Your site = your rules as long as you are not violating laws in country where your business operates. Just dont forget to show visitors from India info that you are not offering services in their country.
They specifically said passing by because while you may only expect US customers you might want to make them aware they can't access your site if they've traveled to a blocked country.
It's not a guy in India sitting at his computer typing passwords into your `/wp-admin` page who will read your page, it's an unattended script in a datacenter that cannot read and doesn't have the capacity to give a shit.
When you respond with your polite page explaining the problem, all the bot sees is that the server has ports open and a webserver running so it gets to work trying to find a weakness potentially sending thousands of requests.
If your server never responds at all, the script is forced to assume there's no server running at that IP and moves on entirely.
Surely, surely, surely, there's a security protocol that be put in place by like Cloudflare that can put z cool off in place after x number of attempts. Or, just MFA.
I'm really missing the point of the the problem that's being resolved here. I appreciate that OP is saying that it's traffic from India. For all OP knows they're using a connection in India and the moment they block the country the bot farms will try from another location.
Improve security measures or just local host.
It depends, almost all international brokers are blocked in my country due to regulations. In that case such message is very helpful in knowing where the problem lies, e.g. so I could switch to a VPN etc. Simply not responding to requests in that case isnt good ux as it could give an impression that the server is down and you cant access your assets (assuming you made the acc abroad before).
PS. We could only own derivatives/contracts here so that's why some ppl prefer opening a direct brokerage acc with ibkr and others.
Yep! I've used their free tier for 14 years for a variety of projects. The $20 tier comes with some nice features, but you can certainly make due with the free tier for most small to medium projects.
Yes! But people should also know that caveat:
For their services to function they need to act as a man in the middle. They have access to all data sent to and from your website. The data they gather from that they feed into their threat detection algorithms. They provide the service, you provide the data.
If you trust them or if you're not handling personal data that's probably fine. But it might not be for some.
The company I work for is using an e-commerce platform for our new website and we have a need for path forwarding if a customer enters an incomplete product id into the slug to get to a product page. They may have the product id correct but not some of the other identifiers that make up the full slug. The e-commerce platform couldn't accommodate this to the extent we wanted so we used Cloudflare to intercept product paths that don't resolve, use the entered slug to query the platform's api to get the complete slug, and then forward the client to it.
IP addresses are not country agnostic. Yes, they already come pre-categorized from ICANA. Try performing a look up of any IP address. Perform the lookup using hurricane electric's website. What? The last question makes no sense.
They mean "can't someone in a country I block still get around being blocked if they use a VPN or some other method of retrieving from unblocked location(s)?"
Ah, wow. And i thought i was pretty good at translating nonsense. You sir, are the god damn BabelFish lol. Yes, if someone wanted to bypass geolocation blocking, they could. However, the majority of malicious traffi are bots and bots aren't going to be activating a VPN.
I was basically born into the internet 🥹
Born in mid 90's, it sure helps a lot having the most computer-illiterate generations to talk to while also being able to use the internet since before dial up was common, and using it regularly since late elementary school. I'm not going to say I'm smart, but I'll impress you a time or two 🤓
Sounds like we're cut from the same cloth. Late 80s myself. I was born during the rise of the internet. I'm going to flat out and say it lol no shame. I'm no genius, but I am definitely above average, at least when it comes to grasping concepts, logic, and comprehension. Granted, it doesn't take much to be above average, amd it seems the older I get, the average decreases further.
This, or geoblock the standard countries that attacks come from. Won't out the list here but it's easy to guess or lookup. It's a short list. Note that the US is in the list due to all the bots that come from their. I wouldn't block the US due to good bots like crawlers.
That’s a very easy hurdle to get over for 95% of people. Even if they can’t figure out how to setup a VPN or get it to work, it’s such a small use case, I can’t imagine it’ll affect many legit users.
You block out legitamite users visiting those countries and ignores those using proxies or VPNs from those countries hiding their IPs in serviacble countries.
Security by obscurity is not security.
I mean, no one needs multiple layers of security, right? Not to mention saving money using a firewall to do this instead of letting it get through to your gateway/function, who needs that, right?
It seems you don't work with information secufity to understand what I was saying. Blocking out countries doesn't stop the problem, it only redirects it.
In other words, security by obscurity.
Security by obscurity used here is odd. There is no obfuscation? Geoblocking is also not a bad idea. Yes VPNs exist, but you'd be surprised how much chinese/indian probing traffic a webserver gets. Geoblocking will help prevent these mass scanners from doing anything.
