Hello everyone
I am not sure if this is the correct place to ask this question; but since it involves PHP I felt that I should try. I have 3 questions
What is the best way to block a region/country from accessing a site?
Is it possible to create a ‘fake IP address’ so that it fools a website into thinking the user is accessing the site from a different country?
Where can I get the list of IP addresses from?
I have built a travellers members sites (a guide to travelling around the world); the problem is that I have fake travellers registering on the site and then targeting legitimate members with fake scams.
i am now spending a substantial amount of my time searching out these fake members and deleting them from the site. I have noticed that all the fake travellers come from a certain african country ( I will not mention the name but i suspect that everybody knows which country I am talking about).
Accordingly, rather than waste my valuable time on ‘search and delete’ operations, why not simply block the entire country or region from, where the scammer are accessing the site,
Question One
What is the best and most cost effective way to block a region or country.
I realise that it’s possible to use .htaccess to block regions/countries; but I have also read that this solution is very consuming on your systems and also slows your systems down. Is there a PHP/Mysql solution that will not be a drain on my systems and will also not slow down my site.
I was thinking of using the following function to block user from registering on the site.
It works by simply checking whether the IP address of a 'proposed new member' is a blocked IP address :
//first obtain the IP address of user
$value = mysqli_real_escape_string ($dbc, $_SERVER['REMOTE_ADDR']);
//Next; check if it’s a banned or blocked IP address
// If a banned IP address is submitted
// the system will simply return an empty string-and since the system requires an IP //address for registration- the user is simply prevented from registering.
function banned_IPaddresses($value) {
$banned_IP = array('91.228.1.85' );
foreach ($banned_IP as $v) {
if (stripos($value, $v) !== false) return '';
}
}
Question Two
I am using the code below to track the IP address of users to my site. The problem is that I am now engaged in a ‘cat and mouse game’ with this scam gang; they know that the ONLY WAY that I have been able to catch them thus far is by their IP addresses (i.e. they claim on their profile that they live in one country but the IP address clearly shows that they are actually accesses the site from another country).
I am therefore extremely concerned that they will soon find a way to fool my systems into thinking that they are indeed accessing the site from the stated country.
My question therefore is this; is it possible to do this or can I reply upon the code below to give me an accurate reading of where a user is accessing my system from.
If not, is there a better system/function for tracking IP addresses ?
$IP = mysqli_real_escape_string ($dbc, $_SERVER['REMOTE_ADDR']);
$SSID = htmlentities(SID);
// If IP address exists
// Get country (and City) via api.hostip.info
if (!empty($IP)) {
$country=file_get_contents('http://api.hostip.info/get_html.php?ip='.$IP);
// Reformat the data returned (Keep only country and country abbr.
list ($_country) = explode ("\n", $country);
$_country = str_replace("Country: ", "", $_country);
}
Question Three
Does anybody know where I can find the codes for IP addresses from; i.e the country and region codes ?
Thank you very much for your help everyone.
Warm regards
Andreea
