I have an API that is somewhat popular (10,000+ requests/day). After 10 requests per day from an IP address I return a message telling the user they need to cough of some cash if they want to use the service more.
This morning, I found that my web service was running terribly slow. I checked out the DB and I was getting absolutely spammed with requests from IP addresses originating in China. They would use an IP address 10 times and then increment the last octet. Sad times.
I'd like to limit or completely cut off requests from China, for the sake of keeping the system alive. What's the best way to do this? Geolookup each request and ban by country code in PHP? This seems like an inefficient way. There's nothing I can do at the htaccess level, is there?
Just block the entire china IP range:
in .htaccess
#China
deny from 203.135.96.0/19
deny from 203.208.32.0/19
deny from 202.165.176.0/20
deny from 59.108.0.0/14
deny from 210.25.0.0/16
deny from 202.95.252.0/22
deny from 219.216.0.0/13
deny from 202.170.128.0/19
deny from 60.247.0.0/16
deny from 221.13.0.0/16
deny from 125.96.0.0/15
deny from 202.38.0.0/20
deny from 203.192.0.0/19
deny from 202.122.128.0/24
deny from 218.56.0.0/13
deny from 203.166.160.0/19
deny from 202.122.112.0/21
deny from 203.190.96.0/20
deny from 219.72.0.0/16
deny from 124.172.0.0/15
deny from 210.79.64.0/18
deny from 198.17.7.0/24
deny from 202.168.160.0/19
deny from 203.91.120.0/21
deny from 220.160.0.0/11
deny from 202.127.192.0/20
deny from 202.127.216.0/21
deny from 60.253.128.0/17
deny from 58.82.0.0/15
deny from 202.85.208.0/20
deny from 124.249.0.0/16
deny from 202.90.224.0/20
deny from 59.192.0.0/10
deny from 192.83.122.0/24
deny from 202.38.152.0/22
deny from 202.69.16.0/20
deny from 210.14.128.0/17
deny from 124.240.0.0/17
deny from 222.240.0.0/13
deny from 221.176.0.0/13
deny from 203.191.16.0/20
deny from 124.200.0.0/13
deny from 202.60.112.0/20
deny from 203.94.0.0/19
deny from 221.12.0.0/17
deny from 221.14.0.0/15
deny from 202.152.176.0/20
deny from 121.4.0.0/15
deny from 210.82.0.0/15
deny from 203.152.64.0/19
deny from 121.76.0.0/15
deny from 59.191.0.0/17
deny from 221.196.0.0/15
deny from 202.165.208.0/20
deny from 125.254.128.0/18
deny from 210.14.64.0/19
deny from 203.212.80.0/20
deny from 202.112.0.0/13
deny from 58.87.64.0/18
deny from 61.45.128.0/18
deny from 122.51.0.0/16
deny from 210.32.0.0/12
deny from 202.93.252.0/22
deny from 202.90.0.0/22
deny from 125.216.0.0/13
deny from 222.64.0.0/11
deny from 60.194.0.0/15
deny from 210.23.32.0/19
deny from 124.196.0.0/16
deny from 203.158.16.0/21
deny from 192.124.154.0/24
deny from 122.0.128.0/17
deny from 203.208.16.0/22
deny from 202.127.16.0/20
deny from 202.38.184.0/21
deny from 210.192.96.0/19
deny from 210.56.192.0/19
deny from 202.173.224.0/19
deny from 222.125.0.0/16
deny from 202.20.120.0/24
deny from 58.32.0.0/11
deny from 202.164.0.0/20
deny from 210.5.0.0/19
deny from 202.8.128.0/19
deny from 202.150.16.0/20
deny from 203.86.64.0/19
deny from 202.63.248.0/22
deny from 203.174.96.0/19
deny from 220.252.0.0/16
deny from 210.185.192.0/18