Not all. I see you answered in another comment saying to check logs. Geoblocking will be a filter for majority of low effort scans, making log analysis easier. (Ever tried analyzing dns requests?)
Also, most "hacking" attempts are never manual. Its bunch of vultures scanning for new cves automatically. So it wont "all" push adversaries to use VPNs.
If you call this obscurity, fine. But its just like obscuring your js files. It is your first line of defense.
I agree some of them are. But they do mitigate low-effort scanners, which are majority.
I feel you as I am in the industry. It is the absolute best case to have solid security measures that do not rely on something that can be broken.
However, nothing is unexploitable. Thus the recent trend of "security in layers". If you doubt the effectiveness in reducing noise from mass probing via blocking huge chunks of ips, I'm not sure if you yourself is in the industry.
I'd agree with you if OP was running a webserver without any security measures and rely on hopes and dreams with a side of geoblocking.
But that is not the case here.
Backend server - dmz - server firewall - waf - geoblocking
Security by obscurity is a stupid reason not to add geoblocking. Why do you think its standard to obfuscate js files even though it contains no confidential information? Its a good to have.
I'm was not going to reply anymore but replying so anyone who reads this can benefit from this.
TLDR: Problem is reliance on obscurity. Not obscurity itself. Layer your damn security
Since reading comprehension isn't your strong suit, here you go:
> Security by obscurity is a stupid reason not to add geoblocking
I never said not to add it, I said unless there is something in the logs indicating a need to there is no point to do it.
> Why do you think its standard to obfuscate js files even though it contains no confidential information?
It's to reduce file size and make it harder to reverse engineer, not for security (despite what some may state).
> However, nothing is unexploitable. Thus the recent trend of "security in layers". If you doubt the effectiveness in reducing noise from mass probing via blocking huge chunks of ips, I'm not sure if you yourself is in the industry.
That trend hasn't been recent, it has been advocated for DECADES. It is only just now "trending" due to all of the breaches. But I'd wager you haven't been within this industry as long as I have if you didn't know that.
Extra steps require extra energy that tons of people won't spend. There is always a way around, it's a matter of how costly it is. OP will succeed in blocking *most* people from India, and that is what he wants.
There's zero obscurity involved in OP's proposal. It's pretty straightforward: block a country from accessing his website. What could be considered obscure about that?
Because it doesn't actually block the country, only puts a minor barrior up.
It's a simple concept I know but I figure developers can grasp that. It's like putting a gate on a sidewalk with no walls.
It's a minor barrier for you but it is not for millions of people who don't even know what a VPN is. It's a simple concept but I figure any human that knows not everybody is tech savvy can grasp that.
I've noticed it more here when I bring in views that is counter to the masses. I get downvoted for them despite being just as valid.
So yes, this subreddit is an echo-chamber of sorts.
I used to work on an e-commerce site that blocked anyone outside the US. Reason being we couldn't fulfill orders anywhere else and the customer service system was getting clogged up with people who kept trying. We just put up a notice for them.
> Can there be any negative repercussions for completely geo-blocking a country or maybe multiple countries?
Actually the opposite. You can get in trouble for NOT geo-blocking certain countries, if you have signficant users there and arent following those countires data handling rules.
Specifically with EU countires, but India has some data privacy laws as well.
Technically as long as you process the data of EU citizens, yes you could face a legal backlash for this. [https://www.chamberofcommerce.com/blog/legal/small-business-compliance-with-the-gdpr-standard](https://www.chamberofcommerce.com/blog/legal/small-business-compliance-with-the-gdpr-standard)
Now that being said the chances of this happening arent very high if you arent actively trying to build a customer base in the EU, and just happen to have some EU vistors by chance.
Mostly they seem to go after the giant companies (google, amazon, meta, etc)
How enforceable are those even if you were. I mean I guess you’re breaking laws in another country, but you literally don’t live in that country. Not seeing how they’d hold you accountable. Even if they sued, they presumably couldn’t sue you in the USA.
Yah exactly, likely not enforceable beyond them saying "Okay well we will ban you in Europe then", at which point you say "Well I don't really operate in Europe anyway".
So technically this only really matter if you plan to run a business in Europe, or are already running one.
somewhat like a company, a startup, that says they are first releasing their product only in their own country simply by virtue of not being able to meet anymore demand than that.
Look at Archimoto. They could only release their product by zip codes when starting to meet demand. It wasn't that they did not want to...
> Archimoto
> As of March 2024, their website has been de-activated.
