Blocking certain countries using .htaccess

Hi,

I keep on getting sign ups of people posting financial loans offered to people that ask for sensitive information that are obviously fraudulent, they originate almost always from the same ip address. Benin [City: Porto-Novo, Oueme]

I think it most likely starts with 41.xx.xx.xxx. I keep on banning their accounts but they always have loads of email addresses.

Now I searched google and saw that I could ban ips using .htaccess. This is what I must add to the .htaccess I think. (placed on second post because it is too long to fit in one post)

Is this correct and safe? Thanks.

Part 1:

PHP:

# Nigerian (NG) and African 419 Scammers IP addresses follow:
deny from 12.166.96.32/27 41.136.0.0/16 41.138.160.0/19 41.155.0.0/17 41.184.0.0/16 41.189.0.0/19 41.189.32.0/19 41.190.0.0/19 41.190.88.0/22 41.191.84.0/22 41.191.108.0/22 41.194.52.0/22 41.202.0.0/17 41.202.128.0/19 41.202.192.0/19 41.203.64.0/18 41.203.224.0/20 41.204.0.0/17 41.204.128.0/18 41.204.224.0/19 41.205.0.0/19 41.205.64.0/19 41.205.160.0/19 41.206.0.0/19 41.206.64.0/19 41.207.0.0/19 41.207.160.0/19 41.207.192.0/19 41.208.48.0/23 41.208.128.0/18 41.210.0.0/18 41.210.192.0/18 41.211.0.0/19 41.211.192.0/18 41.212.128.0/17 41.214.0.0/17 41.215.160.0/20 41.216.32.0/19 41.217.0.0/17 41.218.192.0/18 41.219.128.0/17 41.220.0.0/16 41.221.80.0/20 41.221.160.0/20 41.222.0.0/21 41.222.24.0/21 41.222.40.0/21 41.222.64.0/21 41.222.192.0/22 41.223.24.0/22 41.223.64.0/22 41.223.248.0/22 41.248.0.0/16 41.250.0.0/16 61.11.230.112/29 62.24.96.0/19 62.56.128.0/17 62.56.235.0/24 62.56.236.0/24 62.56.244.0/22 62.56.248.0/24 62.128.160.0/20 62.173.32.0/19 62.192.128.0/19 62.192.140.250 62.193.160.0/19 63.70.178.0/24 63.73.58.0/24 63.100.193.0/24 63.103.138.0/24 63.103.139.64/26 63.103.140.0/22 63.109.245.168/29 63.109.247.0/24 63.109.248.128/25 63.122.154.0/24 64.14.48.128/26 62.24.96.0/19 64.86.155.0/24 64.86.210.0/23 64.110.30.0/24 64.110.31.0/24 64.110.64.16/28 64.110.76.0/23 64.110.81.0/24 64.110.93.16/28 64.110.93.176/28 64.110.147.0/24 64.201.33.0/24 65.120.56.0/21 65.209.91.0/24 65.209.92.0/24 66.18.64.0/19 66.110.31.0/24 66.178.0.0/17 66.199.241.82 66.205.20.0/24
