PDA

View Full Version : [all variants] blocking a country's or ISP's IP address



nhasian
October 28th, 2009, 02:51 AM
last week my shopping cart started getting fraudulent credit card orders. the bill to & ship to addresses are always in the US, however the credit card numbers are always different. looks like this hacker always comes to my website from www.google.com.ng so far the IP addresses I've blocked are:

41.219.200.245
41.219.225.108
41.219.230.209

See the common pattern? Should I just block 41.219.*.* ? How can I see what countries or ISPs it will affect? according to http://www.ip-adress.com/ip_tracer/ all of those IPs belong to Starcomms Nigeria.
Is it possible to block the entire country of Nigeria? Or just that particular ISP? Please advise.

lovinglinux
October 28th, 2009, 03:46 AM
Use moblock (http://moblock-deb.sourceforge.net/) with a country ip list (http://www.countryipblocks.net/).

Soul-Sing
October 28th, 2009, 10:05 AM
: http://iplist.sourceforge.net/start.html
iplist blocks ip-ranges and countries.

Sarmacid
October 28th, 2009, 03:25 PM
I'd suggest taking a different approach than blocking all of those IPs. If the stuff is being mailed to the US then it's very likely the attacker is just using proxy servers, and if that country is banned, he'll move on to the next one.

nhasian
October 28th, 2009, 07:52 PM
I would be happy to block anonymous proxy servers as well. :)

lovinglinux
October 28th, 2009, 08:10 PM
I would be happy to block anonymous proxy servers as well. :)

http://iblocklist.com/list.php?list=bt_proxy

Other lists http://iblocklist.com/lists.php

Lars Noodén
October 28th, 2009, 09:10 PM
last week my shopping cart started getting fraudulent credit card orders. the bill to & ship to addresses are always in the US, however the credit card numbers are always different. looks like this hacker always comes to my website from www.google.com.ng so far the IP addresses I've blocked are:

41.219.200.245
41.219.225.108
41.219.230.209

See the common pattern?

You can block the range. Find the range with whois (http://manpages.ubuntu.com/manpages/karmic/en/man1/whois.1.html)


$ whois 41.219.200.245;
...
inetnum: 41.219.225.0 - 41.219.225.255
...

There's a contact there to lodge a complaint with.