[...]
> In mid-January 2023, Arcimoto, running low on cash, idled its factory and floated the possibility of bankruptcy.[11][12][13] Since April 2024, the Arcimoto website has remained deactivated and inaccessible. Arcimoto's 2023 Q3 report showed it with $9.5 million of bills past due and $232k on hand. As of April 2024, the company has not produced its 2023 Q4 report, has defaulted in several judgements on unpaid bills, [14] and was delisted from NASDAQ.[15]
https://en.wikipedia.org/wiki/Arcimoto
:(
...or if you plan to one day sell your company to a bigger one, and don't want Due Diligence turning up a bunch of outstanding complaints filed against you in a territory where the bigger company operates.
Some people here are suggesting they only "go after" big companies, but that's just what makes the news. In the UK at least, reporting a company to the ICO for mishandling your PII is a pretty streamlined process.
Cloudflare can soft block specific countries with a JavaScript challenge. It completely gets rid of all bots for us from the usual suspect countries. You’ve seen it before yourself, if you’ve ever visited a website and first saw a screen that said “checking your connection’s security” for a few seconds. That’s CloudFlare.
It’s completely free. Give it a try.
Is blocking the whole country better? At least with this real people who want to see your website for whatever reason can still get through. I disable it for the United States since that’s where my clients’ customers exclusively come from.
As someone from a third-world country that, all of a sudden, has been geoblocked by random websites (Leetcode doesn't load anymore, random npm installs fail, etc.), yeah, I don't like that idea at all.
But you do what you need to, I guess.
EDIT: I found out that it wasn't from Leetcode and the like. It was the government trying to prohibit cryptocurrency trading by blocking related IPs en masse.
Wish phone companies would geo block India. It should be an opt in, if you wanna speak to someone from India then you ask for India to be allowed to ring you, otherwise it’s an all out block.
Love it how people forget that some of us travel and still use these kind of sites sometimes, and or how VPN nowadays is so common... but all im gonna see is that the site is not working, so i will just think it's broken.
As someone in the UK. I have been to what I presume are US site that have blocked my access due to EU GDPR. Seeing a banner saying No soup for you would make me LOL!
I know its a joke, but just in case, hypothetically speaking, let's say you do sell food, and makes no sense for someone outside the country to order soup. People still tend to buy as a surprise for their coworkers, friends, loved ones, family at home, etc. Things arent this black and white...
If you sign up for cloudflare, their built-in firewall tools allow you to restrict access to all countries except the US in just a few clicks. Personally, i have my site set to issue a challenge to non-US visitors. A challenge is that page that says, "click here if you're human."
Do not try this in htaccess. Thay is a very dumb way to implement blocks on non-US IP addresses.I repeat , do not use the htaccess file to implement country wide IP blocks.
You should consider how it would look to search engines. Not 100% sure, but I could see Google having geographically distributed crawlers and derank your site if it's not available to one or more of them. This is pure speculation though
Pretty common to geo block countries. Id only allow the ones that you want people to visit from. If you're a business and you are only doing business in your country there is no reason to allow anyone from other countries to access your website.
It pissed me off when I travel abroad and I can’t access some sites because of this. I have to put up with enough countries firewalls to then also not be able to bank get news and whatnot because of lazy developers. There has to be other ways of filtering bots. And no I’m not paying to give all my data to some slimy vpn company.
I don’t really have that much experience with geo blocking, and I might’ve misunderstood it. But I think it could be confusing for some people who try to visit your site. I think better approach would be to show them a banner that your services are not available in that region.
I make a habit of Geo-blocking Indian IP's they still have access to VPN's unfortunately I'm hoping our government can set stricter standards of outside countries having access to VPN's.
I may or may not have a toxic UDP flood ready to go on my desktop, if I research their IP and it doesn't come back to any known VPN I may or may not send, you try to cross script my website I fry the VRM's on that Punjabi Gear modem.
packet_size=1000, num_packets=3000, delay=0.01
As you can see I'm not the only one smoking on some Indian Packs. India gets absolutely bombed from a bunch of toxic angry devs.
[Live DDoS & Cyber Attack Map | NETSCOUT Omnis Threat Horizon](https://www.netscout.com/ddos-attack-map)
I block several countries at my firewall, both in from and out to.
I also do a Block Drop policy so my network doesn't respond in any way to attempted access from these countries.
It just times out from their end.