deny from 77.70.128.0/24 77.70.129.0/26 77.70.137.0/25 77.70.138.0/23 77.73.184.0/21 77.220.0.0/20 78.138.2.0/24 78.138.2.0/24 78.138.3.0/25 78.138.3.128/26 78.138.3.192/27 78.138.3.224/28 78.138.8.8/29 78.138.32.32/27 78.138.33.144/29 80.78.16.168/29 80.78.16.176/28 80.78.16.192/28 80.78.17.0/24 80.78.18.88/29 80.78.18.96/27 80.78.18.128/29 80.78.19.16/29 80.78.19.104/29 80.78.19.112/28 80.78.23.16/28 80.87.64.0/19 80.88.128.0/20 80.88.129.0/24 80.88.130.0/24 80.88.131.0/24 80.88.132.0/26 80.88.132.64/27 80.88.132.104/29 80.88.132.128/26 80.88.132.192/27 80.88.132.224/28 80.88.132.240/29 80.88.133.0/25 80.88.134.0/26 80.88.134.64/29 80.88.135.0/24 80.88.136.0/24 80.88.137.0/24 80.88.138.0/25 80.88.138.128/26 80.88.138.192/27 80.88.139.0/25 80.88.139.128/26 80.88.139.192/27 80.88.139.224/28 80.88.140.0/24 80.88.141.0/25 80.88.141.128/27 80.88.142.0/24 80.88.143.128/29 80.88.144.0/23 80.88.146.0/24 80.88.147.0/24 80.88.148.0/24 80.88.149.0/25 80.88.149.128/26 80.88.149.192/28 80.88.150.0/24 80.88.151.0/24 80.88.152.0/24 80.88.153.0/24 80.88.154.32/27 80.88.154.72/29 80.88.154.80/29 80.88.154.96/28 80.88.155.0/25 80.88.155.128/27 80.88.155.160/29 80.89.176.0/24
deny from 80.179.102.0/24 80.179.107.64/27 80.179.107.224/29 80.179.128.0/17 80.231.4.0/23 80.240.192.0/20 80.247.136.0/24 80.247.137.0/24 80.247.141.32/27 80.247.141.64/26 80.247.141.128/25 80.247.142.0/24 80.247.147.16/28 80.247.147.32/29 80.247.147.64/27 80.247.147.96/28 80.247.151.0/24 80.247.153.0/24 80.247.156.0/26 80.247.156.128/28 80.247.157.0/24 80.247.159.0/24 80.248.0.0/20 80.248.64.0/20 80.250.32.0/20 80.255.40.48/28 80.255.40.96/29 80.255.40.112/28 80.255.40.128/28 80.255.40.192/28 80.255.40.224/27 80.255.40.240/28 80.255.41.160/28 80.255.43.0/24 80.255.46.0/29 80.255.46.16/28 80.255.46.64/29 80.255.58.160/27 80.255.58.192/26 80.255.59.19 80.255.59.232/29 80.255.59.240/29 80.255.61.0/25 81.18.32.0/20 81.18.40.0/24 81.18.42.0/24 81.23.194.0/27 81.23.194.64/27 81.23.194.128/25 81.23.195.0/24 81.23.196.0/25 81.23.196.128/29 81.23.200.0/21 81.24.0.0/20 81.91.224.0/20 81.199.0.0/16 82.128.0.0/17 82.205.242.0/23 83.137.59.8/29 83.137.61.0/24 83.138.167.40/29 83.143.8.0/22 83.229.0.0/17 84.254.188.3 84.254.128.0/18
deny from 155.239.0.0/16 192.116.64.0/18 192.116.128.0/18 192.116.152.0/21 192.118.71.0/24 193.93.96.0/22 193.95.0.0/17 193.110.2.0/23 193.189.0.0/18 193.189.64.0/23 193.189.128.0/24 193.194.64.0/19 193.219.192.0/18 193.220.0.0/16 193.220.26.0/24 193.220.30.0/26 193.220.30.64/27 193.220.31.0/26 193.220.31.64/27 193.220.45.0/25 193.220.47.0/25 193.220.77.0/26 193.220.187.0/26 193.220.187.128/27 195.8.22.0/24 195.10.109.192/26 195.24.192.0/19 195.44.168.0/21 195.44.176.0/21 195.137.13.0/24 195.137.14.0/24 195.166.224.0/19 195.214.240.0/21 195.219.176.0/24 195.225.62.0/23 195.245.108.0/23 196.0.0.0/16 196.1.176.0/20 196.3.60.0/22 196.3.180.0/22 196.12.12.0/22 196.20.0.0/19 196.29.96.0/19 196.29.216.0/21 196.29.224.0/20 