deny from 203.156.192.0/18
deny from 203.110.160.0/19
deny from 203.95.0.0/21
deny from 222.16.0.0/12
deny from 59.172.0.0/15
deny from 202.38.136.0/23
deny from 121.224.0.0/12
deny from 203.191.64.0/18
deny from 221.129.0.0/16
deny from 121.40.0.0/14
deny from 210.21.0.0/16
deny from 59.151.0.0/17
deny from 202.170.216.0/21
deny from 203.130.32.0/19
deny from 121.100.128.0/17
deny from 202.127.12.0/22
deny from 124.254.0.0/18
deny from 203.135.160.0/20
deny from 124.250.0.0/15
deny from 202.14.88.0/24
deny from 202.181.112.0/20
deny from 202.38.160.0/23
deny from 219.242.0.0/15
deny from 203.191.144.0/20
deny from 220.242.0.0/15
deny from 61.29.128.0/17
deny from 221.133.224.0/19
deny from 203.196.0.0/21
deny from 202.0.176.0/22
deny from 122.0.64.0/18
deny from 220.154.0.0/15
deny from 222.168.0.0/13
deny from 220.248.0.0/14
deny from 218.185.192.0/19
deny from 124.160.0.0/13
deny from 202.38.168.0/21
deny from 121.56.0.0/15
deny from 121.55.0.0/18
deny from 202.91.128.0/22
deny from 121.59.0.0/16
deny from 123.49.128.0/17
deny from 220.232.64.0/18
deny from 203.100.32.0/20
deny from 202.122.32.0/21
deny from 202.38.138.0/24
deny from 202.14.235.0/24
deny from 203.171.224.0/20
deny from 202.4.252.0/22
deny from 124.224.0.0/12
deny from 202.38.128.0/21
deny from 121.51.0.0/16
deny from 202.127.112.0/20
deny from 166.111.0.0/16
deny from 124.108.40.0/21
deny from 203.207.128.0/17
deny from 218.104.0.0/14
deny from 58.30.0.0/15
deny from 124.156.0.0/16
deny from 202.14.236.0/23
deny from 125.31.192.0/18
deny from 203.90.128.0/18
deny from 124.66.0.0/17
deny from 202.136.208.0/20
deny from 210.16.128.0/18
deny from 221.0.0.0/13
deny from 203.128.32.0/19
deny from 61.128.0.0/10
deny from 58.116.0.0/14
deny from 202.130.0.0/19
deny from 192.83.169.0/24
deny from 202.94.0.0/19
deny from 202.46.32.0/19
deny from 60.232.0.0/15
deny from 61.87.192.0/18
deny from 203.222.42.64/26
deny from 60.255.0.0/16
deny from 124.20.0.0/15
deny from 121.32.0.0/13
deny from 202.38.140.0/22
deny from 203.184.80.0/20
deny from 58.144.0.0/16
deny from 210.15.0.0/17
deny from 124.68.0.0/14
deny from 219.128.0.0/11
deny from 121.204.0.0/14
deny from 202.127.128.0/19
deny from 218.64.0.0/11
deny from 124.108.8.0/21
deny from 125.213.0.0/17
deny from 202.74.8.0/21
deny from 61.236.0.0/15
deny from 61.48.0.0/13
deny from 219.224.0.0/12
deny from 121.0.16.0/20
deny from 125.98.0.0/16
deny from 222.192.0.0/11
deny from 202.180.128.0/19
deny from 121.89.0.0/16
deny from 202.96.0.0/12
deny from 203.100.80.0/20
deny from 203.88.192.0/19
deny from 121.248.0.0/14
deny from 221.200.0.0/13
deny from 202.38.158.0/23
deny from 202.38.149.0/24
deny from 162.105.0.0/16
deny from 210.15.128.0/18
deny from 221.172.0.0/14
deny from 125.215.0.0/18
deny from 218.192.0.0/12
deny from 202.131.48.0/20
deny from 202.92.252.0/22
deny from 220.192.0.0/12
deny from 202.38.146.0/23
deny from 203.95.96.0/19
deny from 202.69.4.0/22
deny from 58.128.0.0/13
deny from 203.118.192.0/19
deny from 203.128.96.0/19
deny from 202.136.224.0/20
deny from 222.126.128.0/17
deny from 122.200.64.0/18
deny from 61.8.160.0/20
