This article is really bereft of any actual coherent thoughts worth discussion. I would wager it was written by chatgpt or similar. Broad assertions are made with no facts to back them up. There is no author listed on the article or anywhere on the site.
This is a great paragraph:
Blocking entire countries from accessing your website is a potent method to acquire more targeted, relevant, and qualified traffic to your website. Not to mention, your website traffic analytics will be squeaky clean, your web hosting service resources will receive a significant boost in performance, and you can (in most cases) close the door on spam.
What are "squeaky clean" traffic analytics? How will this close the door on spam? What metrics are shared to support the idea that the ensuing traffic is more targeted, relevant, qualified?
This used to be the normal way to make sure your logs weren’t 99.99% abuse attempts on low- to moderate-traffic sites, back in the day. Deny a few country-specific IP blocks and almost all of it went away. Maybe you lose one in ten thousand legit requests. Oh well.
Cloudflare’s the modern version of it, complete with factoring in origin location to a request’s likelihood to be abuse.
China was #1 with a bullet. Probably Russia next. Some other non-“western”-aligned Asian states if just blocking as much of China as you could manage didn’t do the trick. Basically exactly the countries you’d expect.
Africa, South America, and the rest of the (in a broad sense) “global south” weren’t online enough to be a major source of trouble, back then, so those weren’t often blocked AFAIK.
First if you block any nation of significance, you're going to have a list of rules a mile long. And I would wager that that list is constantly changing with additions and deletions, so you'll want to stay up to date. Firewall performance issues begin to weigh on you with thousands of IPv4 ranges loaded.
Second, of course, geolocation is notoriously unreliable, so your block list will have false positives and false negatives, and won't do anything to stop someone with the simplest VPN, unless you also strive to block every open proxy and exit node.
Are there data brokers who sell ready-made blocklists for things like this? They exist for adblockers, so do they exist for firewall systems and cloud providers? I would imagine this could cost money, but should be an attractive feature for any enterprise. "Block hostile nation states in one fell swoop!"
It really seems like this would work better at the eBGP level, but unless you run your own autonomous system, this is not a realistic option either.
In cloudflare you can block access by country with just a few clicks.
The point of this article wasn't to completely restrict traffic from one country, but to reduce the vast amount of garbage/bot traffic that is generated by regions outside the US (like russia, for instance). Of course it can't stop simple use by VPN, but that wasn't the point. That would not really be "garbage traffic" unless it was a distributed attack.
> In cloudflare you can block access by country with just a few clicks.
Sure, but what's the mechanism behind it? They advertise the functionality, but everyone knows that geolocation is riddled with errors, so don't be surprised if it's not perfect -- even with "just a few clicks".
In my experience, blocking traffic by AS number is vastly superior. You can either analyze your own traffic and build a list of VPN, foreign CLOUD HOSTING providers, Pro/Virtual ISPs, foreign TELCOS and others over time (which I recommend), or you can just use existing lists to achieve pretty much the same thing.
The beauty of it is ASNs are much more granular than GEO subnets and will allow you to block bad actors in your geo. Plus, they are by construction rather precise with few false positives.
Check your traffic once in a while, if you get DDoSed or bruteforced just ban the AS and forget about the tens of thousands of IPs it could have used otherwise.
Beware by blocking by IP. Many IP databases are outdated or wrong. This can be seen in Spain where DIGI (a romanian ISP) users have som troubles because of this. Some services see a romanian user instead of a spanish one.
There's a website here in the UK which thinks my british IP address is non EU and tells me I can't use it because it's meant to only be used by EU citizens (oh the irony, the UK not being in the EU anyway, probably why they ban all of their british users without knowing lmao).
It's not uncommon, when an article from a niche site hits high on YC, for multiple people to see what else is on that site (especially if there are related links at the bottom of the article), and to submit whatever else is interesting on that site as well. You could call it a slashdot effect echo...
IMO blocking entire countries is completely useless then again I mostly have experience operating very high traffic sites, maybe things are different for tiny inconsequential blogs.
Thinly veiled ad thats no more substantial than the submission title. TFA doesn't provide any analysis of which countries drive abusive traffic, only asks you to contact the author for your SEO needs.
This is a great paragraph: Blocking entire countries from accessing your website is a potent method to acquire more targeted, relevant, and qualified traffic to your website. Not to mention, your website traffic analytics will be squeaky clean, your web hosting service resources will receive a significant boost in performance, and you can (in most cases) close the door on spam.
What are "squeaky clean" traffic analytics? How will this close the door on spam? What metrics are shared to support the idea that the ensuing traffic is more targeted, relevant, qualified?
This garbage does not belong here.