Hello everyone, my website is cazimoon.com currently doing blog and learning more SEO, but now the Estonian market has many people entering SEO Spam comments on my posts, not real people. So what if I want to temporarily block Estonia?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Hello,
Blocking entire countries can be useful in some situations, but it should be used cautiously because it may inadvertently block legitimate users. Here’s how you can do it using iptables and CSF (ConfigServer Security & Firewall):
Step 1: Install CSF
First, ensure that CSF is installed on your system. If it’s not, you can install it with the following commands. Note that you should have root privileges to run these commands:
- cd /usr/src
- wget https://download.configserver.com/csf.tgz
- tar -xzf csf.tgz
- cd csf
- sh install.sh
Before you make CSF your primary firewall, test it to make sure it works correctly on your server:
- perl /usr/local/csf/bin/csftest.pl
If you see “RESULT: csf should function on this server”, it means CSF is ready to be configured on your server.
Step 2: Configure CSF
To block countries, you will need to configure CSF. Open the CSF configuration file:
- nano /etc/csf/csf.conf
Find the line that starts with CC_DENY. It should look something like this:
CC_DENY = ""
You can add country codes (in ISO 3166-1 alpha-2 format) to this line to block them. For example, if you want to block China (CN), Russia (RU), and North Korea (KP), you would need to add them to your CC_DENY line.
In your case, the ISO 3166-1 alpha-2 country code for Estonia is EE. To block Estonia, use this line:
CC_DENY = "EE"
After you have made the changes, save and close the file.
Step 3: Restart CSF
To apply the changes, you need to restart CSF:
- csf -r
Note:
Remember, blocking entire countries can have unforeseen consequences and may not be the most effective way to secure your system. It’s generally better to have specific rules based on the behavior you want to prevent. This could involve blocking specific IP addresses or ranges known to be associated with malicious activity, or implementing rate limiting to prevent brute-force attacks.
Also note that the CC_DENY option blocks not only incoming connections, but outgoing as well. If you want to block only incoming connections, use CC_INCOMING_DENY instead. Similarly, to block outgoing connections, use CC_OUTGOING_DENY.
You can also use third-party providers like CloudFlare that provider Firewall features that allow blocking single IP addresses or whole IP ranges.
Just enter an IP address, an IP range, or a two-letter country code you wish to block. You can check more here:
https://serverpilot.io/docs/how-to-block-ips-with-cloudflare/
Hope that this helps!
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.