Block access from non-ARIN IPs?

[Dave]

I run a very small forum community that has recently been getting bombarded by spam registrations, and it's starting to drive me nuts. I've tried Captchas, mods, honeypots, anything I can find and think of, but I'm still getting slammed. At this point, I'd like to just stop any and all traffic that's not ARIN-based. Is that possible? I think I can do it through .htaccess, but I think you have to put in every IP range you want to block? Is there anything easier? Any other ideas for SMF? If not, I'll just shut off registrations and be done with it. Thanks!

[Matt]

Quote:

Originally Posted by Dave

I run a very small forum community that has recently been getting bombarded by spam registrations, and it's starting to drive me nuts. I've tried Captchas, mods, honeypots, anything I can find and think of, but I'm still getting slammed. At this point, I'd like to just stop any and all traffic that's not ARIN-based. Is that possible? I think I can do it through .htaccess, but I think you have to put in every IP range you want to block? Is there anything easier? Any other ideas for SMF? If not, I'll just shut off registrations and be done with it. Thanks!

I've had similar problems with this forum. In fact, this forum is still amassing bot registrations despite implementing non-standard logical captchas (number sequences), which leads me to suspect a good chunk of registrations are farmed out to the Philippines, China, and India.

Looks like you can setup IP range blocks according to the SMF forum and here's a listing of IP allocations by country. I'd caution against sticking those in a .htaccess. Apache will check every page request (images, PHP files, CSS, etc) against each IP address explicitly denied translating into impaired performance for both registration and casual browsing of your site. Add enough "Deny from x.x.x.x" directives and it'll slow your site down to a crawl.