(919) 404-9327 sales@lizardwebs.net
Result of kicking in some general BlockCountry rules in Apache

Result of kicking in some general BlockCountry rules in Apache

I personally am familiar with a lot of the stock Apache options. I’ve used and worked with a number of LAMP stacks over the last few years (and actually have one sitting behind me at the moment). But when you get slightly out of stock, well, it can get confusing for a Windows lover like me.

I got a request from a friend the other day to help her on a project, KindActsTravel.com. She is setting up a website to see how one little act of kindness can go from person to person to person and she wanted to track it around geographically. I’m actually pretty interested to see how that works out. Nonetheless, she needed something that can actually geographically track visitors and in this case, wanted to be able to associate people who commented or made posts with a pin on a map.

This required the use of an Apache mod – GeoIP. That’s what started it off. What it turned into (after spending several hours getting all the requirements in place, configuring, etc…) was something much stronger for me. That made the time all worthwhile 🙂

So, did I get it to work? Yes, the maps show placement of the pins properly based on the central office (CO) down to the city level. Nice. Might end up rewriting some of it down the road though to see if we can get closer placement.

But here’s the great part, and if you control a server or VPS you can appreciate this… Almost any site or internet webserver that you have has basically unwanted and undesirable traffic on it. That traffic can be anything from search bots from Russia and China to actual hack bots looking for low-hanging fruit – like clowns with their WordPress admin username left as “admin”. Seriously, change it. And add some security plugins. If you don’t have WordFence or something similar, do everyone a favor and install it on YOUR website.  Check out the WordFence page – it shows realtime attacks happening.  When I grabbed this screen cap (showing only about 6% of attacks as a favor to my computer), there were approximately 8152 attacks per minute going on.

WordFence-Traffic

This little joy that is the GeoIP module can also be used on a server level (as well as website level) to control traffic flow. Most of the websites that I handle are local type sites – and I doubt anyone from China is really going to call me for local computer repair or Raleigh marketing services… Though those countries DO seem to send me a whole lot of email about cheap SEO services and laptop parts. Regardless, I don’t benefit from their traffic. It drives up MY costs having to spend more time watching the server, more processing time handling the unwanted traffic and more annoyance in general worrying about hack attempts when I see a lot of crap hitting the server. So it’s in MY best interest to minimize this.

After getting my GeoIP module in yesterday, I went ahead and added some simple blocks for a few countries – like, mmm… Russia, China, North Vietnam, etc – places that speak an entirely different language and really would NOT be interested in my content for any GOOD reason. My firewall network traffic dropped by half it appears. My understanding is that the request is not going through the firewall as it’s getting caught up by the geoip filters and stopped. I like this.

Next Step?

iptables might be more effective.  While Apache is now protected from that garbage, I’m still seeing (as is to be expected) failed SMTP connects from the same countries.  Need to take this whole block thing a bit further perhaps.