Handy Mod: Block Registration by Country

Started by MrMike, December 21, 2009, 03:29:02 PM

Previous topic - Next topic

MrMike

This mod may not be useful to some people, but to others it may be a big help. I hope it's of use to someone.

I get a LOT of bogus signups from places like Russia, India, China, etc etc. Usually they're spambots, but sometimes they're done by actual human spammers. In either case, I don't want them registering, and I don't want to have to do lookups on each registration to see if it looks legitimate.

The board I developed this for is generally only of interest to US/Canadian users as it deals with divorce and custody law. So, if someone is registering from Dubai or Lithuania chances are that their registration is bogus.

I inserted a small amount of code at the top of Register.template.php to do an IP-to-Country lookup, and if the country code that gets returned is not in an "allow" list, then the page just halts with a simple message. It could easily be made to display specific info, forward the user to another page, or whatever else you might want to do.

You can get the ip-to-country data from a variety of places, but to make things easy I've attached a zip file named 'iptocountry.zip'. It has a reasonably complete list of IPs and countries (about 88,000 rows). It's what I use and it seems to work well for me.

To make this work for you, follow these steps:

1) Unzip the "iptocountry.zip" file and import the contents into your database.

2) Add or remove countries from the "$allow_list" array. You can get a complete list of all of the countries available by running this query:

SELECT DISTINCT COUNTRY_CODE2, COUNTRY_CODE3, COUNTRY_NAME FROM iptocountry ORDER BY COUNTRY_CODE3ASC

3) Add the code below to the very top of "Sources/Register.template.php", right after the opening PHP tag (<?PHP).

4) That's it.

Enjoy! Comments and/or questions are welcome.

-MrMike


Here's the code..I placed it right at the very top of "Register.template.php". If someone wants to make this into an "official"mod, please feel free, the code is yours to do with as you wish.
/////////////////////////////////////////////////////////
// mod - 12-21-2009 - prevent certain "problem" countries from
// registering based on their IP address....

// try and get the real IP address...
if (getenv('HTTP_CLIENT_IP')) {
    $ip_address = getenv('HTTP_CLIENT_IP');
}elseif (getenv('HTTP_X_FORWARDED_FOR')) {
    $ip_address = getenv('HTTP_X_FORWARDED_FOR');
}elseif (getenv('HTTP_X_FORWARDED')) {
    $ip_address = getenv('HTTP_X_FORWARDED');
}elseif (getenv('HTTP_FORWARDED_FOR')) {
    $ip_address = getenv('HTTP_FORWARDED_FOR');
}elseif (getenv('HTTP_FORWARDED')) {
    $ip_address = getenv('HTTP_FORWARDED');
}else {
    $ip_address = $_SERVER['REMOTE_ADDR'];
}

// Query for getting visitor countrycode
$country_query  = "SELECT country_code2,country_name FROM iptocountry ".
     "WHERE IP_FROM<=inet_aton('$ip_address') AND IP_TO>=inet_aton('$ip_address') ";

// Execute above query
$country_exec = mysql_query($country_query);

// Fetch record set
$ccode_array=mysql_fetch_array($country_exec);

// get the country code from the array
$country_code=$ccode_array['country_code2'];

// get the country name from the array
$country_name=$ccode_array['country_name'];

if($country_code==''){$country_code='XX';}
if($country_name==''){$country_name='UNKNOWN';}

//print "$country_code, $country_name";

// countries registration is ALLOWED from
$allow_list[] = 'US'; // USA numbah wun
$allow_list[] = 'CA'; // Canada, eh?
$allow_list[] = 'PR'; // Puerto Rico
$allow_list[] = 'VI'; // Virgin Islands, nice beaches
$allow_list[] = 'GB'; // Great Britain/UK, cheerio, guv
$allow_list[] = 'SE'; // Sweden - always allow blondes!
$allow_list[] = 'AU'; // Autralia - throw another dingo on the barbie, mate!
$allow_list[] = 'FR'; // France, ze land of luuuuuuuuuv
$allow_list[] = 'ZA'; // South Africa, shucks, why not...
$allow_list[] = 'VG'; // British Virgin Islands, blimey, eh wot?
$allow_list[] = 'UM'; // USA, some tiny little islands far away
$allow_list[] = 'GL'; // Greenland, too cold for most spammers
$allow_list[] = 'AQ'; // Antarctica (see 'Greenland')
$allow_list[] = 'IO'; // British Indian Ocean territory
$allow_list[] = 'AS'; // American Samoa (they're Yanks, sort of)

if(!in_array($country_code, $allow_list)){

print <<<EOM
    <html><head></head>
    <body bgcolor="#dcdcdc">
    Registration for your country is disabled. Sorry.
    </body></html>
EOM;

exit;
}
/////////////////////////////////////////////////////////

Arantor

Interesting, thank you for posting :)

I would note however that such logic really should be part of Register.php itself not part of Register.template.php (logic and real decisions should be there) and throw an appropriate language error message.

