Как я могу заблокировать запросы из Китая на мое приложение?

Question

У меня есть несколько популярных API (более 10000 запросов / день).После 10 запросов в день с IP-адреса я возвращаю сообщение, в котором говорится, что ему нужно потратить немного денег, если они хотят больше пользоваться этой услугой.

Сегодня утром я обнаружил, что мой веб-сервис работает ужасномедленный.Я проверил БД, и я получил абсолютно спам с запросами с IP-адресов, происходящих из КитаяОни будут использовать IP-адрес 10 раз, а затем увеличат последний октет.Печальные времена.

Я бы хотел ограничить или полностью отключить запросы из Китая, чтобы система оставалась в живых.Какой лучший способ сделать это?Geolookup каждый запрос и бан по коду страны в PHP?Это кажется неэффективным способом.На уровне htaccess я ничего не могу сделать, не так ли?

Answer 1

Просто заблокируйте весь диапазон китайских IP: в .htaccess

#China
deny from 203.135.96.0/19
deny from 203.208.32.0/19
deny from 202.165.176.0/20
deny from 59.108.0.0/14
deny from 210.25.0.0/16
deny from 202.95.252.0/22
deny from 219.216.0.0/13
deny from 202.170.128.0/19
deny from 60.247.0.0/16
deny from 221.13.0.0/16
deny from 125.96.0.0/15
deny from 202.38.0.0/20
deny from 203.192.0.0/19
deny from 202.122.128.0/24
deny from 218.56.0.0/13
deny from 203.166.160.0/19
deny from 202.122.112.0/21
deny from 203.190.96.0/20
deny from 219.72.0.0/16
deny from 124.172.0.0/15
deny from 210.79.64.0/18
deny from 198.17.7.0/24
deny from 202.168.160.0/19
deny from 203.91.120.0/21
deny from 220.160.0.0/11
deny from 202.127.192.0/20
deny from 202.127.216.0/21
deny from 60.253.128.0/17
deny from 58.82.0.0/15
deny from 202.85.208.0/20
deny from 124.249.0.0/16
deny from 202.90.224.0/20
deny from 59.192.0.0/10
deny from 192.83.122.0/24
deny from 202.38.152.0/22
deny from 202.69.16.0/20
deny from 210.14.128.0/17
deny from 124.240.0.0/17
deny from 222.240.0.0/13
deny from 221.176.0.0/13
deny from 203.191.16.0/20
deny from 124.200.0.0/13
deny from 202.60.112.0/20
deny from 203.94.0.0/19
deny from 221.12.0.0/17
deny from 221.14.0.0/15
deny from 202.152.176.0/20
deny from 121.4.0.0/15
deny from 210.82.0.0/15
deny from 203.152.64.0/19
deny from 121.76.0.0/15
deny from 59.191.0.0/17
deny from 221.196.0.0/15
deny from 202.165.208.0/20
deny from 125.254.128.0/18
deny from 210.14.64.0/19
deny from 203.212.80.0/20
deny from 202.112.0.0/13
deny from 58.87.64.0/18
deny from 61.45.128.0/18
deny from 122.51.0.0/16
deny from 210.32.0.0/12
deny from 202.93.252.0/22
deny from 202.90.0.0/22
deny from 125.216.0.0/13
deny from 222.64.0.0/11
deny from 60.194.0.0/15
deny from 210.23.32.0/19
deny from 124.196.0.0/16
deny from 203.158.16.0/21
deny from 192.124.154.0/24
deny from 122.0.128.0/17
deny from 203.208.16.0/22
deny from 202.127.16.0/20
deny from 202.38.184.0/21
deny from 210.192.96.0/19
deny from 210.56.192.0/19
deny from 202.173.224.0/19
deny from 222.125.0.0/16
deny from 202.20.120.0/24
deny from 58.32.0.0/11
deny from 202.164.0.0/20
deny from 210.5.0.0/19
deny from 202.8.128.0/19
deny from 202.150.16.0/20
deny from 203.86.64.0/19
deny from 202.63.248.0/22
deny from 203.174.96.0/19
deny from 220.252.0.0/16
deny from 210.185.192.0/18
