: Should I remove my draconian IP bans (3000 rules, entire countries)? A while ago one of my site administrators was quite draconian in his anti-spam measures, at times banning entire countries

@Sherry384

I understand your concern. Large ban lists are hard to manage and take quite a bit of time. As well, you may be banning users that can benefit from your content even if you believe that the user will not convert into sales, or other call to action. It is rarely recommended that whole countries be blocked.

It is likely that your previous administrator felt more comfortable banning by IP address or IP address blocks manually. However, generally, this is not required.

With significant advances in tools of late, most web site abuses can be easily controlled using tools. Without specific experience with the following tools, these are the most popular tools for protecting a website from abuse.
www.fail2ban.org/wiki/index.php/Main_Page www.modsecurity.org/
It is recommended that a tool be used if possible. Writing your own code can be fraught with errors and unintended consequences. While the methods are not rocket-science, there are enough factors that have to be taken into account that rolling-your-own can take a lot of trial and error.

Still, automation is preferred. It allows real-time protection from spam, hackers, scrapers, and other abuses as opposed to after-the-fact protection which may be too late.

As well, 3000 entries, regardless of how they are done, may require more resources than you prefer to give per request. Keep in mind that in Apache, for example, once a match is made in .htaccess, the whole litany of rules are retested making the process recursive. This opens up the potential for errors that result in a infinite loop which can happen easily even for the experienced coder.

Vote Up Vote Down