Block IP Addresses by Country



  • Ricardo Gomez

    Spam from other countries it's so annoying and we spend a good amount of time every week doing this too. Just in case Americommerce doesn't get this feature going we use this website to download the CIDR list for the specific country:

    then we add the CIDR entries to the IP firewall settings. It's a manual process (and time consuming) but it's effective to block much of that countries hits.

    As a suggestion to Americommerce, it will be great if they add a way to IMPORT the IP firewall entries, this will make this a breeze!

  • Charles Simpson

    Yes.  We do the same but from a different site.  However, on the site that you indicated, there is the ability to add a code snippet that would redirect foreign visitor to a URL that you specify:

    I'm curious if this works and if it does, what URL would we send them to?  Would we have to put the snippets on every page of our shop or just the home page?

  • Joshua Artman

    I am curious why you are needing to completely block all IPs for certain countries.  AmeriCommerce sites are now routed though CloudFlare which should automatically blocks suspicious or malicious ip addresses.  Do you not sell to certain countries?

    Charles: The visitor redirection script you asked about ( I am fairly certain would have to be installed by AmeriCommerce on the server that your site is hosted on for it to work.  I have seen several other web stores that redirect all customers from specific countries to a page that says something like. "I am sorry, we do not currently sell our products to your country".   

  • Charles Simpson

    I just posted a detailed reply that took some time to write.  However, when I submitted it, it took me back to the login screen which after logging in did not post my reply which is now lost.  I'll try to post the reply again when I have time the patience.

  • Charles Simpson

    Basically this is about money. AmeriCommerce charges for bandwidth usage and if you go over your allotment, the additional charge can sting.

    A few months ago we were presented with a monthly charge that was more than 5 times our normal monthly charge. This was due to a single IP address, from China, that was hitting our site and using many GB of bandwidth that month. Luckily, in this instance I was able to get AmeriCommerce to forgive the extra charges, but we can't expect them to always do this for us. We have about a dozen ecommerce sites on 2 platforms. We have only 1 of these sites on AmeriCommerce and all the other sites on another platform. That other platform does not charge for bandwidth usage so we never even thought of blocking IP address on that platform. Most of our products are made in the USA and we only ship orders to USA addresses. So, limiting the traffic to our AmeriCommerce site to folks who can actually do business with us is important. Do this also helps reduce the surface area of threats from bad players. Yes, we also get bad players from USA IP addresses on our AmeriCommerce sites. You can recognize this by looking at the referrer URLs for the activity in the visitor session logs. If they are trying to go to your site URL with anything like "wp-logon" in it then chances are that they are trying to figure out if your site is a WordPress site that then they can try to hack. There are no legitimate customers trying to visit your site by using URLs that don't exist on your site that did not go to product pages that you have removed. So, yes, we do block individual USA IP addresses if we see that they are a bad player. We would not normally do this, but because we check each IP address to see if they are a foreign country, then we are already in there. When we find a foreign country IP address, we figure out the CIDR and block that.

    The goal is to manage bandwidth and not block countries or bad players. However, because of the way AmeriCommerce does billing, we have to block those who would never be our customers to help us manage bandwidth. That is the challenge.

  • Joshua Artman

    Ok, That makes sense. 

    I searched of our visitor sessions via AmeriCommerce and Google Analytics and we have not had any significant hits to anything with "wp-" in the url that I can find this year.

    I also forgot about the bandwidth issue, we use to deal with regularly trying to keep our bandwidth down; several years ago we contacted AmeriCommerce about that and now just yearly prepay for some extra bandwidth at a significantly lower rate than the published rates.

    I just realized that I could not find a way within AmeriCommerce to see what urls are getting a 404 status.  Several other services I use have reports that shows what pages on your url are getting a 404 message so you can redirect those if desired.  Those reports are also useful to keep an eye out for hack attempts.


Please sign in to leave a comment.

We're Here To Help

Standard Support Hours: Monday-Friday 8AM-5PM CST
Looking for Premium Support? Just ask!

Speak to a live person
1 (800) 936-9006
Submit A Support Ticket
Submit Your Ticket Here