deny from 203.156.192.0/18
deny from 203.110.160.0/19
deny from 203.95.0.0/21
deny from 222.16.0.0/12
deny from 59.172.0.0/15
deny from 202.38.136.0/23
deny from 121.224.0.0/12
deny from 203.191.64.0/18
deny from 221.129.0.0/16
deny from 121.40.0.0/14
deny from 210.21.0.0/16
deny from 59.151.0.0/17
deny from 202.170.216.0/21
deny from 203.130.32.0/19
deny from 121.100.128.0/17
deny from 202.127.12.0/22
deny from 124.254.0.0/18
deny from 203.135.160.0/20
deny from 124.250.0.0/15
deny from 202.14.88.0/24
deny from 202.181.112.0/20
deny from 202.38.160.0/23
deny from 219.242.0.0/15
deny from 203.191.144.0/20
deny from 220.242.0.0/15
deny from 61.29.128.0/17
deny from 221.133.224.0/19
deny from 203.196.0.0/21
deny from 202.0.176.0/22
deny from 122.0.64.0/18
deny from 220.154.0.0/15
deny from 222.168.0.0/13
deny from 220.248.0.0/14
deny from 218.185.192.0/19
deny from 124.160.0.0/13
deny from 202.38.168.0/21
deny from 121.56.0.0/15
deny from 121.55.0.0/18
deny from 202.91.128.0/22
deny from 121.59.0.0/16
deny from 123.49.128.0/17
deny from 220.232.64.0/18
deny from 203.100.32.0/20
deny from 202.122.32.0/21
deny from 202.38.138.0/24
deny from 202.14.235.0/24
deny from 203.171.224.0/20
deny from 202.4.252.0/22
deny from 124.224.0.0/12
deny from 202.38.128.0/21
deny from 121.51.0.0/16
deny from 202.127.112.0/20
deny from 166.111.0.0/16
deny from 124.108.40.0/21
deny from 203.207.128.0/17
deny from 218.104.0.0/14
deny from 58.30.0.0/15
deny from 124.156.0.0/16
deny from 202.14.236.0/23
deny from 125.31.192.0/18
deny from 203.90.128.0/18
deny from 124.66.0.0/17
deny from 202.136.208.0/20
deny from 210.16.128.0/18
deny from 221.0.0.0/13
deny from 203.128.32.0/19
deny from 61.128.0.0/10
deny from 58.116.0.0/14
deny from 202.130.0.0/19
deny from 192.83.169.0/24
deny from 202.94.0.0/19
deny from 202.46.32.0/19
deny from 60.232.0.0/15
deny from 61.87.192.0/18
deny from 203.222.42.64/26
deny from 60.255.0.0/16
deny from 124.20.0.0/15
deny from 121.32.0.0/13
deny from 202.38.140.0/22
deny from 203.184.80.0/20
deny from 58.144.0.0/16
deny from 210.15.0.0/17
deny from 124.68.0.0/14
deny from 219.128.0.0/11
deny from 121.204.0.0/14
deny from 202.127.128.0/19
deny from 218.64.0.0/11
deny from 124.108.8.0/21
deny from 125.213.0.0/17
deny from 202.74.8.0/21
deny from 61.236.0.0/15
deny from 61.48.0.0/13
deny from 219.224.0.0/12
deny from 121.0.16.0/20
deny from 125.98.0.0/16
deny from 222.192.0.0/11
deny from 202.180.128.0/19
deny from 121.89.0.0/16
deny from 202.96.0.0/12
deny from 203.100.80.0/20
deny from 203.88.192.0/19
deny from 121.248.0.0/14
deny from 221.200.0.0/13
deny from 202.38.158.0/23
deny from 202.38.149.0/24
deny from 162.105.0.0/16
deny from 210.15.128.0/18
deny from 221.172.0.0/14
deny from 125.215.0.0/18
deny from 218.192.0.0/12
deny from 202.131.48.0/20
deny from 202.92.252.0/22
deny from 220.192.0.0/12
deny from 202.38.146.0/23
deny from 203.95.96.0/19
deny from 202.69.4.0/22
deny from 58.128.0.0/13
deny from 203.118.192.0/19
deny from 203.128.96.0/19
deny from 202.136.224.0/20
deny from 222.126.128.0/17
deny from 122.200.64.0/18
deny from 61.8.160.0/20
deny from 202.38.150.0/23
deny from 58.192.0.0/11