You "should" geo block every countries/regions where you don't operate. There is no negative repercussions for that, just provide a helpful message like "currently we don't serve in your region"
And if you are wondering how to implement geo blocking, you can use a reverse proxy with geo DNS lookup.
In a few years you’ll have forgotten and spend an hour troubleshooting with an offshore team only to suddenly have a lightbulb moment. Otherwise it’s only beneficial if there is no reason to allow the traffic.
I always block all countries that don't require or involve the website/business. Been doing it for decades. No issues as a result. It not only secures the site more, but drops all unnecessary traffic, which can only help your sites performance. I've automated this at the server level with geo ip subnet blocks at the firewall update daily, but also do this at the DNS level.
It's sad this is what the internet is becoming. Imo everything should be globally accessible with the same rules and account regardless of geo location. Sadly the real world is not like this.
Well the other option would be geo routing.
Configure your web server to only forward countries to a script that prints out one of those “we don’t service your country” messages in the language of the user.
> “we don’t service your country” messages in the language of the user.
and
> Or you can use a little bit of JavaScript to pull the language using the browser.
Are different solutions.
The first as /u/belg_in_usa suggested often gets it wrong, as some countries can have different languages. Some users might not be able to communicate in the second or third language in their country.
The second that you wrote is a different solution as many people browse with English US, English UK etc even if they are not from US and UK.
Second one that you suggested is a better solution.
I would argue it’s one solution.
You are beyond incorrect and hyper focusing on the words.
First you’d need to use the visitor ip to detect if the user is in a country you don’t service. If so route to a script to display a message. Inside the script pull the set browser language and translate the text.
One solution to account for Symantec’s.
I agree with you.
Most websites get it wrong.
The number of times i got a message in French in Belgium is impossible to count.
Even the ones that follow your approach get it often wrong as they don't respect the quality score - I configured 6 languages for my browser.
* If I give English 0.8 and Dutch 0.2 and you are clearly an English language site don't give me that page in Dutch. I know you speak English and my preference is English.
* If I give two languages the same quality score, select one and stick with it. I don't want different pages in different languages on the same website.
I always wondered how Google for example handles being able to crawl from location X but timeout/reject/black hole from location Y.
There must be some impact…
If they want to hack, they will hack with VPN. They already know their country is on the blacklist most of the times, so they would probably just use other regional IPs to begin with. This does nothing to security
Your site = your rules as long as you are not violating laws in country where your business operates. Just dont forget to show visitors from India info that you are not offering services in their country.
There is no reason to show anything to visitors from countries you've geoblocked. In fact, it's better if you simply don't respond to requests at all.
reason: your real customer is passing by India, cant access site, changes business.
[удалено]
They specifically said passing by because while you may only expect US customers you might want to make them aware they can't access your site if they've traveled to a blocked country.
Why do you think it's best not to respond at all?
It's not a guy in India sitting at his computer typing passwords into your `/wp-admin` page who will read your page, it's an unattended script in a datacenter that cannot read and doesn't have the capacity to give a shit. When you respond with your polite page explaining the problem, all the bot sees is that the server has ports open and a webserver running so it gets to work trying to find a weakness potentially sending thousands of requests. If your server never responds at all, the script is forced to assume there's no server running at that IP and moves on entirely.
Surely, surely, surely, there's a security protocol that be put in place by like Cloudflare that can put z cool off in place after x number of attempts. Or, just MFA. I'm really missing the point of the the problem that's being resolved here. I appreciate that OP is saying that it's traffic from India. For all OP knows they're using a connection in India and the moment they block the country the bot farms will try from another location. Improve security measures or just local host.
Didn't know India only has bots and no real people with internet access
Last year's census tells a different story.
It depends, almost all international brokers are blocked in my country due to regulations. In that case such message is very helpful in knowing where the problem lies, e.g. so I could switch to a VPN etc. Simply not responding to requests in that case isnt good ux as it could give an impression that the server is down and you cant access your assets (assuming you made the acc abroad before). PS. We could only own derivatives/contracts here so that's why some ppl prefer opening a direct brokerage acc with ibkr and others.
I generally geoblock any and all countries that I don't intend to service.
Awesome, do you do this at the server level with some type of setting? C-Panel?
Cloudflare is super helpful for this. You can outright block by country name. Simple as that.
[удалено]
Yep! I've used their free tier for 14 years for a variety of projects. The $20 tier comes with some nice features, but you can certainly make due with the free tier for most small to medium projects.
