Solved

How can I block Nigeria IP's?  Either ASP.NET, IIS7, or Win Server 2008

Posted on 2010-11-25
5
1,257 Views
Last Modified: 2012-05-10
I dont care where it is done:  either on Win Server 2008, IIS7, or ASP.NET...
I want to block Nigeria IP addresses from using my website.

I apologize to the good people of nigeria, but 99% of all traffic I get from that country is malicious and the manhours spent is not worth it.  if the good people of nigeria would clean up their internet usages by cracking down on the web crime there, then maybe more web masters would not take drastic action like this, but i just have little choice.  im too busy and need a quick fix for the rampant scams i keep dealing with over IP addresses originating in nigeria.
0
Comment
Question by:arthurh88
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 3

Accepted Solution

by:
RushB earned 500 total points
ID: 34215127
You can purchase something like GeoIP or ISA Embargo, or I believe you can use .htaccess on Windows Server.

Sample for Nigeria:

# Country: NIGERIA
# ISO Code: NG
# Total Networks: 97
# Total Subnets:  669,184
deny from 41.58.0.0/16
deny from 41.67.128.0/18
deny from 41.71.128.0/17
deny from 41.73.0.0/19
deny from 41.73.128.0/19
deny from 41.73.224.0/19
deny from 41.75.16.0/20
deny from 41.75.192.0/20
deny from 41.76.64.0/21
deny from 41.76.72.0/21
deny from 41.76.80.0/21
deny from 41.76.152.0/21
deny from 41.76.192.0/21
deny from 41.78.8.0/22
deny from 41.78.12.0/22
deny from 41.78.80.0/22
deny from 41.78.88.0/22
deny from 41.78.100.0/22
deny from 41.78.156.0/22
deny from 41.78.172.0/22
deny from 41.84.160.0/19
deny from 41.86.128.0/19
deny from 41.87.64.0/19
deny from 41.138.160.0/19
deny from 41.139.64.0/18
deny from 41.155.0.0/17
deny from 41.184.0.0/16
deny from 41.189.0.0/19
deny from 41.190.0.0/19
deny from 41.190.240.0/22
deny from 41.191.108.0/22
deny from 41.203.64.0/19
deny from 41.203.96.0/19
deny from 41.204.224.0/19
deny from 41.205.160.0/19
deny from 41.206.0.0/19
deny from 41.206.224.0/19
deny from 41.211.192.0/18
deny from 41.215.244.0/22
deny from 41.216.160.0/20
deny from 41.216.232.0/22
deny from 41.217.0.0/17
deny from 41.217.204.0/22
deny from 41.219.128.0/18
deny from 41.219.192.0/18
deny from 41.220.64.0/20
deny from 41.221.112.0/20
deny from 41.221.160.0/20
deny from 41.222.40.0/21
deny from 41.222.64.0/21
deny from 41.222.144.0/21
deny from 41.222.208.0/22
deny from 41.223.64.0/22
deny from 41.223.128.0/22
deny from 41.223.136.0/22
deny from 41.223.144.0/22
deny from 41.223.168.0/22
deny from 62.173.32.0/19
deny from 62.193.160.0/19
deny from 80.248.0.0/20
deny from 80.250.32.0/20
deny from 82.128.0.0/17
deny from 193.189.0.0/18
deny from 193.189.64.0/23
deny from 193.189.128.0/24
deny from 195.166.224.0/19
deny from 196.1.133.0/24
deny from 196.1.176.0/20
deny from 196.3.60.0/22
deny from 196.3.180.0/22
deny from 196.10.202.0/24
deny from 196.22.6.0/24
deny from 196.28.10.0/24
deny from 196.29.208.0/20
deny from 196.32.224.0/23
deny from 196.40.192.0/18
deny from 196.45.48.0/20
deny from 196.46.20.0/24
deny from 196.46.27.0/24
deny from 196.46.144.0/22
deny from 196.46.240.0/21
deny from 196.200.64.0/20
deny from 196.200.112.0/20
deny from 196.207.0.0/20
deny from 196.216.144.0/22
deny from 196.216.148.0/22
deny from 196.216.184.0/22
deny from 196.216.251.0/24
deny from 196.216.253.0/24
deny from 196.216.255.0/24
deny from 196.220.0.0/19
deny from 196.220.64.0/19
deny from 196.220.224.0/20
deny from 196.220.240.0/20
deny from 212.100.64.0/19
deny from 217.14.80.0/20
deny from 217.117.0.0/20
#



0
 
LVL 12

Expert Comment

by:geowrian
ID: 34215139
For IIS7, this geoblock module works well for a quick fix:
http://sourceforge.net/projects/iis7geoblockmod/

Preferably you want to have the block at the network level, which would require a bit more complexity. It would also involve maintaining (or purchasing subscription rights to) a database with IP ranges and their respective geographical regions. Some DNS services provide this capability, but require an rDNS lookup on each IP which may not be feasible in your environment.

Obviously, a determined user can get around this via proxies and such, but this stops the majority of users.
0
 
LVL 12

Expert Comment

by:geowrian
ID: 34215141
@RushB
That list would probably be good for right now as an immediate fix, but will get out of date quickly. The harm here is users being incorrectly identified and blocked, which is generally very damaging to the company's image.
0
 
LVL 3

Expert Comment

by:RushB
ID: 34215157
I included two options- free and paid. GeoIP and Embargo will do the trick if you don't mind paying for the service.

Thanks,
RushB
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 34215337
My company blocks all traffic to and from all IP blocks assigned to Internet registries that are outside of the United States. It is a pretty aggressive stance, but it prevents all sorts of problems. We block inbound web traffic, and outbound traffic as well, and then make exceptions when needed.
Let me know if you want my router access list and I can post it later.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question