I have thought about website security lately. One underused way of securing a website is to look at the scope of your website. Most websites have a purpose, it may be a website for small local businesses, an e-commerce website, which servers a niche market. In most cases not every country needs access to view your site. With the correct tools it is possible to block countries based on IP Addresses. This can allow you to maximize your possible audience, while blocking populations of hackers.
###Where are Hackers Located###
The top ten countries for hackers as of May of 2013 according to abcnetspace.com
- China ###How to Use the List###
I suggest that you first decide what countries your website does not need to be seen in. For example if you have a local website, then you may want to block all countries on the list, except for your own, if it is listed. You can also look at where your traffic comes from, and determine countries that do not have a lot of traffic to your site, and decide to block them.
###Creating the List###
You know what countries to allow or block as the case may be, with the .htaccess file you can either explicitly allow or block based on IP Address. This means that if you only want one to a few countries to have access be ready to only allow traffic from those countries. On the other hand if you are just going to block some countries then be ready to block them.
Now that you know what countries to keep or block, you will need a tool to help you in generating the .htaccess code.
Country IP Blocks will generate code you can just paste into your .htaccess file. And like that you have secured your website a little more.
This is not the only way to secure a site. In fact this is a tool that must be part of a comprehensive plan for security. Those hackers you blocked can always hack a computer that is let into your site and still hack you if you are not careful. The last imitation of this method is that it only works with web servers, like Apache that support .htaccess files.
Blocking countries intelligently based on your need for traffic, can be a strong part of web security. It should not be the only piece of the security puzzle. Also you will need to make sure your server allows that kind of security before you can use it.