htaccess

Home

Contact

Computing

PHP

MySQL

Bash

About Open Source

Better Browser

Credit Card Fraud

Virus Info

Using htaccess to Block Foreign IP Addresses

LAST UPDATED: 09/04/2003

The sad truth

Credit card fraud is serious problem on the Internet today and most fraud comes from foreign countries so here is a quick way to solve the problem. If you happen to be foreign relax. This is not here because I dislike foreigners. It's only that over 99% of all the credit card fraud experienced by my company was from foreign countries. It's a fact and I am not trying to offend anyone... I'm only trying to save my merchant account and help others do the same.

The Solution

If you are using the Apache web server and your hosting company will allow the use of .htaccess there is a quick solution to your problem.

First let me explain that there is no list of IP addresses and the countries they belong to. It just doesn't work that way. You have to track the IP addresses your self and check there origin at ARIN. I'll include some of the IP addresses I block here but it will probably never be a complete list and will most definitely not ever be updated unless I get un-lazy and decide to maintain it.

NOTICE: I actually updated this 09-04-2003. This exact file below has stopped nearly 100% of our overseas credit card fraud!

Here is a sample .htaccess file:

##############################################################
## This file is to restrict access to certain IP's
## and subnets that have been a source of fraud for
## us in the past. This file would be useful for any site
## doing live e-commerce where fraud from foreign countries
## becomes a problem.
##
## REFERENCES:
## http://www.engelschall.com/pw/apache/rewriteguide/#ToC36
##
## deny from 24.27.104.90 blocks just this IP address only.
## deny from 62. blocks the entire 62. subnet
## deny from 130.226. blocks an entire class b subnet
##############################################################

order allow,deny

# European Regional Internet Registry RIPE NCC
deny from 62.
# European Regional Internet Registry RIPE NCC
deny from 213.
# European Regional Internet Registry RIPE NCC
deny from 195.
# European Regional Internet Registry RIPE NCC
deny from 217.
# Asia Pacific Network Information Center
deny from 202.
# Asia Pacific Network Information Center
deny from 203.
# Asia Pacific Network Information Center
deny from 61.
# Danish Network for Research and Education
deny from 130.226.
# Puerto Rico Telephone Company
deny from 66.50.
# BEGIN Telefonica del Sur
deny from 216.155.64.
deny from 216.155.65.
deny from 216.155.66.
deny from 216.155.67.
deny from 216.155.68.
deny from 216.155.69.
deny from 216.155.70.
deny from 216.155.71.
deny from 216.155.72.
deny from 216.155.73.
deny from 216.155.74.
deny from 216.155.75.
deny from 216.155.76.
deny from 216.155.77.
deny from 216.155.78.
deny from 216.155.79.
deny from 216.155.80.
deny from 216.155.81.
deny from 216.155.82.
deny from 216.155.83.
deny from 216.155.84.
deny from 216.155.85.
deny from 216.155.86.
deny from 216.155.87.
deny from 216.155.88.
deny from 216.155.89.
deny from 216.155.90.
deny from 216.155.91.
deny from 216.155.92.
deny from 216.155.93.
deny from 216.155.94.
deny from 216.155.95.
# END Telefonica del Sur
# Latin American and Caribbean IP address Regional Registry
deny from 200.
# Asia Pacific Network Information Centre
deny from 210.
deny from 211.
allow from all
</Limit>
# Optionally Redirect access denied status to a nice little welcome page
ErrorDocument 403 /denied/denied.php

###### end cut here ######

You can specify a full IP address or an entire subnet by simply leaving the rest off, but you have to include the trailing dot "." for it to work correctly. So you could block one user with "202.127.50.3" or you could block their entire class C subnet with "202.127.50." or their class B subnet with "202.127." or their whole class A with "202."

Blocking a specific IP is not very effective since most people obtain a new IP address every time they connect to the Internet, but you can look up the IP at ARIN and block their whole ISP or their whole country.

After the limit section you'll notice the ErrorDocument statement. What's happening here is that when the user is denied access the Apache server response code will be 403. The ErrorDocument directive will now redirect all 403 error codes for this directory to the specified location. Please note that the location you redirect to cannot be in the same directory because we are denying access to this directory so this would be an infinit loop and would most likely cause serious problems, like crashing your web server. In my case, I redirect to a script that emails me so I know it's working and plus I like to know what's going on.

You can create a custom script or html page to send 403 errros to. Of course, you could just comment out the ErrorDocument and leave your victim in a state of bewilderment :-)