Comments on: Blocking High Risk Countries From Using Your Website http://www.merchant-account-services.org/blog/blocking-high-risk-countries-from-using-your-website/ A blog about merchant accounts and merchant services Fri, 05 Feb 2010 11:26:35 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Alexis http://www.merchant-account-services.org/blog/blocking-high-risk-countries-from-using-your-website/comment-page-1/#comment-17946 Alexis Tue, 01 Jul 2008 23:37:26 +0000 http://www.merchant-account-services.org/blog/blocking-high-risk-countries-from-using-your-website/#comment-17946 I'm just going through the numbers to see which countries I'm actually blocking and I came across the "Internet Assigned Numbers Authority" (located in California) which is listed under IP address 223.0.0.0. Can anyone tell me why this is set up to be blocked? I’m just going through the numbers to see which countries I’m actually blocking and I came across the “Internet Assigned Numbers Authority” (located in California) which is listed under IP address 223.0.0.0. Can anyone tell me why this is set up to be blocked?

]]> By: David Bullock http://www.merchant-account-services.org/blog/blocking-high-risk-countries-from-using-your-website/comment-page-1/#comment-16268 David Bullock Sat, 21 Jul 2007 06:30:14 +0000 http://www.merchant-account-services.org/blog/blocking-high-risk-countries-from-using-your-website/#comment-16268 I think this is actually a fairly bad idea. Having run the ecommerce system behind an MMOG I'm VERY familar with the problem you're describing and it IS a major problem. However, blocking them at the webserver creates a simple and very obvious block for the customer to work around by using TOR or an HTTP proxy to appear to be from a supported country. You don't want to warn them in such a way as to cue them to defeat your protection. A better tactic would be to silently flag and block credit card charges from these IP ranges at the point of authing or charging the card and notify the customer that their card could not be processed and to contact customer service. Dave I think this is actually a fairly bad idea. Having run the ecommerce system behind an MMOG I’m VERY familar with the problem you’re describing and it IS a major problem. However, blocking them at the webserver creates a simple and very obvious block for the customer to work around by using TOR or an HTTP proxy to appear to be from a supported country.

You don’t want to warn them in such a way as to cue them to defeat your protection.

A better tactic would be to silently flag and block credit card charges from these IP ranges at the point of authing or charging the card and notify the customer that their card could not be processed and to contact customer service.

Dave

]]>