deny from 202.38.150.0/23
deny from 58.192.0.0/11
deny from 203.212.0.0/20
deny from 124.248.0.0/17
deny from 222.128.0.0/12
deny from 203.92.0.0/22
deny from 202.38.192.0/18
deny from 221.199.224.0/19
deny from 210.79.224.0/19
deny from 202.91.0.0/22
deny from 221.224.0.0/12
deny from 203.208.0.0/20
deny from 203.207.64.0/18
deny from 202.149.160.0/19
deny from 202.149.224.0/19
deny from 202.189.80.0/20
deny from 203.80.144.0/20
deny from 58.66.0.0/15
deny from 202.70.0.0/19
deny from 210.78.0.0/16
deny from 203.209.224.0/19
deny from 202.131.16.0/21
deny from 58.24.0.0/15
deny from 202.179.240.0/20
deny from 202.4.128.0/19
deny from 202.14.238.0/24
deny from 222.176.0.0/12
deny from 222.160.0.0/14
deny from 220.112.0.0/14
deny from 167.139.0.0/16
deny from 122.4.0.0/14
deny from 202.153.48.0/20
deny from 221.12.128.0/18
deny from 211.144.0.0/12
deny from 211.64.0.0/13
deny from 124.6.64.0/18
deny from 125.112.0.0/12
deny from 203.83.56.0/21
deny from 124.29.0.0/17
deny from 124.16.0.0/15
deny from 202.136.48.0/20
deny from 61.47.128.0/18
deny from 124.40.128.0/18
deny from 202.127.212.0/22
deny from 203.148.0.0/18
deny from 59.64.0.0/12
deny from 122.48.0.0/16
deny from 124.42.0.0/17
deny from 218.249.0.0/16
deny from 124.242.0.0/16
deny from 203.132.32.0/19
deny from 203.79.0.0/20
deny from 202.38.176.0/23
deny from 202.43.144.0/20
deny from 202.123.96.0/20
deny from 203.175.192.0/18
deny from 125.171.0.0/16
deny from 211.136.0.0/13
deny from 203.128.128.0/19
deny from 192.188.170.0/24
deny from 122.8.0.0/13
deny from 124.67.0.0/16
deny from 202.91.176.0/20
deny from 124.243.192.0/18
deny from 221.122.0.0/15
deny from 203.90.0.0/22
deny from 210.28.0.0/14
deny from 202.122.64.0/19
deny from 220.231.0.0/18
deny from 210.52.0.0/15
deny from 220.234.0.0/16
deny from 202.38.164.0/22
deny from 202.127.224.0/19
deny from 203.81.16.0/20
deny from 202.127.48.0/20
deny from 134.196.0.0/16
deny from 218.0.0.0/11
deny from 60.63.0.0/16
deny from 203.93.0.0/16
deny from 124.72.0.0/13
deny from 61.240.0.0/14
deny from 202.127.40.0/21
deny from 202.127.208.0/23
deny from 125.210.0.0/16
deny from 211.96.0.0/13
deny from 61.28.0.0/17
deny from 60.235.0.0/16
deny from 202.158.160.0/19
deny from 121.46.0.0/15
deny from 59.80.0.0/14
deny from 203.176.168.0/21
deny from 121.60.0.0/14
deny from 202.143.16.0/20
deny from 58.154.0.0/15
deny from 221.208.0.0/12
deny from 210.51.0.0/16
deny from 218.108.0.0/15
deny from 61.232.0.0/14
deny from 121.201.0.0/16
deny from 124.88.0.0/13
deny from 221.198.0.0/16
deny from 203.161.192.0/19
deny from 203.119.32.0/22
deny from 202.38.156.0/24
deny from 202.92.0.0/22
deny from 221.130.0.0/15
deny from 168.160.0.0/16
deny from 222.32.0.0/11
deny from 203.86.0.0/18
deny from 121.16.0.0/12
deny from 203.92.160.0/19
deny from 202.46.224.0/20
deny from 121.8.0.0/13
deny from 59.107.0.0/16
deny from 203.91.96.0/20
deny from 122.198.0.0/16
deny from 221.8.0.0/14
deny from 219.82.0.0/16
deny from 202.93.0.0/22
deny from 60.55.0.0/16
deny from 125.64.0.0/11
deny from 203.187.160.0/19
deny from 58.14.0.0/15
deny from 124.64.0.0/15
