Banning Countries from Servers [no, not Threadwatch...]

23 comments
Source Title:
1bu.com - Stealing Content on an Industrial Scale
Story Text:

This content stealing threat came from China. Recently we took the step of banning all traffic from certain countries from all our servers. The current list comprises China, Korea and certain African states.

I don't think we are missing out by banning this traffic. All our sites are either hosted in UK or USA. We are only really interested in UK, European or USA traffic. My feeling is that the traffic coming from the countries above does not contribute greatly to our revenue and that there is a higher risk of nefarious activity associated with those countries. I know threats are just as likely to come from UK, Europe or USA but I'm just reducing risks. I know I'm stereotyping but you've got to be realistic right?

Does anyone else do this? What countries do you suggest banning?

Comments

 

Hi Keir,

I’m not sure if you are just trolling for a story here Keir but I will give you my response as a server admin of 5 years. IMO it’s a waste of time to go down this route and a sign of poor server admin skills. I'll lay out my reasons.

1) Spam

Ok I understand you want to cut your spam down; a lot originates from these countries and they have a very poor response to spam complaints. However are you already blocking port 25 connections with RBL connections to spamhaus, cbl.abuseat.org, dnsbl.sorbs.net, korea.blackholes.us and chinanet.blackholes.us. You can use spamcop too if you want. This is extremely effective and will help you far more than this country ban.

2) Attacks

Well as a server admin you must know that it’s pretty easy to jump around server proxies. While the ‘normal’ users would be stopped from viewing web pages or sending mail, this is hardly going to stop a cracker. Put some decent security on there, auto blocking dictionary, brute force attacks and ban direct root access. I could go on about server security here for a while but you get the point – country IP blocking only stops the normal (read – harmless) users. You should be automatically adding attackers to a block list on your firewall based on their actions.

On an ethical standpoint I don’t believe its right to ban entire countries. I don’t think the average African gives a rat’s arse about Viagra sales. These are all US/UK businesses who are taking advantage of the lack of regulations. IMO I don’t think its right that a handful of spammers can cut entire countries off from the internet.

I’ve seen the calls for country IP banning getting stronger but it’s usually by new admins who don’t understand the more sophisticated techniques. Although feel free to tell me I’m wrong and you have done all of the above? :)

Of course it's your box and you're free to ban who you want, but IMO this route is far more effective and gives greater control over these problems.

banning or utilizing?

cloak 'n serve your favorite propaganda with a note about the cooperative web being, well, cooperative.

 

I truly believe it is using a sledgehammer to crack an extremely tasty nut.

I tried to drop as many clues (some blatantly obvious I feel) about how to turn the lemons of content proxying to a lemonade of links, links and more links.

Andrews, said it above.

Quote:
cloak 'n serve your favorite propaganda

My propaganda is links!

P.S. Expect any value from this to die now, but it's worth thinking about for the future

Threadwatch.org and the birth of Internet racism

Threadwatch has an exceeding bad solution posted to their 'content stealing' problem.

Recently we took the step of banning all traffic from certain countries from all our servers. The current list comprises China, Korea and certain African states.
...

Idiot

On the above trackback this guy says:

Quote:
How fucking stupid can you be to ban whole blocks of countries?

I wonder if it's any more stupid than not reading the whole post before linking to it and assuming that it was talking about threadwatch banning countries, not an individual poster talking about his ecom sites....

Pfftt.....

 

Hownottoread.com - From the comments that have followed, none are suggesting that this is the way to go. Admittedly from different angles - thanks Andrews/Jason hadn't thought of that!

I'd comment on his blog but er...he doesn't seem to allow any.

 

I ban any IP range that I find associated with Africa, specially Nigeria, Ivory Coast etc. I'm tired of africans who need to send private messages to members on my forums (one of our site has a pretty high profile demographic), responding to classifieds with dumbarse messages and generally making a nuisance of themselves.

Give me one reason to allow that traffic and I'll happily redirect it to you. :)

Confuzzlement

I wonder if it's any more stupid than not reading the whole post before linking to it and assuming that it was talking about threadwatch banning countries, not an individual poster talking about his ecom sites

To be fair, Nick, the wording of the original post is vague enough that anyone coming to this site from an outside link would likely make the same mistake.

It certainly doesn't help that the original post here linked to a discussion where the original post involves the threadwatch site being among those being stolen from, which might confuse someone into thinking this is an official response.