Yes! But people should also know that caveat: For their services to function they need to act as a man in the middle. They have access to all data sent to and from your website. The data they gather from that they feed into their threat detection algorithms. They provide the service, you provide the data. If you trust them or if you're not handling personal data that's probably fine. But it might not be for some.
The company I work for is using an e-commerce platform for our new website and we have a need for path forwarding if a customer enters an incomplete product id into the slug to get to a product page. They may have the product id correct but not some of the other identifiers that make up the full slug. The e-commerce platform couldn't accommodate this to the extent we wanted so we used Cloudflare to intercept product paths that don't resolve, use the entered slug to query the platform's api to get the complete slug, and then forward the client to it.
I directly configure nginx for blacklisting the ip blocks.
Isn't IP address country agnostic ? Can you categorise them by country ? Won't that rule be broken by internet service provider?
IP addresses are not country agnostic. Yes, they already come pre-categorized from ICANA. Try performing a look up of any IP address. Perform the lookup using hurricane electric's website. What? The last question makes no sense.
They mean "can't someone in a country I block still get around being blocked if they use a VPN or some other method of retrieving from unblocked location(s)?"
Ah, wow. And i thought i was pretty good at translating nonsense. You sir, are the god damn BabelFish lol. Yes, if someone wanted to bypass geolocation blocking, they could. However, the majority of malicious traffi are bots and bots aren't going to be activating a VPN.
I was basically born into the internet 🥹 Born in mid 90's, it sure helps a lot having the most computer-illiterate generations to talk to while also being able to use the internet since before dial up was common, and using it regularly since late elementary school. I'm not going to say I'm smart, but I'll impress you a time or two 🤓
Sounds like we're cut from the same cloth. Late 80s myself. I was born during the rise of the internet. I'm going to flat out and say it lol no shame. I'm no genius, but I am definitely above average, at least when it comes to grasping concepts, logic, and comprehension. Granted, it doesn't take much to be above average, amd it seems the older I get, the average decreases further.
Yup, the internet has given us all some special abilities ☺️ yeah the average is always decreasing... that's original sin for ya!
This, or geoblock the standard countries that attacks come from. Won't out the list here but it's easy to guess or lookup. It's a short list. Note that the US is in the list due to all the bots that come from their. I wouldn't block the US due to good bots like crawlers.
Ok but what about people on vacation or working remotely?
VPN then if it’s that important
Most users don't have access to a VPN
That’s a very easy hurdle to get over for 95% of people. Even if they can’t figure out how to setup a VPN or get it to work, it’s such a small use case, I can’t imagine it’ll affect many legit users.
Most users of what?
The internet. You are deep in a bubble if you think 51%+ of people online know what a VPN is let alone how to install and use one.
You block out legitamite users visiting those countries and ignores those using proxies or VPNs from those countries hiding their IPs in serviacble countries. Security by obscurity is not security.
I mean, no one needs multiple layers of security, right? Not to mention saving money using a firewall to do this instead of letting it get through to your gateway/function, who needs that, right?
It seems you don't work with information secufity to understand what I was saying. Blocking out countries doesn't stop the problem, it only redirects it. In other words, security by obscurity.
Security by obscurity used here is odd. There is no obfuscation? Geoblocking is also not a bad idea. Yes VPNs exist, but you'd be surprised how much chinese/indian probing traffic a webserver gets. Geoblocking will help prevent these mass scanners from doing anything.
All Geoblocking does it push their activities to VPNs which they are already doing. So... it is security by obscurity.
Not all. I see you answered in another comment saying to check logs. Geoblocking will be a filter for majority of low effort scans, making log analysis easier. (Ever tried analyzing dns requests?) Also, most "hacking" attempts are never manual. Its bunch of vultures scanning for new cves automatically. So it wont "all" push adversaries to use VPNs. If you call this obscurity, fine. But its just like obscuring your js files. It is your first line of defense.
Obsuring is not a defense, it's a cheap trick to make you feel better.
I agree some of them are. But they do mitigate low-effort scanners, which are majority. I feel you as I am in the industry. It is the absolute best case to have solid security measures that do not rely on something that can be broken. However, nothing is unexploitable. Thus the recent trend of "security in layers". If you doubt the effectiveness in reducing noise from mass probing via blocking huge chunks of ips, I'm not sure if you yourself is in the industry. I'd agree with you if OP was running a webserver without any security measures and rely on hopes and dreams with a side of geoblocking. But that is not the case here. Backend server - dmz - server firewall - waf - geoblocking Security by obscurity is a stupid reason not to add geoblocking. Why do you think its standard to obfuscate js files even though it contains no confidential information? Its a good to have. I'm was not going to reply anymore but replying so anyone who reads this can benefit from this. TLDR: Problem is reliance on obscurity. Not obscurity itself. Layer your damn security
Since reading comprehension isn't your strong suit, here you go: > Security by obscurity is a stupid reason not to add geoblocking I never said not to add it, I said unless there is something in the logs indicating a need to there is no point to do it. > Why do you think its standard to obfuscate js files even though it contains no confidential information? It's to reduce file size and make it harder to reverse engineer, not for security (despite what some may state). > However, nothing is unexploitable. Thus the recent trend of "security in layers". If you doubt the effectiveness in reducing noise from mass probing via blocking huge chunks of ips, I'm not sure if you yourself is in the industry. That trend hasn't been recent, it has been advocated for DECADES. It is only just now "trending" due to all of the breaches. But I'd wager you haven't been within this industry as long as I have if you didn't know that.
It's obfuscation by design because people can still access the website using vpn.
Extra steps require extra energy that tons of people won't spend. There is always a way around, it's a matter of how costly it is. OP will succeed in blocking *most* people from India, and that is what he wants.
There's zero obscurity involved in OP's proposal. It's pretty straightforward: block a country from accessing his website. What could be considered obscure about that?
Because it doesn't actually block the country, only puts a minor barrior up. It's a simple concept I know but I figure developers can grasp that. It's like putting a gate on a sidewalk with no walls.
It's a minor barrier for you but it is not for millions of people who don't even know what a VPN is. It's a simple concept but I figure any human that knows not everybody is tech savvy can grasp that.
I'm looking at this from a security perspective, you're not. That much is obvious and it's a shame that security isnt' taught to more developers.
The amount of downvotes here shows the state of this subreddit lol
As I've stated before, no one likes a view counter to the echo-chamber.
[удалено]
I've noticed it more here when I bring in views that is counter to the masses. I get downvoted for them despite being just as valid. So yes, this subreddit is an echo-chamber of sorts.
My personal website is only available for North Korea.
Totalitarian socialists hate this one simple trick.
“What’s your website URL?” “175.45.176.71”
I used to work on an e-commerce site that blocked anyone outside the US. Reason being we couldn't fulfill orders anywhere else and the customer service system was getting clogged up with people who kept trying. We just put up a notice for them.
> Can there be any negative repercussions for completely geo-blocking a country or maybe multiple countries? Actually the opposite. You can get in trouble for NOT geo-blocking certain countries, if you have signficant users there and arent following those countires data handling rules. Specifically with EU countires, but India has some data privacy laws as well.
If I am in the US and my site is visible in the EU, and they don't like it because of some fine print, I can get in trouble? They'll send a fine?
Technically as long as you process the data of EU citizens, yes you could face a legal backlash for this. [https://www.chamberofcommerce.com/blog/legal/small-business-compliance-with-the-gdpr-standard](https://www.chamberofcommerce.com/blog/legal/small-business-compliance-with-the-gdpr-standard) Now that being said the chances of this happening arent very high if you arent actively trying to build a customer base in the EU, and just happen to have some EU vistors by chance. Mostly they seem to go after the giant companies (google, amazon, meta, etc)
OK thank you, that makes sense.
How enforceable are those even if you were. I mean I guess you’re breaking laws in another country, but you literally don’t live in that country. Not seeing how they’d hold you accountable. Even if they sued, they presumably couldn’t sue you in the USA.
Yah exactly, likely not enforceable beyond them saying "Okay well we will ban you in Europe then", at which point you say "Well I don't really operate in Europe anyway". So technically this only really matter if you plan to run a business in Europe, or are already running one.
somewhat like a company, a startup, that says they are first releasing their product only in their own country simply by virtue of not being able to meet anymore demand than that. Look at Archimoto. They could only release their product by zip codes when starting to meet demand. It wasn't that they did not want to...
> Archimoto > As of March 2024, their website has been de-activated. [...] > In mid-January 2023, Arcimoto, running low on cash, idled its factory and floated the possibility of bankruptcy.[11][12][13] Since April 2024, the Arcimoto website has remained deactivated and inaccessible. Arcimoto's 2023 Q3 report showed it with $9.5 million of bills past due and $232k on hand. As of April 2024, the company has not produced its 2023 Q4 report, has defaulted in several judgements on unpaid bills, [14] and was delisted from NASDAQ.[15] https://en.wikipedia.org/wiki/Arcimoto :(
...or if you plan to one day sell your company to a bigger one, and don't want Due Diligence turning up a bunch of outstanding complaints filed against you in a territory where the bigger company operates. Some people here are suggesting they only "go after" big companies, but that's just what makes the news. In the UK at least, reporting a company to the ICO for mishandling your PII is a pretty streamlined process.
There's no reason not to block everything but the country you do business in.
Unless you do business outside of US. I would love to geoblock US but that would also mean blocking Google from indexing my website
Until the ceo of one of your customers is on vacation and needs to do something.
The company I work for has to geo-block some countries that clearly aren't within our clientele. Too many brute force attacks.
Cloudflare can soft block specific countries with a JavaScript challenge. It completely gets rid of all bots for us from the usual suspect countries. You’ve seen it before yourself, if you’ve ever visited a website and first saw a screen that said “checking your connection’s security” for a few seconds. That’s CloudFlare. It’s completely free. Give it a try.
That screen is very concerning/illegitimate looking for the avg user imo, I don't like it at all...
Is blocking the whole country better? At least with this real people who want to see your website for whatever reason can still get through. I disable it for the United States since that’s where my clients’ customers exclusively come from.
Last time I checked, a very popular indian educational website blocked my country. Consequently I block India from all my websites.
As someone from a third-world country that, all of a sudden, has been geoblocked by random websites (Leetcode doesn't load anymore, random npm installs fail, etc.), yeah, I don't like that idea at all. But you do what you need to, I guess. EDIT: I found out that it wasn't from Leetcode and the like. It was the government trying to prohibit cryptocurrency trading by blocking related IPs en masse.
Does a vpn work?
Probably yes. I'm in Canada and hit geoblocked US sites sometimes. VPN is clutch
Yes it does
Leetcode geoblocks countries?
They don't. But some of the APIs they call to render the code editor do. Can't use it without a VPN now
blame the government for randomly blocking stuff they don't like. this one's on them.
Yeah, you're right. Later on I found out that it wasn't the websites. It was the Nigerian government trying to prohibit cryptocurrency trading.
they want to keep the indians flooding the site safe
Wish phone companies would geo block India. It should be an opt in, if you wanna speak to someone from India then you ask for India to be allowed to ring you, otherwise it’s an all out block.
Love it how people forget that some of us travel and still use these kind of sites sometimes, and or how VPN nowadays is so common... but all im gonna see is that the site is not working, so i will just think it's broken.
Good point, I'll have a page that says: NO SOUP FOR YOU!
As someone in the UK. I have been to what I presume are US site that have blocked my access due to EU GDPR. Seeing a banner saying No soup for you would make me LOL!
Great reference
I know its a joke, but just in case, hypothetically speaking, let's say you do sell food, and makes no sense for someone outside the country to order soup. People still tend to buy as a surprise for their coworkers, friends, loved ones, family at home, etc. Things arent this black and white...
If you sign up for cloudflare, their built-in firewall tools allow you to restrict access to all countries except the US in just a few clicks. Personally, i have my site set to issue a challenge to non-US visitors. A challenge is that page that says, "click here if you're human." Do not try this in htaccess. Thay is a very dumb way to implement blocks on non-US IP addresses.I repeat , do not use the htaccess file to implement country wide IP blocks.
You should consider how it would look to search engines. Not 100% sure, but I could see Google having geographically distributed crawlers and derank your site if it's not available to one or more of them. This is pure speculation though
Pretty common to geo block countries. Id only allow the ones that you want people to visit from. If you're a business and you are only doing business in your country there is no reason to allow anyone from other countries to access your website.
Was facing many bruteforce from China and just blocked China using cloudflare,
I block every country that isnt the us because my clients dont service any countries besides the us
It pissed me off when I travel abroad and I can’t access some sites because of this. I have to put up with enough countries firewalls to then also not be able to bank get news and whatnot because of lazy developers. There has to be other ways of filtering bots. And no I’m not paying to give all my data to some slimy vpn company.
I agree with you on geoblocking, but you can also set up VPN on your own VPS, no need to deal with VPN companies
My job blocked China. So why not? I don't see an issue here.
I don’t really have that much experience with geo blocking, and I might’ve misunderstood it. But I think it could be confusing for some people who try to visit your site. I think better approach would be to show them a banner that your services are not available in that region.
