Share Posted October 10, 2005 i'll ask around a bit and see if anybody can help. i'll post back if i can find a solution :) Link to comment Share on other sites More sharing options...
Guest Posted October 10, 2005 Share Posted October 10, 2005 remove the countries from your database Link to comment Share on other sites More sharing options...
Guest Posted October 10, 2005 Share Posted October 10, 2005 if you just want to control the countries you could try this contribution http://www.oscommerce.com/community/contributions,3607 but this will not ban ips just setup the dbase with the countries you want. BTW its not a good idea to remove the countries from your dbase because of the shipping table rates you deployed with the hard-coded countries ids. Removing-Adding countries later may break it. Link to comment Share on other sites More sharing options...
Guest Posted October 12, 2005 Share Posted October 12, 2005 i don't want to touch the database at all, i want to keep them off the entire website. for instance: today, some indonesian just ordered nearly $1000 worth of stuff, selects money order for payment, then proceeds to enter somebody's credit card info in the notes box <_< i get spammed repeatidly by chinese people telling me to check out their site simply getting rid of database entries won't stop them from using somebody else's address or spamming the contact form i would like to redirect them to google or somewhere before they even see the site Link to comment Share on other sites More sharing options...
Tomcat Posted October 12, 2005 Share Posted October 12, 2005 i don't want to touch the database at all, i want to keep them off the entire website. for instance: today, some indonesian just ordered nearly $1000 worth of stuff, selects money order for payment, then proceeds to enter somebody's credit card info in the notes box <_< i get spammed repeatidly by chinese people telling me to check out their site simply getting rid of database entries won't stop them from using somebody else's address or spamming the contact form i would like to redirect them to google or somewhere before they even see the site Any news ? Outside links in signatures are not allowed! Link to comment Share on other sites More sharing options...
Guest Posted October 12, 2005 Share Posted October 12, 2005 nothing in regards to .dat files, but this has been suggested to me: http://forums.digitalpoint.com/showthread.php?t=22992 http://www.iana.org/cctld/cctld-whois.htm Link to comment Share on other sites More sharing options...
Guest Posted October 12, 2005 Share Posted October 12, 2005 ok countries contributions do not remove entries from the dbase. They just enable/disable the countries so if someone creates an account he does not have the whole list of countries (therefore cannot set shipping to any coountry as the address is confined to those entries selected). for instance: today, some indonesian just ordered nearly $1000 worth of stuff, selects money order for payment, then proceeds to enter somebody's credit card info in the notes box how did you figured out he was from indonesia? Did he create an account setting up indonesia as the country to ship? If so countries contributions could help as you could disable the countries you dont want. Link to comment Share on other sites More sharing options...
Tomcat Posted October 12, 2005 Share Posted October 12, 2005 The mod_geoip works well and it's accurate. If only I could edit the file and leave only the banned countries... Leaving the file like it is now ( huge ) kills your server. Outside links in signatures are not allowed! Link to comment Share on other sites More sharing options...
Guest Posted October 12, 2005 Share Posted October 12, 2005 ok countries contributions do not remove entries from the dbase. They just enable/disable the countries so if someone creates an account he does not have the whole list of countries (therefore cannot set shipping to any coountry as the address is confined to those entries selected). how did you figured out he was from indonesia? Did he create an account setting up indonesia as the country to ship? If so countries contributions could help as you could disable the countries you dont want. i don't think doing this would detour them, they would just pick a different country using their correct address & postal address, hoping it would slip past us after the postage has been paid (happened before!) i knew this guy was from indonesia because: shipping address: indonesia customer address: indonesa billing address: nevada they selected MONEY ORDER as payment method, entered cc info in the notes box :lol: offered a nevada phone number, a single search in google w/ this # leads to a school :lol: a simple search for the billing address NAME leads to the same address, along with a # ...this guy is getting a phone call tomorrow this is just one of many instances. the entire existance of this site, we've had MANY attempts like this, and never a SINGLE legit order from indonesia. they are a pain in the butt! Link to comment Share on other sites More sharing options...