deny from 203.212.0.0/20
deny from 124.248.0.0/17
deny from 222.128.0.0/12
deny from 203.92.0.0/22
deny from 202.38.192.0/18
deny from 221.199.224.0/19
deny from 210.79.224.0/19
deny from 202.91.0.0/22
deny from 221.224.0.0/12
deny from 203.208.0.0/20
deny from 203.207.64.0/18
deny from 202.149.160.0/19
deny from 202.149.224.0/19
deny from 202.189.80.0/20
deny from 203.80.144.0/20
deny from 58.66.0.0/15
deny from 202.70.0.0/19
deny from 210.78.0.0/16
deny from 203.209.224.0/19
deny from 202.131.16.0/21
deny from 58.24.0.0/15
deny from 202.179.240.0/20
deny from 202.4.128.0/19
deny from 202.14.238.0/24
deny from 222.176.0.0/12
deny from 222.160.0.0/14
deny from 220.112.0.0/14
deny from 167.139.0.0/16
deny from 122.4.0.0/14
deny from 202.153.48.0/20
deny from 221.12.128.0/18
deny from 211.144.0.0/12
deny from 211.64.0.0/13
deny from 124.6.64.0/18
deny from 125.112.0.0/12
deny from 203.83.56.0/21
deny from 124.29.0.0/17
deny from 124.16.0.0/15
deny from 202.136.48.0/20
deny from 61.47.128.0/18
deny from 124.40.128.0/18
deny from 202.127.212.0/22
deny from 203.148.0.0/18
deny from 59.64.0.0/12
deny from 122.48.0.0/16
deny from 124.42.0.0/17
deny from 218.249.0.0/16
deny from 124.242.0.0/16
deny from 203.132.32.0/19
deny from 203.79.0.0/20
deny from 202.38.176.0/23
deny from 202.43.144.0/20
deny from 202.123.96.0/20
deny from 203.175.192.0/18
deny from 125.171.0.0/16
deny from 211.136.0.0/13
deny from 203.128.128.0/19
deny from 192.188.170.0/24
deny from 122.8.0.0/13
deny from 124.67.0.0/16
deny from 202.91.176.0/20
deny from 124.243.192.0/18
deny from 221.122.0.0/15
deny from 203.90.0.0/22
deny from 210.28.0.0/14
deny from 202.122.64.0/19
deny from 220.231.0.0/18
deny from 210.52.0.0/15
deny from 220.234.0.0/16
deny from 202.38.164.0/22
deny from 202.127.224.0/19
deny from 203.81.16.0/20
deny from 202.127.48.0/20
deny from 134.196.0.0/16
deny from 218.0.0.0/11
deny from 60.63.0.0/16
deny from 203.93.0.0/16
deny from 124.72.0.0/13
deny from 61.240.0.0/14
deny from 202.127.40.0/21
deny from 202.127.208.0/23
deny from 125.210.0.0/16
deny from 211.96.0.0/13
deny from 61.28.0.0/17
deny from 60.235.0.0/16
deny from 202.158.160.0/19
deny from 121.46.0.0/15
deny from 59.80.0.0/14
deny from 203.176.168.0/21
deny from 121.60.0.0/14
deny from 202.143.16.0/20
deny from 58.154.0.0/15
deny from 221.208.0.0/12
deny from 210.51.0.0/16
deny from 218.108.0.0/15
deny from 61.232.0.0/14
deny from 121.201.0.0/16
deny from 124.88.0.0/13
deny from 221.198.0.0/16
deny from 203.161.192.0/19
deny from 203.119.32.0/22
deny from 202.38.156.0/24
deny from 202.92.0.0/22
deny from 221.130.0.0/15
deny from 168.160.0.0/16
deny from 222.32.0.0/11
deny from 203.86.0.0/18
deny from 121.16.0.0/12
deny from 203.92.160.0/19
deny from 202.46.224.0/20
deny from 121.8.0.0/13
deny from 59.107.0.0/16
deny from 203.91.96.0/20
deny from 122.198.0.0/16
deny from 221.8.0.0/14
deny from 219.82.0.0/16
deny from 202.93.0.0/22
deny from 60.55.0.0/16
deny from 125.64.0.0/11
deny from 203.187.160.0/19
deny from 58.14.0.0/15
deny from 124.64.0.0/15
deny from 202.38.64.0/18
deny from 125.58.128.0/17
deny from 203.119.24.0/21
deny from 203.100.192.0/20
deny from 202.165.96.0/20