No Drop in Revenue

Kino, sorry I know nothing about server admin but you seem to be very experienced in this area. I will pass your suggestions on to our technical team to decipher.

Andrews/Jason - I know where you're coming from but I wasn't really talking about specific threats. The discussion was more general. It just appeared to me that traffic from certain countries was not benefiting us but increasing risk from threats. A huge generalisation I know, especially considering the fact that most attacks will come from same locality as our target audience. But, the fact of the matter is that after banning the above countries there has been no drop whatsoever in revenue.

Confusing

Good point Derek. I can see how this is confusing. I obviously confused Andrews & Jason as well.

Let me clarify, I referred to 1bu.com issue but I was not talking specifically about that. I intended a general discussion of banning particular countries from servers.

 

and i've changed the title, that should do it :) thanks Derek..

 

No problem Keir - if they want some specific tutorial pointers then send me a PM.

I don't think anyone would notice a revenue drop but I just don't like this sledgehammer solution. I have several friends in Sudan who I correspond with and being based in Russia means we get our fair share of blocking. The ability to surf/email with a proxy is an essential from here. I know language is a bit consideration here but all this helps to keep non-techies within the RU-net rather than bringing everyone together (ref. Tim Berners-Lee).

I can quite easily see the internet being divided on the basis of countries or continents if things carry on moving in the current direction. I don't see that as reducing spam or cracking as people in those areas will have no participation in the US/UK-net. Why would governments bother to crack down on these people if the whole nation has been excluded?

I also think a lot of people outside Europe don't realise how much spam gets sent here. Russians get the same viagra rubbish as everyone else, in English, due to automatic harvesting of emails. As with most people globally a large percentage of this comes from US IP blocks, so maybe they should cut the States off too?

 

Keir.

Yup, you confused me, but let's be honest it doesn't take much to do that:)

Banning whole ranges is bloody sensible IMHO on ecom sites, if your historical data shows it prevents frauds balanced against sales.

When I first started to do it I made my own set of rules. It reduced costs massively (in charge back fees, stolen stock, admin etc etc) but didn't decrease legit income at all.

It's since become quote a sought after service and MaxMind have a much more polished commercial version they sell.

responsibility

The original post has wording very similar to a post I responded to on another site.

In that context I suggested that some things transcend pure commercial interest.

Letting a user look is not the same as accepting an order from them.

Keep on banning, and someday you may find yourself looking in from the outside.

The news today at The Register, is that a number of large EU based companies are considering delisting from the NYSE because of the extra-territorial application of the Sarbannes-Oxley legislation.

Conversation

Quote:
No problem Keir - if they want some specific tutorial pointers then send me a PM.

Hey! let's keep it public, i'd love some specific tutorials, can we get some links please kino?

 

I was thinking about banning Nigeria from our sites. We deal in accommodation and the number of Nigerians wanting to stay with us is pretty high. Too bad they all just want the confirmation to show the embassy they have a place to stay for their visa.

Those are the sort of customers you can do without :)

 

Thanks for the suggestion Jason, someone else mentioned those guys. It seems they take the guess work out of it.

I agree Kino it is quite sad that this is becoming more prevalent. Hardly what Berners-Lee envisaged. Reality of business today I suppose.

I thought a lot more people did this but comments above seems to suggest that many don't. Anyone else care to comment about what they do?

 

Ok Nick - seeing as you asked :)

Kudos to Ryan/rfx for his brute force script and firewall:

http://www.rfxnetworks.com/bfd.php

http://www.rfxnetworks.com/apf.php

http://www.webhostgear.com/60_print.html

Same to Aaron for his IP tables trick to stop dictionary attackers.

http://forum.ev1servers.net/showthread.php?t=50435

(follow down the thread half way to title: Dictionary Attack iptables fix)

This document gives an overview of RBL (Realtime Blackhole List) and how it works with Sendmail. Very easy to do actually.

http://lugoj.org/docs/rbl.html

RBL/Sendmail Tutorial (and a good discussion of this thread topic from the admin point of view) go here:

http://forum.ev1servers.net/showthread.php?t=4823&highlight=stop+spam

This is an old thread though, for example relays.osirusoft.com should not be used now. I would recommend using the following:

sbl-xbl.spamhaus.org
cbl.abuseat.org
dnsbl.sorbs.net
chinanet.blackholes.us
korea.blackholes.us
relays.ordb.org

HTH

As plumsauce wrote: Letting a user look is not the same as accepting an order from them.