Guest Posted October 12, 2005 Share Posted October 12, 2005 The mod_geoip works well and it's accurate. If only I could edit the file and leave only the banned countries... I do not see why a geoip like module has an effect in this case. These people obviously will use at least an anonymous proxy and that renders ip detection useless. i knew this guy was from indonesia because:shipping address: indonesia customer address: indonesa billing address: nevada Right, so for example with the active countries contribution they won't be able to set these addresses because indonesia won't be in the enabled countries in your catalog (will still be in the dbase). So they will have to ship in US or Europe etc. (and create an account likewise), and that makes your shop not so useful to them. Link to comment Share on other sites More sharing options...
♥Vger Posted October 12, 2005 Share Posted October 12, 2005 This is such a pointless thread. These scammers are a fact of life if you do business on the internet. Trying to prevent them form EVER making an order will cost you much more time than just dealing with it when it happens. Vger Link to comment Share on other sites More sharing options...
Tomcat Posted October 12, 2005 Share Posted October 12, 2005 This is such a pointless thread. These scammers are a fact of life if you do business on the internet. Trying to prevent them form EVER making an order will cost you much more time than just dealing with it when it happens. Vger I totally disagree with what you just said. The problem with those scammers is that they make you loose a lot of time deleting fake orders, refunding visas ( still paying commissions ), deleting fake accounts, etc.etc. I would never even think of replying to Mr. JOJO from Nigeria asking me whether we take credit cards and be able to ship to his flipping country. I just don't want mr JOJO around the website. Actually I would like to redirect scammers to hell ! Outside links in signatures are not allowed! Link to comment Share on other sites More sharing options...
Guest Posted October 12, 2005 Share Posted October 12, 2005 This is such a pointless thread. These scammers are a fact of life if you do business on the internet. Trying to prevent them form EVER making an order will cost you much more time than just dealing with it when it happens. Vger i agree 100% with tomcat. i have spent way more time deleting their orders, deleting their countless emails begging me to take their credit cards than i did cutting & pasting a htaccess 403 deny. i also have to pay for the bandwidth them and their spambots keep hammering me with. if they are no potential for a customer, why should i have to pay for their visit? :rolleyes: These people obviously will use at least an anonymous proxy and that renders ip detection useless. in this sense, there is absolutely nothing that can be done to keep 100% of them away. at least by putting some sort of a block on our website, we will slow SOME of them down, it's better than doing nothing and to keep getting irritated by them Right, so for example with the active countries contribution they won't be able to set these addresses because indonesia won't be in the enabled countries in your catalog (will still be in the dbase). So they will have to ship in US or Europe etc. (and create an account likewise), and that makes your shop not so useful to them. when i used to have a javascript cart with indonesia removed, they would pick a friendly country like new zealand as their country, and still use their indonesian postal code and mailing address.. assuming we wouldn't know better to do a lookup on their postal code before we drop it off at the post office. by accident, i have posted the wrong country on people's invoices before. if it hadn't been for somebody hand-mailing them at an outlet, the clerk would have simply fixed the country on the label and mailed it off, unknowning to the company.. i'm sure this has happened to these indonesians before, they probably had a successful theft by doing this, so they're gonna try it on everybody. Link to comment Share on other sites More sharing options...
Guest Posted October 12, 2005 Share Posted October 12, 2005 by accident, i have posted the wrong country on people's invoices before. if it hadn't been for somebody hand-mailing them at an outlet, the clerk would have simply fixed the country on the label and mailed it off, unknowning to the company.. i'm sure this has happened to these indonesians before, they probably had a successful theft by doing this, so they're gonna try it on everybody. Yea, but that won't happen if you have zones for each country as these modules filter out but the zones (cities) for the selected country. So even if the zip is incorrect Country+City/state the mail goes to NZ. And so it is not too useful to them since they aren't receiving anything. So if its to ship in USA/NY aint going to asia for example. Link to comment Share on other sites More sharing options...
♥Vger Posted October 12, 2005 Share Posted October 12, 2005 Okay, a little more explanation. If they have a dedicated ip address then block it by all means. I do this myself. If they route through a proxy, use a variable ip address range (dial-up), or just plain fake their ip address, then there's nothing you can do. IP addresses are not exactly geographical. Someone posted a week ago that they were going to block all ip addresses beginning with 195. because of someone in Nigeria causing problems. I pointed out that if they did that then they would block me too - and I live in the UK. All I'm saying is - spend most of your time on your real customers and developing your website, take a little time to deal with these criminals but don't let it become an obsession. Vger Link to comment Share on other sites More sharing options...