As for the iptocountry.zip, was that code you wrote yourself? If not, there may be issues with packaging it into a mod.

MrMike

#2
Quote from: The Grinch on December 21, 2009, 03:35:49 PM
I would note however that such logic really should be part of Register.php itself not part of Register.template.php (logic and real decisions should be there) and throw an appropriate language error message.
Yep, I know it's probably not the correct place to put it, I just did it this way because I wanted something in place quickly. If someone would like to make this a proper mod, that would be great.

Quote from: The Grinch on December 21, 2009, 03:35:49 PMAs for the iptocountry.zip, was that code you wrote yourself? If not, there may be issues with packaging it into a mod.
The iptocountry.sql is freely available on a number of websites, so I don't think it should be an issue. To my knowledge it is not copyrighted in any way. If people would rather look for another source of the information, that's fine, although in that case they may need to alter the queries to make it work correctly.

(The code could also be modified to query one of the publicly available IP locating services, but I like to host my own stuff.)

The link below should show a number of sites that offer the same or similar data:

IP to Country Database

As a side note, I've had this code in place for less than 12 hours and it's already blocked about 15 registration attempts from China, Romania, Poland, Argentina, Russia, and a couple of other places. (My version sends an email when it blocks a registration attempt, but it's just for diagnostic purposes and it'll be turned off as soon as get sick of the emails, lol.)

Arantor

Thanks for the links. I will see if I can find time to package this as a mod and release it on the mod site sometime, unless someone else beats me to it.

Though I have a few other ideas on how the interface might look in the admin panel though.

MrMike

Quote from: The Grinch on December 21, 2009, 03:53:43 PMThough I have a few other ideas on how the interface might look in the admin panel though.
Maybe a panel that would allow adding/removing countries via a scrolling select list, and/or by IP.
Optional notification, configuration of the action when blocking (message, forwarding to a defined URL, etc).

Arantor

*nods* All good options, though I'm not sure I'd be quite so flash were I to package this. I was just thinking of having a list of countries for the user to tick/untick.

MrMike

Quote from: The Grinch on December 21, 2009, 04:24:59 PM*nods* All good options, though I'm not sure I'd be quite so flash were I to package this. I was just thinking of having a list of countries for the user to tick/untick.

Well, there are ~285 countries to pick from, so a scrolling select list would probably be the most UI-friendly way to present them.

(I do a lot of UI in my work, and none of the other choices seemed to be as well-suited as a scrolling select list. Using checkboxes would be problematic for the UI, in my opinion.)

Adding some simple "action" options (forwarding URL, custom display message, etc)  would be nice, but not truly necessary. Although if you offer the mod  without it, you just know someone is going to go, "Hey, could you add the option to....;D

joseflor

How do I upload the IP to Country list to the database?

MrMike

#8
You'll need to import it into the database.

Upload the file, then use something like phpMyAdmin to import it. If you have shell access you can import it using this command:
mysql -u username -ppassword database_name < name_of_the_file.sql




Quote from: joseflor on November 30, 2011, 02:05:22 AM
How do I upload the IP to Country list to the database?

awolexpat

One thing I would suggest to anyone that is thinking of making this into a mod (and I agree it would be very useful) would be to have the countries broken down into regions, such as Western Europe, Eastern Europe, Asia etc so that a box could be ticked that would tick all the corresponding countries (or untick) - it would make it easier to use I think. Maybe even a region of notorious 'spam' countries?

joseflor

#10
Thanks MrMike, I will be studying it, as I have very limited knowledge to this issues.
For information, I have from 50 to 100 new registrations a day of pure spam. I manage to install a mod to stop posting links until they have a number of posts, but it is very hard to get off all this span.

Later edit:
I got it, I have phpAdmin. But now I have another question. I have a file named ip-to-country.CVS. How do I convert it to SQL? Or better, can you post a file here so people can download it directly. Ths.

My phpAdmin asks me this?
File may be compressed (gzip, zip) or uncompressed.
A compressed file's name must end in .[format].[compression]. Example: .sql.zip

José
PS I attached the file ip-to-country.CVS it is from 2006

MrMike

1) You can import it via phpMyAdmin as a CSV file (look at the import options).

2) Get a newer file- anything from 2006 is going to be very, very outdated.

Quote from: joseflor on December 01, 2011, 01:35:01 AM
Thanks MrMike, I will be studying it, as I have very limited knowledge to this issues.
For information, I have from 50 to 100 new registrations a day of pure spam. I manage to install a mod to stop posting links until they have a number of posts, but it is very hard to get off all this span.

Later edit:
I got it, I have phpAdmin. But now I have another question. I have a file named ip-to-country.CVS. How do I convert it to SQL? Or better, can you post a file here so people can download it directly. Ths.

My phpAdmin asks me this?
File may be compressed (gzip, zip) or uncompressed.
A compressed file's name must end in .[format].[compression]. Example: .sql.zip

José
PS I attached the file ip-to-country.CVS it is from 2006

Advertisement: