How Can I Block Requests from China to My App?

Question

I have an API that is somewhat popular (10,000+ requests/day). After 10 requests per day from an IP address I return a message telling the user they need to cough of some cash if they want to use the service more.

This morning, I found that my web service was running terribly slow. I checked out the DB and I was getting absolutely spammed with requests from IP addresses originating in China. They would use an IP address 10 times and then increment the last octet. Sad times.

I'd like to limit or completely cut off requests from China, for the sake of keeping the system alive. What's the best way to do this? Geolookup each request and ban by country code in PHP? This seems like an inefficient way. There's nothing I can do at the htaccess level, is there?

Don't do it at the .htaccess level. By that time the connection's already been made and sucking up server resources, even if it's just denied immediately. Block access at the firewall. — Marc B, May 13 '11 at 16:17
Perhaps you can just make a quick check if the IP in China by their blocks? http://www.nirsoft.net/countryip/cn.html — Biff MaGriff, May 13 '11 at 16:17
Supposedly this is a list of chinese IP ranges: http://www.wizcrafts.net/chinese-blocklist.html No idea how legitimate it is, but stuffing those in your firewall in a block rule(s) would theoretically fix the worst of your spam problem. — Marc B, May 13 '11 at 16:19
not everyone has a "configurable firewall" with there hosting... — Lawrence Cherone, May 13 '11 at 16:34

score 9 · Accepted Answer · answered May 13 '11 at 16:18

Just block the entire china IP range: in .htaccess

#China
deny from 203.135.96.0/19
deny from 203.208.32.0/19
deny from 202.165.176.0/20
deny from 59.108.0.0/14
deny from 210.25.0.0/16
deny from 202.95.252.0/22
deny from 219.216.0.0/13
deny from 202.170.128.0/19
deny from 60.247.0.0/16
deny from 221.13.0.0/16
deny from 125.96.0.0/15
deny from 202.38.0.0/20
deny from 203.192.0.0/19
deny from 202.122.128.0/24
deny from 218.56.0.0/13
deny from 203.166.160.0/19
deny from 202.122.112.0/21
deny from 203.190.96.0/20
deny from 219.72.0.0/16
deny from 124.172.0.0/15
deny from 210.79.64.0/18
deny from 198.17.7.0/24
deny from 202.168.160.0/19
deny from 203.91.120.0/21
deny from 220.160.0.0/11
deny from 202.127.192.0/20
deny from 202.127.216.0/21
deny from 60.253.128.0/17
deny from 58.82.0.0/15
deny from 202.85.208.0/20
deny from 124.249.0.0/16
deny from 202.90.224.0/20
deny from 59.192.0.0/10
deny from 192.83.122.0/24
deny from 202.38.152.0/22
deny from 202.69.16.0/20
deny from 210.14.128.0/17
deny from 124.240.0.0/17
deny from 222.240.0.0/13
deny from 221.176.0.0/13
deny from 203.191.16.0/20
deny from 124.200.0.0/13
deny from 202.60.112.0/20
deny from 203.94.0.0/19
deny from 221.12.0.0/17
deny from 221.14.0.0/15
deny from 202.152.176.0/20
deny from 121.4.0.0/15
deny from 210.82.0.0/15
deny from 203.152.64.0/19
deny from 121.76.0.0/15
deny from 59.191.0.0/17
deny from 221.196.0.0/15
deny from 202.165.208.0/20
deny from 125.254.128.0/18
deny from 210.14.64.0/19
deny from 203.212.80.0/20
deny from 202.112.0.0/13
deny from 58.87.64.0/18
deny from 61.45.128.0/18
deny from 122.51.0.0/16
deny from 210.32.0.0/12
deny from 202.93.252.0/22
deny from 202.90.0.0/22
deny from 125.216.0.0/13
deny from 222.64.0.0/11
deny from 60.194.0.0/15
deny from 210.23.32.0/19
deny from 124.196.0.0/16
deny from 203.158.16.0/21
deny from 192.124.154.0/24
deny from 122.0.128.0/17
deny from 203.208.16.0/22
deny from 202.127.16.0/20
deny from 202.38.184.0/21
deny from 210.192.96.0/19
deny from 210.56.192.0/19
deny from 202.173.224.0/19
deny from 222.125.0.0/16
deny from 202.20.120.0/24
deny from 58.32.0.0/11
deny from 202.164.0.0/20
deny from 210.5.0.0/19
deny from 202.8.128.0/19
deny from 202.150.16.0/20
deny from 203.86.64.0/19
deny from 202.63.248.0/22
deny from 203.174.96.0/19
deny from 220.252.0.0/16
deny from 210.185.192.0/18
deny from 203.156.192.0/18
deny from 203.110.160.0/19
deny from 203.95.0.0/21
deny from 222.16.0.0/12
deny from 59.172.0.0/15
deny from 202.38.136.0/23
deny from 121.224.0.0/12
deny from 203.191.64.0/18
deny from 221.129.0.0/16
deny from 121.40.0.0/14
deny from 210.21.0.0/16
deny from 59.151.0.0/17
deny from 202.170.216.0/21
deny from 203.130.32.0/19
deny from 121.100.128.0/17
deny from 202.127.12.0/22
deny from 124.254.0.0/18
deny from 203.135.160.0/20
deny from 124.250.0.0/15
deny from 202.14.88.0/24
deny from 202.181.112.0/20
deny from 202.38.160.0/23
deny from 219.242.0.0/15
deny from 203.191.144.0/20
deny from 220.242.0.0/15
deny from 61.29.128.0/17
deny from 221.133.224.0/19
deny from 203.196.0.0/21
deny from 202.0.176.0/22
deny from 122.0.64.0/18
deny from 220.154.0.0/15
deny from 222.168.0.0/13
deny from 220.248.0.0/14
deny from 218.185.192.0/19
deny from 124.160.0.0/13
deny from 202.38.168.0/21
deny from 121.56.0.0/15
deny from 121.55.0.0/18
deny from 202.91.128.0/22
deny from 121.59.0.0/16
deny from 123.49.128.0/17
deny from 220.232.64.0/18
deny from 203.100.32.0/20
deny from 202.122.32.0/21
deny from 202.38.138.0/24
deny from 202.14.235.0/24
deny from 203.171.224.0/20
deny from 202.4.252.0/22
deny from 124.224.0.0/12
deny from 202.38.128.0/21
deny from 121.51.0.0/16
deny from 202.127.112.0/20
deny from 166.111.0.0/16
deny from 124.108.40.0/21
deny from 203.207.128.0/17
deny from 218.104.0.0/14
deny from 58.30.0.0/15
deny from 124.156.0.0/16
deny from 202.14.236.0/23
deny from 125.31.192.0/18
deny from 203.90.128.0/18
deny from 124.66.0.0/17
deny from 202.136.208.0/20
deny from 210.16.128.0/18
deny from 221.0.0.0/13
deny from 203.128.32.0/19
deny from 61.128.0.0/10
deny from 58.116.0.0/14
deny from 202.130.0.0/19
deny from 192.83.169.0/24
deny from 202.94.0.0/19
deny from 202.46.32.0/19
deny from 60.232.0.0/15
deny from 61.87.192.0/18
deny from 203.222.42.64/26
deny from 60.255.0.0/16
deny from 124.20.0.0/15
deny from 121.32.0.0/13
deny from 202.38.140.0/22
deny from 203.184.80.0/20
deny from 58.144.0.0/16
deny from 210.15.0.0/17
deny from 124.68.0.0/14
deny from 219.128.0.0/11
deny from 121.204.0.0/14
deny from 202.127.128.0/19
deny from 218.64.0.0/11
deny from 124.108.8.0/21
deny from 125.213.0.0/17
deny from 202.74.8.0/21
deny from 61.236.0.0/15
deny from 61.48.0.0/13
deny from 219.224.0.0/12
deny from 121.0.16.0/20
deny from 125.98.0.0/16
deny from 222.192.0.0/11
deny from 202.180.128.0/19
deny from 121.89.0.0/16
deny from 202.96.0.0/12
deny from 203.100.80.0/20
deny from 203.88.192.0/19
deny from 121.248.0.0/14
deny from 221.200.0.0/13
deny from 202.38.158.0/23
deny from 202.38.149.0/24
deny from 162.105.0.0/16
deny from 210.15.128.0/18
deny from 221.172.0.0/14
deny from 125.215.0.0/18
deny from 218.192.0.0/12
deny from 202.131.48.0/20
deny from 202.92.252.0/22
deny from 220.192.0.0/12
deny from 202.38.146.0/23
deny from 203.95.96.0/19
deny from 202.69.4.0/22
deny from 58.128.0.0/13
deny from 203.118.192.0/19
deny from 203.128.96.0/19
deny from 202.136.224.0/20
deny from 222.126.128.0/17
deny from 122.200.64.0/18
deny from 61.8.160.0/20
deny from 202.38.150.0/23
deny from 58.192.0.0/11
deny from 203.212.0.0/20
deny from 124.248.0.0/17
deny from 222.128.0.0/12
deny from 203.92.0.0/22
deny from 202.38.192.0/18
deny from 221.199.224.0/19
deny from 210.79.224.0/19
deny from 202.91.0.0/22
deny from 221.224.0.0/12
deny from 203.208.0.0/20
deny from 203.207.64.0/18
deny from 202.149.160.0/19
deny from 202.149.224.0/19
deny from 202.189.80.0/20
deny from 203.80.144.0/20
deny from 58.66.0.0/15
deny from 202.70.0.0/19
deny from 210.78.0.0/16
deny from 203.209.224.0/19
deny from 202.131.16.0/21
deny from 58.24.0.0/15
deny from 202.179.240.0/20
deny from 202.4.128.0/19
deny from 202.14.238.0/24
deny from 222.176.0.0/12
deny from 222.160.0.0/14
deny from 220.112.0.0/14
deny from 167.139.0.0/16
deny from 122.4.0.0/14
deny from 202.153.48.0/20
deny from 221.12.128.0/18
deny from 211.144.0.0/12
deny from 211.64.0.0/13
deny from 124.6.64.0/18
deny from 125.112.0.0/12
deny from 203.83.56.0/21
deny from 124.29.0.0/17
deny from 124.16.0.0/15
deny from 202.136.48.0/20
deny from 61.47.128.0/18
deny from 124.40.128.0/18
deny from 202.127.212.0/22
deny from 203.148.0.0/18
deny from 59.64.0.0/12
deny from 122.48.0.0/16
deny from 124.42.0.0/17
deny from 218.249.0.0/16
deny from 124.242.0.0/16
deny from 203.132.32.0/19
deny from 203.79.0.0/20
deny from 202.38.176.0/23
deny from 202.43.144.0/20
deny from 202.123.96.0/20
deny from 203.175.192.0/18
deny from 125.171.0.0/16
deny from 211.136.0.0/13
deny from 203.128.128.0/19
deny from 192.188.170.0/24
deny from 122.8.0.0/13
deny from 124.67.0.0/16
deny from 202.91.176.0/20
deny from 124.243.192.0/18
deny from 221.122.0.0/15
deny from 203.90.0.0/22
deny from 210.28.0.0/14
deny from 202.122.64.0/19
deny from 220.231.0.0/18
deny from 210.52.0.0/15
deny from 220.234.0.0/16
deny from 202.38.164.0/22
deny from 202.127.224.0/19
deny from 203.81.16.0/20
deny from 202.127.48.0/20
deny from 134.196.0.0/16
deny from 218.0.0.0/11
deny from 60.63.0.0/16
deny from 203.93.0.0/16
deny from 124.72.0.0/13
deny from 61.240.0.0/14
deny from 202.127.40.0/21
deny from 202.127.208.0/23
deny from 125.210.0.0/16
deny from 211.96.0.0/13
deny from 61.28.0.0/17
deny from 60.235.0.0/16
deny from 202.158.160.0/19
deny from 121.46.0.0/15
deny from 59.80.0.0/14
deny from 203.176.168.0/21
deny from 121.60.0.0/14
deny from 202.143.16.0/20
deny from 58.154.0.0/15
deny from 221.208.0.0/12
deny from 210.51.0.0/16
deny from 218.108.0.0/15
deny from 61.232.0.0/14
deny from 121.201.0.0/16
deny from 124.88.0.0/13
deny from 221.198.0.0/16
deny from 203.161.192.0/19
deny from 203.119.32.0/22
deny from 202.38.156.0/24
deny from 202.92.0.0/22
deny from 221.130.0.0/15
deny from 168.160.0.0/16
deny from 222.32.0.0/11
deny from 203.86.0.0/18
deny from 121.16.0.0/12
deny from 203.92.160.0/19
deny from 202.46.224.0/20
deny from 121.8.0.0/13
deny from 59.107.0.0/16
deny from 203.91.96.0/20
deny from 122.198.0.0/16
deny from 221.8.0.0/14
deny from 219.82.0.0/16
deny from 202.93.0.0/22
deny from 60.55.0.0/16
deny from 125.64.0.0/11
deny from 203.187.160.0/19
deny from 58.14.0.0/15
deny from 124.64.0.0/15
deny from 202.38.64.0/18
deny from 125.58.128.0/17
deny from 203.119.24.0/21
deny from 203.100.192.0/20
deny from 202.165.96.0/20
deny from 202.160.176.0/20
deny from 221.192.0.0/14
deny from 202.120.0.0/15
deny from 203.100.96.0/19
deny from 202.127.160.0/21
deny from 202.75.208.0/20
deny from 125.62.0.0/18
deny from 124.220.0.0/14
deny from 202.91.224.0/19
deny from 202.10.64.0/20
deny from 202.90.252.0/22
deny from 202.127.0.0/21
deny from 220.231.128.0/17
deny from 60.208.0.0/12
deny from 218.96.0.0/14
deny from 203.222.192.0/20
deny from 60.200.0.0/13
deny from 210.87.128.0/18
deny from 125.208.0.0/18
deny from 210.22.0.0/16
deny from 125.32.0.0/12
deny from 121.58.0.0/17
deny from 202.136.252.0/22
deny from 221.199.0.0/17
deny from 203.99.16.0/20
deny from 203.175.128.0/19
deny from 203.91.32.0/19
deny from 210.76.0.0/15
deny from 60.245.128.0/17
deny from 121.192.0.0/14
deny from 203.89.0.0/22
deny from 220.152.128.0/17
deny from 210.72.0.0/14
deny from 58.16.0.0/13
deny from 202.0.110.0/24
deny from 121.68.0.0/14
deny from 202.41.152.0/21
deny from 202.131.208.0/20
deny from 221.199.192.0/20
deny from 203.223.0.0/20
deny from 124.112.0.0/13
deny from 202.125.176.0/20
deny from 203.90.192.0/19
deny from 123.99.128.0/17
deny from 221.199.128.0/18
deny from 60.0.0.0/11
deny from 202.142.16.0/20
deny from 161.207.0.0/16
deny from 202.130.224.0/19
deny from 159.226.0.0/16
deny from 210.5.128.0/19
deny from 58.100.0.0/15
deny from 124.47.0.0/18
deny from 221.136.0.0/15
deny from 218.240.0.0/13
deny from 203.134.240.0/21
deny from 58.240.0.0/12
deny from 202.141.160.0/19
deny from 210.12.0.0/15
deny from 203.88.32.0/19
deny from 202.148.96.0/19
deny from 202.95.0.0/19
deny from 222.248.0.0/15
deny from 211.160.0.0/13
deny from 203.99.80.0/20
deny from 60.160.0.0/11
deny from 202.41.240.0/20
deny from 122.49.0.0/18
deny from 211.80.0.0/12
deny from 123.199.128.0/17
deny from 202.192.0.0/12
deny from 202.22.248.0/21
deny from 219.244.0.0/14
deny from 202.122.0.0/21
deny from 59.32.0.0/11
deny from 125.104.0.0/13
deny from 124.192.0.0/15
deny from 124.147.128.0/17
deny from 124.128.0.0/13
deny from 202.173.8.0/21
deny from 210.26.0.0/15
deny from 121.48.0.0/15
deny from 220.101.192.0/18

