Jump to content

Is it a good to restrict login page to one country?

PHPisis

By PHPisis
in PHP Coding Help

Recommended Posts

PHPisis Newbie

PHPisis

Posted
Posted

Hello, Lords of the PHP. Just had an idea on my mind and wanted to get more knowledge from experts.

So, [soon] I will code a website. I'm the only admin on the website. So, I thought of restricting the accessibility of Login page ONLY to my country.

Why? Simple. There are 7 billion people on earth. If I display the login page to everyone, the hacking ratio is gonna be too high. However, If I restrict the login page to my country only, the chances of getting hacked is gonna be too low. Because the population of country is only 30 million and most of them don't even know how to run a computer.


This is a simple example :

 

<?php

if($ip == <MY COUNTRY'S IP CODE>)
{

    //Login Form
    .
    .
    .

}



else
{
    //If the IP was not from my country, then redirect to home page.
    header('location: index.php');
    exit();

}

?>





Am I right or am I just completely clueless?

Link to comment
Share on other sites
Jacques1 Prolific Member

Jacques1

Posted
Posted

This is naive.

 

Anybody can use an IP address from a different country, be it through a proxy server, VPN, Tor etc. Attackers usually have large bot nets with zombie machines all over the world, so they can easily bypass your restriction.

 

At the same time, you're hurting legitimate users. There are very good reasons for routing one's traffic through another country (privacy, circumvention of censorship, ...). Who are you to decide what people can and cannot do?

 

If you're afraid that your website will get hacked, fix your website. Don't punish your users for your mistakes.

Link to comment
Share on other sites
PHPisis Newbie

PHPisis

Posted
  • Author
Posted

This is naive.

 

Anybody can use an IP address from a different country, be it through a proxy server, VPN, Tor etc. Attackers usually have large bot nets with zombie machines all over the world, so they can easily bypass your restriction.

 

At the same time, you're hurting legitimate users. There are very good reasons for routing one's traffic through another country (privacy, circumvention of censorship, ...). Who are you to decide what people can and cannot do?

 

If you're afraid that your website will get hacked, fix your website. Don't punish your users for your mistakes.

Thank you very much for your reply. I apologize for not giving much information.

 

1. That's true, anyone can simply use VPN or proxy server to bypass the restriction. The idea is to ADD limitation only. (I'm a noob, you know?). But how will the hacker know that I have a login page when I'm not gonna link anything to it? I'm not gonna use any sort of hyperlink towards the login page.

 

2. I'm hurting "legitimate users" ?? The website is simply me sharing audio files. There are no users. You just visit the site, listen or download and then leave. There are no users. However, there are admins (and it's only me at the moment). Admins' job is to add, update or delete audio files. There is an admin panel for the admin once the admin logs in successfully.

 

3. @"fix your website" ... You are the pro here, help me. All I know about security is password encryption, avoid SQL injection using addslashes() function, and use exit() everytime I use header()...

 

I sense anger from your reply. Relax bro. I'm not your enemy. I thank you again for your kind reply.

 

Link to comment
Share on other sites
Strider64 Advanced Member

Strider64

Posted
Posted

Thank you very much for your reply. I apologize for not giving much information.

 

1. That's true, anyone can simply use VPN or proxy server to bypass the restriction. The idea is to ADD limitation only. (I'm a noob, you know?). But how will the hacker know that I have a login page when I'm not gonna link anything to it? I'm not gonna use any sort of hyperlink towards the login page.

 

2. I'm hurting "legitimate users" ?? The website is simply me sharing audio files. There are no users. You just visit the site, listen or download and then leave. There are no users. However, there are admins (and it's only me at the moment). Admins' job is to add, update or delete audio files. There is an admin panel for the admin once the admin logs in successfully.

 

3. @"fix your website" ... You are the pro here, help me. All I know about security is password encryption, avoid SQL injection using addslashes() function, and use exit() everytime I use header()...

 

I sense anger from your reply. Relax bro. I'm not your enemy. I thank you again for your kind reply.

 

On points number 1 & 2 .....why not just have security levels for the admins? It would be easier and make people happier than blocking users by country? Heck, you could only have a only member site that way you can control who has access or not to certain pages. Think of it as having a green jacket at Augusta's Country Club (The Masters in case people don't know golf). :happy-04:  

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.