Support

Admin Tools

#33979 Dissallow traffic from India to my website

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Sunday, 29 November 2020 20:17 CST

kataskeviwebsite

Can you advice how I can block all traffic coming from India to my website? I would like to dissallow access to this country to my website using admin tools. 

Thank you in advance

 

Prodromos

PKikas

JCSL Ltd 

Best SEO Cyprus and Web Design Services. 

 

dlb

There is no longer any method in Admin Tools to block an IP by geographic location.  That was removed almost a year ago.  The full story behind the move can be found here.

Bypassing a GeoIP block is so trivial even a script kiddie can do it.  All you have to do is log in through an open proxy server in an allowed country.  



Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

kataskeviwebsite

I understand this and went through the article. The customer still wants to block the country since he believes that will block ordinary users who are not technically minded. Is there any other solution to do this ? I.e block a range of IPs that belong to the specific country ?

PKikas

JCSL Ltd 

Best SEO Cyprus and Web Design Services. 

 

dlb

You are going to go through a lot of trouble trying to figure out what IP ranges to block, for little or no increase in your site's security.  And when you're done, you have to monitor the IP ranges moving from one country to another now that all of the IPv4 addresses have been issued.  It is unreasonable to believe that you can do this without some sort of commercial service.  And you're going to slow your site down because the .htaccess file has to be read with every page load and the site has to figure out again and again if this IP is allowed.  It isn't bad for a few blocked IP addresses but for large numbers of IPs it becomes increasingly slow.

Nicholas killed the GeoIP feature years ago because it wasn't an effective security measure.  He had to reinstate it when he had crowds of people in his yard carrying pitchforks and torches and chanting "Death to Frankenstein!"

OK, I may be exaggerating just a little.  But it really doesn't work.  Let the system handle it.  For those that try something that triggers multiple security alerts, the system can automatically ban them temporarily.  If the same IP is blocked multiple times, it can be blocked permanently.



Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!