I seem to be getting spam via my registration page, even with a CAPTCHA image. Is there a (simple) way to block a country from seeing my site?
Like China or Russia?

I'm actually only interested in the USA market, can some code only make my site available to the USA?

Thanks for any insight.

Do you have access to the server firewall configuration?

And/or are you running on Apache on Linux?

Thanks for your reply

Apache on Linux

Use .htaccess in that case.

http://www.javascriptkit.com/howto/htaccess5.shtml

country IP list are available from -> http://software77.net/geo-ip/


Using iptables is far better but if you don't have that level of access there is no choice. Using PHP will actually add load to the server that will very likely cause performance degredation.

I think .htaccess is the best option for your problem....

Quote:

Originally Posted by Danish21

I think .htaccess is the best option for your problem....

It's been answered. However, for people googling for this thread, I remember something Chrishirst said a while ago that I've done ever since:

Always leave an empty field in your form, and make it hidden. Bots that fill out forms will always enter something into every field, so name it something like 'confirm_email', so maybe the bot will recognize it as a required email field, and enter an email. However, on your processing page, deny entry if that field's value isn't null. Only people who modified the HTML (probably looking for security holes) or bots would have entered something in that field, so ignore it.

BASICALLY:

Code:

Form:
<input type="hidden" name="confirm_email" />
OR if the bot recognizes the type="hidden":
<input type="text" style="display:none" name="confirm_email" />

Processing:
if ( $_GET|POST['confirm_email']!=null ) exit();

You can also try 'skill-testing' questions. The question Valve uses on their Steam forums is 'What is Gordon Freeman's last name?'. Obviously 'Freeman', but a bot would have a much harder time figuring that out.

Blocking an entire country is a bad solution. I shouldn't be excluded if I am a manager located in US but visiting China. I have to be welcome anytime, anyplace, anyhow - in fact, this is the advantage of the internet.

Like Physicsguy said, you have to be creative and to add some protection to your form(s) like:
- adding a token once per session and sending it everytime
- rename your fields on the fly ( like 'fld' . md5(TOKEN) ) every session
- add a smart captcha
- add email smart validation (confirmation link on the mail will need required captcha)

Because traffic from that country is either useless, potentially fraudulent or is mainly "crackers" and spammers.

Quote:

Originally Posted by chrishirst

Because traffic from that country is either useless, potentially fraudulent or is mainly "crackers" and spammers.

Indeed

A more legitimate reason might be for something like a football match broadcast live on the internet but the rights owners want it blocked in countries where they've sold TV rights.