Questions? Start a Support Ticket
User Registration
Customer Login

Knowledgebase

Portal Home > Knowledgebase > Articles Database > How to ban a ENTIRE top-level domain? Help please?


How to ban a ENTIRE top-level domain? Help please?




Posted by weezerfan, 08-22-2007, 08:01 PM
Hello there! I am wondering if anyone here would know how to ban an entire top-level domain? For example ban everyone from Russia by coming from the .ru domain? Or everyone from Lithuania by somehow banning everyone coming from .It ip address. I've had some people from those places try to hack my site and am fed up with it. So I want to ban those two entire countries for the time being using cPanel X's "IP Deny Manager". Any suggestions would be appreciated - thanks. By the way I am not a technical person. Just your every day person running a site. Thanks.
Posted by unity100, 08-22-2007, 08:26 PM
get the ip ranges of the countries. domains doesnt mean a thing. then ban them with wildcards. better if you can access hosts.allow and hosts.deny - you can deny all services.
Posted by weezerfan, 08-22-2007, 08:29 PM
Thanks unity100. Do you know a good site for getting hold of the IP ranges (Russia and Lithuania )? I think going down the hosts.allow and hosts.deny routes would be too complicated for a non-techy guy like me.
Posted by valentin_nils, 08-22-2007, 08:38 PM
Wouldnt be a geo IP database what you are after ? I believe there are some already out there, the question is which one is reliable ;-) I have my IPs showing up as from the US also I am in Japan ;-) So your mileage may vary with domains and / or IPs.
Posted by EuroVPS/Director, 08-22-2007, 09:33 PM
Blocking whole nations is not the right way to protect your site, it's like spraying water at wasps
Posted by jon-f, 08-22-2007, 09:54 PM
http://blacklist.linuxadmin.org/ has russia and a few other countries, probably a lil outdated.
Posted by david510, 08-23-2007, 02:05 AM
You need to get the IP blocks of the country and ban those ranges in IP deny manager. If you need to block the range for eg, 111.111.000.000 to 111.111.111.111 , just add 111.111 to IP deny manager. Check the following link for country ip blocks. http://www.ipdeny.com/ipblocks/
Posted by macker, 08-23-2007, 04:58 AM
while banning a country sounds like a good idea, it's rarely a good answer, or a complete answer. there's no effective way to do it via DNS. better is to determine what the problem is, e.g. people trying to hack sites, and figure out what's causing a problem; are they succeeding? is it causing your server performance problems? etc. whether they're coming from russia or florida, your server should be able to withstand it. as to hosts.allow/hosts.deny, this is simple to do (and does support TLD's), but only works for a fraction of services, specifically, ones that support it (i.e. are compiled against libwrap or implicitly support tcpwrappers)
Posted by weezerfan, 08-23-2007, 04:35 PM
I fully appreciate all the feedback. Thank you everyone. I realise that banning an entire nation is extreme but for over a year I have had hundreds of spammers coming in from Russia and eastern European countries. I have had it with banning individual IP addresses. The final straw was when someone hacked into my discussion board. It was carried out by a spammer who was promoting his warez site. My site has nothing to do with warez - it is a music band fansite. There is no problem with my server so far. The problem is connected with my discussion board as someone managed to log in under my username and password. Someone having access as admin as you know is disasterous. My password is quite difficult to guess and is secure. I believe the hacker used a cookie sniffing program because I read yesterday the board can be exploited in this manner. This hacker left a message yesterday to e-mail him within "48 hours" or he will start "deleting the forums". I've taken the board offline for the time being and removed the admin files from the server. Because 99% of the problems have come from Russia and particular Eastern Europe countries, I just want to completely block out access. Last edited by weezerfan; 08-23-2007 at 04:40 PM.
Posted by rblecher, 08-23-2007, 04:49 PM
There may be a security hole with the message board software you are running (or possibly even some other software on your server). If it is a known vulnerability, blocking IPs won't stop someone else from eventually exploiting the vulnerability again. Also, if the attacker really wants to attack your server again, there's a good chance he'll find a way around your IP blocking, such as using a server with an IP that isn't blocked. I suggest you only use IP blocking as a temporary solution, while you find out what the real problem is.
Posted by macker, 08-23-2007, 05:01 PM
I'll second Randall's opinion, here, on both counts. "Cookie sniffing" sounds a bit far-fetched, on a technical basis. Chances are, there's a vulnerability in your software, and either the hacker will use another server he's hacked that's not blocked, or someone in the U.S./elsewhere will hack your server. Fully understand the problem with spam, etc., but do keep in mind, almost all of this spam can be traced back to business owners who don't live in these countries. Spammers move from country to country over time, as the countries start cracking down more on spam. The problem, really, is that countries that are "new" to the Internet and have developing technology are more vulnerable. You can ban IP ranges, and it may help, but it wont fix it. To draw a comparison to a hot-bed issue, it's like building a border fence with Mexico. Sure, it will help with the goal, but it wont reach the goal, and the prices may be more than some will want to accept. It's up to you, you're the server admin, but believe me.. if I thought banning countries (esp. Romania) would fix my problems, I'd have already done it.
Posted by weezerfan, 08-23-2007, 05:04 PM
rbelcher: Yes I believe you are right, I think hacker exploited a security vulnerability in the messageboard. Using the IP block as a temporary solution sounds like a good idea - I wouldn't want it to be a permanent block. It would be smarter to patch up the security hole. Thanks for the advice.
Posted by weezerfan, 08-23-2007, 05:53 PM
Thanks for your opinion Macker - I appreciate it. I guess what I was hoping to achieve with the idea of banning a range of IPs was that it would least put them off a little - just enough to make them give my site a miss.


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
IIpanel.net Down ?? (Views: 783)
QuickWeb - Texas DC Urgent Maintenance! (Views: 751)
Memcached (Views: 657)
Xen management company (Views: 724)
SSL not working after Apache modification (Views: 704)


Language:

Our Services

Client Menu

Legal

Terms of Service | Privacy Policy | Refund Policy | Affiliates
Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.