Jump to content

Is it a good to restrict login page to one country?

PHPisis

By PHPisis
in PHP Coding Help

 Share

Recommended Posts

PHPisis Newbie

PHPisis

Posted
Posted

Hello, Lords of the PHP. Just had an idea on my mind and wanted to get more knowledge from experts.

So, [soon] I will code a website. I'm the only admin on the website. So, I thought of restricting the accessibility of Login page ONLY to my country.

Why? Simple. There are 7 billion people on earth. If I display the login page to everyone, the hacking ratio is gonna be too high. However, If I restrict the login page to my country only, the chances of getting hacked is gonna be too low. Because the population of country is only 30 million and most of them don't even know how to run a computer.


This is a simple example :

 

<?php

if($ip == <MY COUNTRY'S IP CODE>)
{

    //Login Form
    .
    .
    .

}



else
{
    //If the IP was not from my country, then redirect to home page.
    header('location: index.php');
    exit();

}

?>





Am I right or am I just completely clueless?

Link to comment
Share on other sites
Jacques1 Prolific Member

Jacques1

Posted
Posted

This is naive.

 

Anybody can use an IP address from a different country, be it through a proxy server, VPN, Tor etc. Attackers usually have large bot nets with zombie machines all over the world, so they can easily bypass your restriction.

 

At the same time, you're hurting legitimate users. There are very good reasons for routing one's traffic through another country (privacy, circumvention of censorship, ...). Who are you to decide what people can and cannot do?

 

If you're afraid that your website will get hacked, fix your website. Don't punish your users for your mistakes.

Link to comment
Share on other sites
PHPisis Newbie

PHPisis

Posted
  • Author
Posted

This is naive.

 

Anybody can use an IP address from a different country, be it through a proxy server, VPN, Tor etc. Attackers usually have large bot nets with zombie machines all over the world, so they can easily bypass your restriction.

 

At the same time, you're hurting legitimate users. There are very good reasons for routing one's traffic through another country (privacy, circumvention of censorship, ...). Who are you to decide what people can and cannot do?

 

If you're afraid that your website will get hacked, fix your website. Don't punish your users for your mistakes.

Thank you very much for your reply. I apologize for not giving much information.

 

1. That's true, anyone can simply use VPN or proxy server to bypass the restriction. The idea is to ADD limitation only. (I'm a noob, you know?). But how will the hacker know that I have a login page when I'm not gonna link anything to it? I'm not gonna use any sort of hyperlink towards the login page.

 

2. I'm hurting "legitimate users" ?? The website is simply me sharing audio files. There are no users. You just visit the site, listen or download and then leave. There are no users. However, there are admins (and it's only me at the moment). Admins' job is to add, update or delete audio files. There is an admin panel for the admin once the admin logs in successfully.

 

3. @"fix your website" ... You are the pro here, help me. All I know about security is password encryption, avoid SQL injection using addslashes() function, and use exit() everytime I use header()...

 

I sense anger from your reply. Relax bro. I'm not your enemy. I thank you again for your kind reply.

 

Link to comment
Share on other sites
Strider64 Advanced Member

Strider64

Posted
Posted (edited)

Thank you very much for your reply. I apologize for not giving much information.

 

1. That's true, anyone can simply use VPN or proxy server to bypass the restriction. The idea is to ADD limitation only. (I'm a noob, you know?). But how will the hacker know that I have a login page when I'm not gonna link anything to it? I'm not gonna use any sort of hyperlink towards the login page.

 

2. I'm hurting "legitimate users" ?? The website is simply me sharing audio files. There are no users. You just visit the site, listen or download and then leave. There are no users. However, there are admins (and it's only me at the moment). Admins' job is to add, update or delete audio files. There is an admin panel for the admin once the admin logs in successfully.

 

3. @"fix your website" ... You are the pro here, help me. All I know about security is password encryption, avoid SQL injection using addslashes() function, and use exit() everytime I use header()...

 

I sense anger from your reply. Relax bro. I'm not your enemy. I thank you again for your kind reply.

 

On points number 1 & 2 .....why not just have security levels for the admins? It would be easier and make people happier than blocking users by country? Heck, you could only have a only member site that way you can control who has access or not to certain pages. Think of it as having a green jacket at Augusta's Country Club (The Masters in case people don't know golf). :happy-04:  

Edited by Strider64
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.