What is the source of this list? What if it changes frequently? — webbiedave, May 13 '11 at 16:48
im not sure, i think i searched block china ips in google, it came with a korea,russia,india list too. — Lawrence Cherone, May 13 '11 at 16:53
I built a lib to apply country ranges to iptables if your interested: https://github.com/lcherone/IPdeny — Lawrence Cherone, Sep 12 '18 at 08:39

score 7 · Answer 2 · answered May 13 '11 at 16:17

They might be using Chinese IP addresses now, but ban one country and eventually another country will be the problem. Mostly because country has nothing to do with it; the user is the problem. Instead of banning IP ranges, you should detect IP addresses that are increasing by one octet each time they outlive a free trial.

score 5 · Answer 3 · answered May 13 '11 at 16:18

Block the entire subnet of the abuser to solve the problem temporarily. These types of users will appear from other countries as well so your best bet may be to require a registration and an API key to use the API.

If you still want to block based on IP rather than API key, check how large the abusing subnet is using whois (or BGP) and block the entire IP range.

score 1 · Answer 4 · answered Jan 24 '13 at 21:54

1

I use the MaxMind GeoIP web service: http://www.maxmind.com/en/web_services#country

You get 2,000,000 lookups for $200. Works great, low latency, and you don't have to maintain a local database.

answered Jan 24 '13 at 21:54

Mark Richman

28,948
25
99
159

How Can I Block Requests from China to My App?

4 Answers4

Linked