196.44.96.0/19 196.45.192.0/18 196.46.240.0/21 196.128.0.0/10 196.192.0.0/12 196.208.0.0/14 196.212.0.0/14 196.216.64.0/19 196.220.0.0/19 197.224.0.0/14 198.54.0.0/16 204.16.124.0/22 204.118.170.0/24 206.82.128.0/20 206.113.97.0/24 208.70.0.0/21 208.78.56.0/21 209.88.163.0/24 209.101.84.0/24 209.159.160.0/20 209.198.240.0/23 209.198.242.16/28 209.198.242.96/29 209.198.242.104/30 209.198.242.108/31 209.198.242.128/27 209.198.246.240/28 212.49.64.0/19 212.52.128.0/19 212.60.64.0/19 212.85.192.0/19 212.96.0.0/19 212.100.64.0/19 212.165.128.0/17 212.165.132.64/27 212.165.135.0/24 212.165.140.16/29 212.165.140.64/26 212.165.140.128/25 212.165.141.0/24 212.165.147.0/26 212.165.147.128/26 212.165.183.0/24 212.199.108.0/24 212.199.251.0/24 212.247.93.0/24
deny from 213.136.96.0/19 213.140.62.0/23 213.150.192.0/23 213.154.64.0/19 213.166.160.0/19 213.181.64.0/19 213.185.96.0/21 213.185.106.0/24 213.185.112.0/24 213.185.113.0/26 213.185.113.64/27 213.185.113.96/27 213.185.118.160/27 213.185.118.192/26 213.185.124.0/24 213.187.135.0/24 213.187.145.0/24 213.211.128.0/18 213.211.188.0/24 213.232.96.0/24 213.255.193.0/24 213.255.194.0/24 213.255.195.0/24 213.255.198.0/24 213.255.199.0/24 216.72.104.0/21 216.74.187.0/24 216.118.252.0/24 216.118.253.0/24 216.118.254.0/24 216.129.147.128/28 216.129.159.0/24 216.133.174.0/24 216.139.160.0/19 216.147.132.144/28 216.147.132.160/28 216.147.134.0/24 216.147.159.0/24 216.185.79.0/24 216.236.200.96/28 216.236.202.96/28 216.236.205.0/24 216.236.222.128/26 216.250.195.0/27 216.250.195.64/26 216.250.221.0/24 216.250.222.0/24 216.252.176.0/24 216.252.177.0/24 216.252.231.0/25 216.252.245.0/24 217.10.163.128/26 217.10.163.192/27 217.10.163.224/27 217.10.166.0/26 217.10.166.64/28 217.10.169.0/24 217.10.170.0/24 217.10.171.0/24 217.10.173.0/26 217.10.182.0/27 217.10.184.0/24 217.14.80.0/20 217.15.124.0/25 217.20.240.0/20 217.20.241.0/25 217.20.241.128/29 217.20.241.136/29 217.20.241.144/28 217.20.241.160/29 217.20.241.168/29 217.20.241.176/29 217.20.241.184/29 217.20.241.192/29 217.20.241.200/29 217.20.241.208/29 217.20.242.0/24 217.20.243.16/28 217.20.243.32/27 217.21.64.0/19 217.21.112.0/20 217.78.64.0/20 217.117.0.0/20 217.146.3.144/28 217.146.3.160/28 217.146.3.176/29 217.146.3.224/27 217.146.4.64/26 217.146.5.0/24 217.146.6.0/25 217.146.6.160/27 217.146.7.0/24 217.146.8.0/25 217.146.9.0/24 217.146.10.128/25 217.146.11.0/25 217.146.12.0/24 217.146.13.0/24 217.146.14.0/25 217.146.15.0/25 217.146.16.0/27 217.146.16.32/29 217.168.112.0/20 217.194.140.0/22 217.194.144.0/20 217.199.144.0/20 217.212.242.0/23