deny from 202.38.64.0/18
deny from 125.58.128.0/17
deny from 203.119.24.0/21
deny from 203.100.192.0/20
deny from 202.165.96.0/20
deny from 202.160.176.0/20
deny from 221.192.0.0/14
deny from 202.120.0.0/15
deny from 203.100.96.0/19
deny from 202.127.160.0/21
deny from 202.75.208.0/20
deny from 125.62.0.0/18
deny from 124.220.0.0/14
deny from 202.91.224.0/19
deny from 202.10.64.0/20
deny from 202.90.252.0/22
deny from 202.127.0.0/21
deny from 220.231.128.0/17
deny from 60.208.0.0/12
deny from 218.96.0.0/14
deny from 203.222.192.0/20
deny from 60.200.0.0/13
deny from 210.87.128.0/18
deny from 125.208.0.0/18
deny from 210.22.0.0/16
deny from 125.32.0.0/12
deny from 121.58.0.0/17
deny from 202.136.252.0/22
deny from 221.199.0.0/17
deny from 203.99.16.0/20
deny from 203.175.128.0/19
deny from 203.91.32.0/19
deny from 210.76.0.0/15
deny from 60.245.128.0/17
deny from 121.192.0.0/14
deny from 203.89.0.0/22
deny from 220.152.128.0/17
deny from 210.72.0.0/14
deny from 58.16.0.0/13
deny from 202.0.110.0/24
deny from 121.68.0.0/14
deny from 202.41.152.0/21
deny from 202.131.208.0/20
deny from 221.199.192.0/20
deny from 203.223.0.0/20
deny from 124.112.0.0/13
deny from 202.125.176.0/20
deny from 203.90.192.0/19
deny from 123.99.128.0/17
deny from 221.199.128.0/18
deny from 60.0.0.0/11
deny from 202.142.16.0/20
deny from 161.207.0.0/16
deny from 202.130.224.0/19
deny from 159.226.0.0/16
deny from 210.5.128.0/19
deny from 58.100.0.0/15
deny from 124.47.0.0/18
deny from 221.136.0.0/15
deny from 218.240.0.0/13
deny from 203.134.240.0/21
deny from 58.240.0.0/12
deny from 202.141.160.0/19
deny from 210.12.0.0/15
deny from 203.88.32.0/19
deny from 202.148.96.0/19
deny from 202.95.0.0/19
deny from 222.248.0.0/15
deny from 211.160.0.0/13
deny from 203.99.80.0/20
deny from 60.160.0.0/11
deny from 202.41.240.0/20
deny from 122.49.0.0/18
deny from 211.80.0.0/12
deny from 123.199.128.0/17
deny from 202.192.0.0/12
deny from 202.22.248.0/21
deny from 219.244.0.0/14
deny from 202.122.0.0/21
deny from 59.32.0.0/11
deny from 125.104.0.0/13
deny from 124.192.0.0/15
deny from 124.147.128.0/17
deny from 124.128.0.0/13
deny from 202.173.8.0/21
deny from 210.26.0.0/15
deny from 121.48.0.0/15
deny from 220.101.192.0/18
They might be using Chinese IP addresses now, but ban one country and eventually another country will be the problem. Mostly because country has nothing to do with it; the user is the problem. Instead of banning IP ranges, you should detect IP addresses that are increasing by one octet each time they outlive a free trial.
Block the entire subnet of the abuser to solve the problem temporarily. These types of users will appear from other countries as well so your best bet may be to require a registration and an API key to use the API.
If you still want to block based on IP rather than API key, check how large the abusing subnet is using whois (or BGP) and block the entire IP range.
I use the MaxMind GeoIP web service: http://www.maxmind.com/en/web_services#country
You get 2,000,000 lookups for $200. Works great, low latency, and you don't have to maintain a local database.
