Jump to content


Photo

Is it a good to restrict login page to one country?


  • Please log in to reply
3 replies to this topic

#1 PHPisis

PHPisis
  • New Members
  • Pip
  • Newbie
  • 3 posts

Posted 20 April 2017 - 05:44 PM

Hello, Lords of the PHP. Just had an idea on my mind and wanted to get more knowledge from experts.

So, [soon] I will code a website. I'm the only admin on the website. So, I thought of restricting the accessibility of Login page ONLY to my country.

Why? Simple. There are 7 billion people on earth. If I display the login page to everyone, the hacking ratio is gonna be too high. However, If I restrict the login page to my country only, the chances of getting hacked is gonna be too low. Because the population of country is only 30 million and most of them don't even know how to run a computer.


This is a simple example :

 

<?php

if($ip == <MY COUNTRY'S IP CODE>)
{

    //Login Form
    .
    .
    .

}



else
{
    //If the IP was not from my country, then redirect to home page.
    header('location: index.php');
    exit();

}

?>





Am I right or am I just completely clueless?



#2 Jacques1

Jacques1
  • Gurus
  • Turtles all the way down
  • 4,213 posts

Posted 20 April 2017 - 06:17 PM

This is naive.

 

Anybody can use an IP address from a different country, be it through a proxy server, VPN, Tor etc. Attackers usually have large bot nets with zombie machines all over the world, so they can easily bypass your restriction.

 

At the same time, you're hurting legitimate users. There are very good reasons for routing one's traffic through another country (privacy, circumvention of censorship, ...). Who are you to decide what people can and cannot do?

 

If you're afraid that your website will get hacked, fix your website. Don't punish your users for your mistakes.



#3 PHPisis

PHPisis
  • New Members
  • Pip
  • Newbie
  • 3 posts

Posted 20 April 2017 - 10:57 PM

This is naive.

 

Anybody can use an IP address from a different country, be it through a proxy server, VPN, Tor etc. Attackers usually have large bot nets with zombie machines all over the world, so they can easily bypass your restriction.

 

At the same time, you're hurting legitimate users. There are very good reasons for routing one's traffic through another country (privacy, circumvention of censorship, ...). Who are you to decide what people can and cannot do?

 

If you're afraid that your website will get hacked, fix your website. Don't punish your users for your mistakes.

Thank you very much for your reply. I apologize for not giving much information.

1. That's true, anyone can simply use VPN or proxy server to bypass the restriction. The idea is to ADD limitation only. (I'm a noob, you know?). But how will the hacker know that I have a login page when I'm not gonna link anything to it? I'm not gonna use any sort of hyperlink towards the login page.

2. I'm hurting "legitimate users" ?? The website is simply me sharing audio files. There are no users. You just visit the site, listen or download and then leave. There are no users. However, there are admins (and it's only me at the moment). Admins' job is to add, update or delete audio files. There is an admin panel for the admin once the admin logs in successfully.

3. @"fix your website" ... You are the pro here, help me. All I know about security is password encryption, avoid SQL injection using addslashes() function, and use exit() everytime I use header()...

I sense anger from your reply. Relax bro. I'm not your enemy. I thank you again for your kind reply.
 



#4 Strider64

Strider64
  • Members
  • PipPipPip
  • Advanced Member
  • 247 posts
  • LocationA burb of Detroit, MI

Posted 21 April 2017 - 11:55 AM

Thank you very much for your reply. I apologize for not giving much information.

1. That's true, anyone can simply use VPN or proxy server to bypass the restriction. The idea is to ADD limitation only. (I'm a noob, you know?). But how will the hacker know that I have a login page when I'm not gonna link anything to it? I'm not gonna use any sort of hyperlink towards the login page.

2. I'm hurting "legitimate users" ?? The website is simply me sharing audio files. There are no users. You just visit the site, listen or download and then leave. There are no users. However, there are admins (and it's only me at the moment). Admins' job is to add, update or delete audio files. There is an admin panel for the admin once the admin logs in successfully.

3. @"fix your website" ... You are the pro here, help me. All I know about security is password encryption, avoid SQL injection using addslashes() function, and use exit() everytime I use header()...

I sense anger from your reply. Relax bro. I'm not your enemy. I thank you again for your kind reply.
 

On points number 1 & 2 .....why not just have security levels for the admins? It would be easier and make people happier than blocking users by country? Heck, you could only have a only member site that way you can control who has access or not to certain pages. Think of it as having a green jacket at Augusta's Country Club (The Masters in case people don't know golf). :happy-04:  


Edited by Strider64, 21 April 2017 - 11:57 AM.

 http://www.pepster.com  ||  "Insanity: doing the same thing over and over again and expecting different results." - Albert Einstein 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users