# South African ISPs (ZA) (Cape Town, Johannesburg, Pretoria, etc, .za domains), used by Nigerian 419 and lottery scammers
deny from 41.0.0.0/16 41.18.0.0/15 41.26.0.0/15 41.28.0.0/15 41.30.0.0/15 41.54.0.0/15 41.56.0.0/16 41.112.0.0/12 41.132.0.0/14 41.160.0.0/12 41.213.0.0/17 41.240.0.0/16 41.241.0.0/16 41.242.0.0/16 41.243.0.0/16 41.244.0.0/16 41.245.0.0/16 41.246.0.0/16 165.143.0.0/16 165.144.0.0/14 165.148.0.0/15 196.2.112.0/21 196.34.0.0/15 196.36.0.0/14 196.210.0.0/16 196.215.0.0/16


part 2:

PHP:

# Algeria (DZ)
deny from 41.200.0.0/15 193.194.64.0/19

# Morocco (MA)
deny from 41.250.0.0/15 41.140.0.0/14

# Tanzania (TZ)
deny from 196.43.64.0/19

# Added Goldenlines.net.il (Israel) because of Open Proxies used by Nigerian scammers
deny from 80.179.244.0/24

# Amsterdam, The Netherlands (NL) - DSL-NAT Customers and web hosting clients - Lottery and 419 scammers
deny from 62.59.36.0/22 62.59.40.0/21 62.59.48.0/22 62.140.128.0/20 79.170.90.0/24 82.93.0.0/16 82.168.0.0/14 85.92.141.0 87.249.104.0/23 194.60.207.0/24 213.75.0.0/16

# Freenet in Germany (DE) (freenet.de); Used as spam relay by many Nigerian scammers, in March, 2008.
# Choose one of the following CIDRs:

# Narrow freenet.de CIDR, used by recent scammers:
deny from 195.4.92.0/23

# Full Freenet.de CIDR:
deny from 195.4.0.0/16

# ISPs in Spain (ES), France (FR) and Italy (IT), used by many expatriot Nigerian lottery and 419 scammers (Cableuropa, Ibercom, Ono.com, Telefonica)
deny from 62.42.0.0/16 77.211.0.0/16 79.174.192.0/18 80.12.242.0/24 80.13.0.0/16 80.24.0.0/16 80.25.0.0/16 80.36.0.0/14 81.34.0.0/16 81.45.0.0/16 81.51.0.0/16 81.202.0.0/15 81.208.0.0/18 82.63.128.0/18 82.90.0.0/15 82.194.64.0/19 82.196.0.0/19 83.54.0.0/16 84.120.0.0/13 85.39.0.0/16 85.91.64.0/19 85.235.128.0/19 88.0.0.0/11 88.202.124.0/27 89.141.0.0/17 90.43.172.0/24 90.160.0.0/12 91.142.208.0/20 93.32.0.0/11 147.83.0.0/16 147.96.0.0/16 193.252.22.0/24 195.53.0.0/16 195.55.0.0/16 212.121.224.0/19 213.4.0.0/16 213.60.0.0/16 213.194.128.0/18 213.194.144.0/20 213.244.0.0/20 217.108.0.0/16

# Costa Rica (CR) exceptions:
allow from 196.40.0.0/18 196.40.64.0/19

# End Nigerian/African blocklist

# Add other blocked domain names or IP addresses here, starting with "deny from " without quotes

# If you find that you need to poke a hole in the blocklist, for legitimate visitors, follow this example: allow from 123.456.789.0

# Real life example: Some forums have legitimate DSL customers in Mauritius, which is blocked by 196.0.0.0/9, in my blocklist.
# To allow 8192 of these folks in Mauritius into your forums, just add the following directive:

allow from 196.27.64.0/19

# Add "allow from" IP addresses, or CIDR Ranges, after all of the "deny from" items, just before the closing Files tag.

# Everything not included within these deny from ranges is PERMITTED by the allow portion of the directive.

</Files>


# This prevents web browsers or spiders from seeing your .htaccess directives:

<Files .htaccess>
deny from all
</Files>

# End of file

Sorry I just realized that I am clogging up the forum with this script...

Well not these scammers, I have over 15-20 accounts with the same starting ip address, so at least if I can give them some trouble, it is worth a try. If I see that they use proxies then I guess I will have to check the web site often. But isi the coding done right for the .htaccess?

I did a little searching and found an example of blocking proxy servers using .htaccess

Code:

RewriteEngine on
RewriteCond %{HTTP:VIA}                 !^$ [OR]
RewriteCond %{HTTP:FORWARDED}           !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA}       !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR}     !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION}    !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION}   !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP}      !^$
RewriteRule ^(.*)$ - [F]

I have not tried this myself, maybe someone with greater knowledge about this can shed some light on this.

I just checked my host and they offer ip blocks, and it is quite easy to use and effective. Good idea!

Just as an FYI, our Scam Filter module handles IP banning, proxy-detection, country/region banning (since regional IP ranges get reassigned quite often), keyword banning, etc.

Scam Filter Module for 68Classifieds