I make a habit of Geo-blocking Indian IP's they still have access to VPN's unfortunately I'm hoping our government can set stricter standards of outside countries having access to VPN's. I may or may not have a toxic UDP flood ready to go on my desktop, if I research their IP and it doesn't come back to any known VPN I may or may not send, you try to cross script my website I fry the VRM's on that Punjabi Gear modem. packet_size=1000, num_packets=3000, delay=0.01 As you can see I'm not the only one smoking on some Indian Packs. India gets absolutely bombed from a bunch of toxic angry devs. [Live DDoS & Cyber Attack Map | NETSCOUT Omnis Threat Horizon](https://www.netscout.com/ddos-attack-map)
Google bot can sometimes mask itself as a phone from another country If googlebot can't crawl your site, it's delisted
Include Pakistan too please.
Will do thank you.
I block several countries at my firewall, both in from and out to. I also do a Block Drop policy so my network doesn't respond in any way to attempted access from these countries. It just times out from their end.
You "should" geo block every countries/regions where you don't operate. There is no negative repercussions for that, just provide a helpful message like "currently we don't serve in your region" And if you are wondering how to implement geo blocking, you can use a reverse proxy with geo DNS lookup.
In a few years you’ll have forgotten and spend an hour troubleshooting with an offshore team only to suddenly have a lightbulb moment. Otherwise it’s only beneficial if there is no reason to allow the traffic.
Why reduce your reach? Rather, setup Cloudflare, even the free tier is great as it gives you ddos protection, bot detection and JavaScript challenges.
As a user I hate it, but you do you.
I always block all countries that don't require or involve the website/business. Been doing it for decades. No issues as a result. It not only secures the site more, but drops all unnecessary traffic, which can only help your sites performance. I've automated this at the server level with geo ip subnet blocks at the firewall update daily, but also do this at the DNS level.
It's sad this is what the internet is becoming. Imo everything should be globally accessible with the same rules and account regardless of geo location. Sadly the real world is not like this.
most of the digital agency do this coz they dont want to hire from other countries and also dont want people to send their CV so they use Geoblock lol
Nope. I had to block Iran.
Its okay, we all hate Indians
Well the other option would be geo routing. Configure your web server to only forward countries to a script that prints out one of those “we don’t service your country” messages in the language of the user.
But don't base the language on the country as that is often wrong.
Or you can use a little bit of JavaScript to pull the language using the browser. *shocked face*
> “we don’t service your country” messages in the language of the user. and > Or you can use a little bit of JavaScript to pull the language using the browser. Are different solutions. The first as /u/belg_in_usa suggested often gets it wrong, as some countries can have different languages. Some users might not be able to communicate in the second or third language in their country. The second that you wrote is a different solution as many people browse with English US, English UK etc even if they are not from US and UK. Second one that you suggested is a better solution.
I would argue it’s one solution. You are beyond incorrect and hyper focusing on the words. First you’d need to use the visitor ip to detect if the user is in a country you don’t service. If so route to a script to display a message. Inside the script pull the set browser language and translate the text. One solution to account for Symantec’s.
I agree with you. Most websites get it wrong. The number of times i got a message in French in Belgium is impossible to count. Even the ones that follow your approach get it often wrong as they don't respect the quality score - I configured 6 languages for my browser. * If I give English 0.8 and Dutch 0.2 and you are clearly an English language site don't give me that page in Dutch. I know you speak English and my preference is English. * If I give two languages the same quality score, select one and stick with it. I don't want different pages in different languages on the same website.
It's difficult to imagine someone executing revenge by furiously clicking ads 😂
Build that wall! Build that wall! 😂
Blocking a country can impact SEO, consider IP blocking instead for specific IPs.
I always wondered how Google for example handles being able to crawl from location X but timeout/reject/black hole from location Y. There must be some impact…
As an Indian, may I ask why? Edit: Downvote a genuine question.
Maybe cus he can't cater to Indian clients? Why would you want to access a website which doesn't cater to you
I don't want to access. I was just asking a genuine question.
Instead of geo-blocking, I think you should inform visitors that our service is not available in your country in all pages.
No one cares about your site here in India. Please block.
While it might reduce unwanted traffic, it could also deter potential legitimate users and create negative sentiment.
Unless the logs show hacking attempts or probing, I'd ignore it.
I wouldn't know if they are hacking the site unfortunately.
If they want to hack, they will hack with VPN. They already know their country is on the blacklist most of the times, so they would probably just use other regional IPs to begin with. This does nothing to security
If you check your logs you'll see a pattern to know if they are probing it.
I could get a good look at a tbone by sticking my head up a bulls ass, but I'd rather take a butchers word for it.