deny from 202.160.176.0/20
deny from 221.192.0.0/14
deny from 202.120.0.0/15
deny from 203.100.96.0/19
deny from 202.127.160.0/21
deny from 202.75.208.0/20
deny from 125.62.0.0/18
deny from 124.220.0.0/14
deny from 202.91.224.0/19
deny from 202.10.64.0/20
deny from 202.90.252.0/22
deny from 202.127.0.0/21
deny from 220.231.128.0/17
deny from 60.208.0.0/12
deny from 218.96.0.0/14
deny from 203.222.192.0/20
deny from 60.200.0.0/13
deny from 210.87.128.0/18
deny from 125.208.0.0/18
deny from 210.22.0.0/16
deny from 125.32.0.0/12
deny from 121.58.0.0/17
deny from 202.136.252.0/22
deny from 221.199.0.0/17
deny from 203.99.16.0/20
deny from 203.175.128.0/19
deny from 203.91.32.0/19
deny from 210.76.0.0/15
deny from 60.245.128.0/17
deny from 121.192.0.0/14
deny from 203.89.0.0/22
deny from 220.152.128.0/17
deny from 210.72.0.0/14
deny from 58.16.0.0/13
deny from 202.0.110.0/24
deny from 121.68.0.0/14
deny from 202.41.152.0/21
deny from 202.131.208.0/20
deny from 221.199.192.0/20
deny from 203.223.0.0/20
deny from 124.112.0.0/13
deny from 202.125.176.0/20
deny from 203.90.192.0/19
deny from 123.99.128.0/17
deny from 221.199.128.0/18
deny from 60.0.0.0/11
deny from 202.142.16.0/20
deny from 161.207.0.0/16
deny from 202.130.224.0/19
deny from 159.226.0.0/16
deny from 210.5.128.0/19
deny from 58.100.0.0/15
deny from 124.47.0.0/18
deny from 221.136.0.0/15
deny from 218.240.0.0/13
deny from 203.134.240.0/21
deny from 58.240.0.0/12
deny from 202.141.160.0/19
deny from 210.12.0.0/15
deny from 203.88.32.0/19
deny from 202.148.96.0/19
deny from 202.95.0.0/19
deny from 222.248.0.0/15
deny from 211.160.0.0/13
deny from 203.99.80.0/20
deny from 60.160.0.0/11
deny from 202.41.240.0/20
deny from 122.49.0.0/18
deny from 211.80.0.0/12
deny from 123.199.128.0/17
deny from 202.192.0.0/12
deny from 202.22.248.0/21
deny from 219.244.0.0/14
deny from 202.122.0.0/21
deny from 59.32.0.0/11
deny from 125.104.0.0/13
deny from 124.192.0.0/15
deny from 124.147.128.0/17
deny from 124.128.0.0/13
deny from 202.173.8.0/21
deny from 210.26.0.0/15
deny from 121.48.0.0/15
deny from 220.101.192.0/18

Answer 2

Возможно, они сейчас используют китайские IP-адреса, но проблема заключается в запрете одной страны и, в конечном итоге, другой страны. Главным образом потому, что страна не имеет к этому никакого отношения; пользователь является проблемой. Вместо того чтобы запрещать диапазоны IP-адресов, вы должны обнаруживать, что IP-адреса увеличиваются на один октет каждый раз после истечения срока действия бесплатной пробной версии.

Answer 3

Заблокируйте всю подсеть обидчика, чтобы временно решить проблему. Эти типы пользователей будут появляться и в других странах, поэтому вам лучше всего потребовать регистрации и ключа API для использования API.

Если вы все еще хотите блокировать на основе IP-адреса, а не ключа API, проверьте, насколько велика злоупотребляющая подсеть, использующая whois (или BGP), и заблокируйте весь диапазон IP-адресов.

Answer 4

Я использую веб-сервис MaxMind GeoIP: http://www.maxmind.com/en/web_services#country

Вы получаете 2 000 000 поисков за 200 долларов.Прекрасно работает, низкая задержка, и вам не нужно поддерживать локальную базу данных.