It would take 2 mins to run the IP of the order past a checking script.

how freakin stupid?

Knowing them, they'll probably delete the trackback that I have posted to the article (they've done it before).

Any blogger who writes with such a flaming attitude without reading that which he criticizes, must get his trackbacks deleted all the time. I never would have seen his blog if he hadn't been such an ass here, and Nick hadn't left his link in place. Why mess with evolutionary process? Intervening in Darwin's process, Nick?

I was already familiar with 1bu and several Chinese republishers who copied enture sites for republishing in China and Taiwan, with new ads. If I did that here on a large scale, they could do a DMCA on me. The other way? Propaganda makes cooperation a value proposition for the other side. It also makes for a very sticky situation in that country for that republisher, removing the value from his automated scraping process (adding risk).

In my experience the ones who get angry and nasty at the suggestions of counter efforts are usually scammers.

As for free speech and all that, sure -- my free info sites are all creative commons and unblocked for all the world to see, just like my front yard.

Scarcity of information makes it more valuable?

I understand the anger over sites stealing your content to slap ads into, but as mentioned elsewhere, how would blocking entire countries prevent this from happening?

All it takes is a proxy server in an allowed ip-block to make the country ban useless. In fact, by blocking entire countries, aren't you making doing so even more valuable to the content thieves by making their copied sites the only way to access that information for legitimate users in the countries you've boycotted?

On the other hand, I can definitely see the benefit of limiting access to the purchasing and registration portions of a website to prevent fraud, while still keeping the main site itself free to view to all.

trackbacks as content theft

Any blogger who writes with such a flaming attitude without reading that which he criticizes, must get his trackbacks deleted all the time.

Just a blogger who cares more about the number of links he has than what he is actually saying. Threadwatch of course is not in that category.

I understand the anger over sites stealing your content to slap ads into, but as mentioned elsewhere, how would blocking entire countries prevent this from happening?

As I suggested elsewhere blocking by ip to protect content is not going to work. In that suggestion, I proposed the use of AOL broadband and a scraper to put the content on a CD to be shipped by snail mail. The question to the poster was of course whether he would be willing to ban all ip's belonging to AOL proxy servers.

Banning by country is somewhat akin to the reasoning of the RBL blacklisters. In that case, because they cannot handle spam at the receiving end they go around like vigilantes blacklisting site after site.

In the case of ecommerce, fraud prevention is part of the business process. It is a problem to be solved, not avoided. Walmart won't deny you access to their store because you are dressed wrong, but they might watch you closer.

The *real* problem is the so called fraud scrubbing abilities of the processors in North America. My processor let several orders go through that I flagged as being problematic for them. Not only did they let them go through, they charged me for the chargebacks resulting from their inadequacy! Only in the online world would this sort of thing fly.

not being clear

I suggested cloak 'n serve propaganada because I was suggesting a tactic for leverage with a nation's law makers/enforcers. If someone breaks my copyright law but their nation of residence doesn't care to fix it, then offensive propaganda might get that nation's attention. It is the failure to respect copyright that brings the "ban by country" into play. Countries make the rules.

For example, if the DMCA didn't reach to Elbonia where the offender was, I could serve up pro democracy pages to Elbonian visitors. Get it? If the republisher was dumb enough to leave my propaganda in place on his servers, he'd be serving up pro democracy materials inside Elbonia. Scary stuff. Maybe my site will get blacklisted by the ELbonian government proxies. The republisher has a new value proposition -- stealing my content is not risk-free.

Of course I understand that the good people in Elbonia might want to read my content, but I will qualify that by saying they need to pay for it since the ads don't pay *me* for accesses from China. So as soon as we have an effective internatinal micropayment system, or an Elbonian ad server intreested in doing business, we can work something out.

Good Advice

Thanks for an intelligent discussion on the matter. As I said, I thought more people did this routinely. It would seem not. I never thought that blocking several countries completely was a flawless solution. It is obviously very easy to use proxies and attack from any country you desire. It was just intended to reduce risk. Plus, the evidence so far had backed it up. Blocked 3 countries and experienced no drop in revenue. I still definitely believe we need this type of protection but I will look at the feasibility of implementing it in a more sophisticated manner as suggested above. Thanks for good advice

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.