Guest Posted October 13, 2005 Share Posted October 13, 2005 Yea, but that won't happen if you have zones for each country as these modules filter out but the zones (cities) for the selected country. So even if the zip is incorrect Country+City/state the mail goes to NZ. And so it is not too useful to them since they aren't receiving anything. So if its to ship in USA/NY aint going to asia for example. so the modification can read the zip codes/address and compare it to the country to ensure it's valid? i will have to check it out.. If they have a dedicated ip address then block it by all means. I do this myself. i don't know much about ips, so i stay out of that realm unless i happen to notice a high amount of peculiar actions from 1 address, i won't filter any blocks or partial addresses though. If they route through a proxy, use a variable ip address range (dial-up), or just plain fake their ip address, then there's nothing you can do. that's the type of thing we just have to deal with, but it doesn't hurt to try and detour them :thumbsup: All I'm saying is - spend most of your time on your real customers and developing your website, take a little time to deal with these criminals but don't let it become an obsession. i agree, but like i said.. copying & pasting a few lines into htaccess didn't consume all that much of my time :) Link to comment Share on other sites More sharing options...
♥peterpil19 Posted October 13, 2005 Share Posted October 13, 2005 I just received a free trial offer to an IP filtering service. In anyone's opinion, is it worth suscribing to? What it does is block users form viewing the site depending on which country their IP address is attributed to. This service is located on another server, thus should not cause any performance issues. Is there a huge problem with having everyone generally being able to access my site? This is my first website, so I am a little unaware of the problems webmasters face. Kind Regards, Peter CE PHOENIX SUPPORTER Support the Project, go PRO and get access to certified add ons Full-time I am a C-suite executive of a large retail company in Australia. In my spare time, I enjoying learning about web-design. Download the latest version of CE Phoenix from gitHub here Link to comment Share on other sites More sharing options...
Tomcat Posted October 13, 2005 Share Posted October 13, 2005 I just received a free trial offer to an IP filtering service. In anyone's opinion, is it worth suscribing to? What it does is block users form viewing the site depending on which country their IP address is attributed to. This service is located on another server, thus should not cause any performance issues. Is there a huge problem with having everyone generally being able to access my site? This is my first website, so I am a little unaware of the problems webmasters face. Kind Regards, Peter No problem accessing the website from Italy. Can you post the url of the service you are testing ? Franco Outside links in signatures are not allowed! Link to comment Share on other sites More sharing options...
♥peterpil19 Posted October 13, 2005 Share Posted October 13, 2005 No problem accessing the website from Italy.Can you post the url of the service you are testing ? Franco Hi there, i haven't yet set it up. I'm asking if blocking whole countries is something that is recommended... I don't want to lose legitimate customers, yet at the same time I am unsure about potential threats... --Peter CE PHOENIX SUPPORTER Support the Project, go PRO and get access to certified add ons Full-time I am a C-suite executive of a large retail company in Australia. In my spare time, I enjoying learning about web-design. Download the latest version of CE Phoenix from gitHub here Link to comment Share on other sites More sharing options...
Guest Posted October 14, 2005 Share Posted October 14, 2005 i wouldn't pay anybody to block people from my website. as it has been discussed by many different people in this topic - that this is something that's next to impossible. (thoroughly block people from certain countries) a lot of these thieves we have to deal with have been doing it for years, and they most likely know how to get around these blocks. for instance: you pay to block nigeria from your website thief in nigeria has aol account, which uses a u.s. server / proxy; your website thinks his hit is from the usa. i have employed an htaccess block of china, indonesia and nigeria. it doesn't bog my server down, use high resources and it didn't take a lot of time to put on my site, so.. i won't be as angry when they get through my filter and spam me with fraudulent orders or spam my forms :) i would be foaming at the mouth if i had even paid somebody $1.00 to set up a filter and somebody from a banned country got through it.. Link to comment Share on other sites More sharing options...
AdamDuritz99 Posted October 14, 2005 Share Posted October 14, 2005 what about just blocking ip ranges in a .htaccess file? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.