Mark Weaver wrote:
> Gavin Carr wrote:
> > There are also a bunch of CPAN perl modules that can be used for this
> > e.g. Geo::IP, Geo::IP2Location, Geo::IPfree, etc.
> Hi Garvin,
>
> Those are pretty cool... thanks for the heads up I was unaware of them,
> but they appear to be specifically for gathering geographical data which
> web master would use and have nothing to do with geo-blocking of spam.
The idea is, the lookup is fairly well debugged and automated through those models, just need some glue to built iptables rules for, especially Geo::IPfree. I would imagine you could do something like this to block all IPs that aren't US or something to that effect:
getcountry.pl:
#!/usr/bin/perl
use Geo::IPfree;
my $new_ip = $ARGV[0] ;
print "$new_ip\r\n" ;
my ($country,$country_name,$ip) = Geo::IPfree::LookUp($new_ip) ;
print "$country_name\r\n" ;
if ($country eq "US") {
print "US IP!\r\n" ;
} else {
print "Not US IP!\r\n" ;
}
You can just run something like "getcountry.pl 212.5.80.0" (Kaspersky Labs, Russia) which should tell you that it's not a US IP. You could add this as another layer or use it for additional scoring. Obviously you would want to check the variables and all that good security stuff, this is a just a proof of concept.