Website: Can I block access to all countries but the US?

My website is getting dozens of visits a day from several foreign countries, 100% bounce rate, and 0 seconds spent on the site.

Mind you, dozens is significant as my site only gets maybe a handful of real visitors a week.

Also, recently I was warned by Google Webmaster Tools of a possible hack. An investigation turned up that my 7 main pages were cloned, code added, and place in my parent directory. The new files named the same as the originals but ending in .bak.

Is there any reliable way to block all access, except from the US? I own a small construction company an will not be doing any work in Brazil or Russia.

I'm not too familiar with web stuff. But I do remember something called a .htaccess file which let's you adjust these settings. I believe this is in the root of your HTTP server.

So inside there you could block IPs you don't want.

http://blamcast.net/articles/block-bots-hotlinking-ban-ip-htaccess

I would block all access, then allow the US IP address range. Which you'll have to look-up somewhere else.

This won't stop people from using U.S. based VPNs to access your site, unless you start blocking VPN IP addresses manually.

You could also use cloudflare which you can set up filter rules to block countries

you can use IPTables (or another file wall) to block all non-US IP addresses

you can also set it up on the router which would probably be a little easier on your server.

I used to have a script but it was almost 10 years ago, not sure it is accurate any more

Here is a site that creates ACL's for you but have not used it myself yet:

https://www.countryipblocks.net/country_selection.php

A simple way for a single server or a few machines is to use Peerblock.
Set it to block 0.0.0.0 to 255.255.255.255 (default is to leave everything unblocked and you download or create your own blocklists).
Then make an exclusion list for US IP address ranges.
You can add other exclusions in the same list or make more exclusion lists.
It allows for temporary exclusions (15 mins or 1hr) by right clicking the blocked IP address in the main window when it appears.

Its free.
If you want to use their blocklists, they limit downloads to once per week to reduce overheads.
http://www.peerblock.com/

Seems far more important to figure out how you got hacked and fix the security flaws your site and servers have.

Setup something like Untangle Firewall, then use the modules to block the specific attack vectors. However you could always setup some kind of db as suggested above with known ip ranges, then basically only allow the usa ranges.

Holy shit some of you guys are overcomplicating this... especially since you don't even know the hosting setup.

Are you running a VPS? - use iptables if on Linux, Windows... built in firewall or netsh advfirewall.

Do you have a managed VPS/hosting? - tell your host to setup the rules for you... they can implement them however they would like... ip tables, perimeter firewall, load balancer, whatever.

Are you on shared hosting(I assume this is probably the answer judging by your post)? One way would be a .htaccess rule with a list of valid US IP address ranges.

Ex:
allow from IP
[insert list of ip ranges from: http://www.ipdeny.com/ipblocks/data/countries/us.zone]

More info on .htaccess files: https://www.digitalocean.com/community/tutorials/how-to-use-the-htaccess-file


Easiest fix... as ripken204 stated... cloudflare it. You will gain speed and can add the country rules.

Also... no one has said anything about your site being hacked... Be sure to update all login credentials, check to ensure new users were not added, and also check your database for new users if you haven't already.

http://configserver.com/cp/csf.html

Makes it VERY simple.

BUT keep in mind your load may skyrocket if you're geting hit hard, or have a low power VPS.

We blocked a handful of countries, and load went down... but that's not too common from what i've heard.