Solved

Block sites to access to my site

Posted on 2015-01-08
18
85 Views
Last Modified: 2016-02-24
Hi E's,
This is my first question this year, so, happy new year for all expert's.
Recently launching a new project, belivesaidia.com. I'm still on the write articles, and waiting for google to index the site.
When I go to google analytics, I see that I have a series of sessions of several Russian sites, as can be seen in the attached images:
08-01-2015-18-34-54.png08-01-2015-18-36-47.pngI don't know the reason why this happenning, For sure it will affect the part of SEO, because it makes up the bounce rate!!!
Is there any way to prevent this by blocking these sites, using PHP?
And how?

The best regards, JC
0
Comment
Question by:Pedro Chagas
  • 7
  • 4
  • 4
  • +1
18 Comments
 
LVL 35

Assisted Solution

by:Kimputer
Kimputer earned 100 total points
ID: 40538565
use this:

$info = geoip_country_code_by_name($_SERVER['REMOTE_ADDR']);
print_r ($info);

Open in new window


just kill the page if $info = "ru"
0
 
LVL 34

Accepted Solution

by:
gr8gonzo earned 400 total points
ID: 40538566
1. It shouldn't affect the SEO if they're hitting you directly.

2. You can't really block the initial request using PHP - the request still makes it to the web server before PHP can do anything about it, so if you want to block the request to help preserve bandwidth and reduce bad log hits, then you can always use a firewall to block the traffic.

If you're on a shared hosting server, then you probably don't have enough access to configure the firewall. Otherwise, if you have VPS or your own server, then you can use iptables for Linux or just configure the Windows Firewall for Windows.
0
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 40538568
@Kimputer - that function is not in the normal PHP build. It comes from the GeoIP PECL package, and it still doesn't really block the original request.
0
 
LVL 35

Expert Comment

by:Kimputer
ID: 40538602
Still makes the Google Analytics website more neat and representative of the real visitors, as while it's not a perfect database, I'm willing to bet it will block 80 to 90% traffic from Russia, as if you kill the page, the Google Analytics code isn't loaded and also not recorded.
And while it's not in the normal PHP build, using MaxMind's free code and database, you can implement it in minutes.
0
 
LVL 3

Author Comment

by:Pedro Chagas
ID: 40538657
Thanks for the answer´s.
I will test the solutions, I will back maybe in 2 days for view the results of a test!

Regards, JC
0
 
LVL 3

Author Comment

by:Pedro Chagas
ID: 40539137
Hi @Kimputer, this is the right way to use your solution?:
<?
$info = geoip_country_code_by_name($_SERVER['REMOTE_ADDR']);
$info = mb_strtolower($info, 'UTF-8'); 
if($info == "ru"){
    exit;
}
?>

Open in new window

Hi @gr8gonzo, I will test also the firewall, when I finish the test of GeoIP.

~JC
0
 
LVL 35

Expert Comment

by:Kimputer
ID: 40539782
Yes, that solution is correct. Everything you put after that will be shown for normal users, but Russian users will get a blank page.
0
 
LVL 61

Expert Comment

by:gheist
ID: 40541863
Where is the problem? Why sites cannot link to your site?
0
 
LVL 3

Author Comment

by:Pedro Chagas
ID: 40545738
Hi @gheist, in this particular case, the sites that I identify above makes up the bounce rate.
I officially launched the project in 1/1/2015, and before that these pages already linked to my site. Otherwise, that links was a poor partners, and will probably hurt my SEO.
Maybe I'm being paranoid???

~JC
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 61

Expert Comment

by:gheist
ID: 40546064
Do you have namevirtualhost? Maybe those are worms scanning you.
0
 
LVL 3

Author Comment

by:Pedro Chagas
ID: 40546180
I thing is 67.222.1.227 or fotosdeportugal.net.

~JC
0
 
LVL 3

Author Comment

by:Pedro Chagas
ID: 40553275
@kimputer solution not resolve the problem.
Now I will test with the firewall.

~JC
0
 
LVL 3

Author Comment

by:Pedro Chagas
ID: 40571643
This is the answer of the support about Firewall Server:
Our server's come with the CSF firewall installed and custom configured by default. However blocking based on country is not advised, as this can cause the firewall to crash.
So, on second thought, my question don't have any sense in technical part. It was great if you could control all sites who wish us harm, but then there is no technical way to truly be able to work around the problem.
Thanks for all.

The best regards, JC
0
 
LVL 61

Expert Comment

by:gheist
ID: 40572131
Normally it is sign of email harvesters and other scumware, that they set referer header to signature of developer...
You cannot do much about them past hiding your site behind named virtual host, so that random IP space sweeps dont see it.
0
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 40573289
That's rubbish about blocking based on country causing the firewall to crash. They're probably thinking that you want to do a geo lookup on the IP every single time, which WOULD be a bad thing to do. But it's pretty easy to just assemble a list of all the IP ranges you want to block and then have iptables (which is the CSF firewall) block those ranges. I -know- it won't crash, because I do it today. I have several servers running iptables that completely block out several countries that are frequent sources of hack attempts, and they run just fine.

The IP ranges don't change that often, and it's simple enough to re-update the list from time to time.
0
 
LVL 3

Author Comment

by:Pedro Chagas
ID: 40573811
Thank you, for the last notes.

The best regards, JC
0
 
LVL 61

Expert Comment

by:gheist
ID: 40573829
Just that GeoIP modules load massive set of iptables rules. It does not mean server crashes right away, but it gets somewhat slower, say blocking china or netherlands will yield dozen thousands of rules to look up.
0
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 40573833
Right - that's why you don't do the lookup at runtime. You use a geo IP database to generate the IP address ranges ahead of time, and plug those ranges into iptables. You don't need to plug in every single IP address, and a lot of IP ranges can be merged/consolidated.

IPtables is pretty fast - even with a thousand rules in it, you won't notice a delay unless you have really old hardware.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
This article discusses how to create an extensible mechanism for linked drop downs.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to dynamically set the form action using jQuery.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now