How to block most blacklisted ips?

There are sites that give you known blacklisted ips like http://myip.ms/browse/blacklist/  ips that are known proxies and such. But i have not figured out how to take the exported list of ips and put them in .htaccess without doing it manually, anyone know of a way to block known proxy ips and blacklisted bot ips?

If it is bots that you want to block; then use a whitelist.  Deny all then allow the good bots.  Much shorter list and you don't have to worry about the bots changing.  I have not block bots by IPs and not sure how effective that would be.  I use the agent to allow the good bots in and block everything else.

The problem with blacklists is that just grow and grow and grow.  I have a client that only want certain countries to connect to his website.  If I had used a blacklist, it would have been huge.  However, the whitelist of allowed countries is very much shorter.

no im trying to block proxies,, i got people trolling my chats with them

 I use Maxmind's proxy detection service to block registrations via anonymous proxies.  I also use their apache mod_geoip to block undesirable countries. Those two things alone, have been 100% effective on the site I use them on.

 did you buy service from them then have to change your join form to get it all to work ??

 RE:

 Yes

You sign up, and buy queries here: http://www.maxmind.com/en/proxy  It won't cost you much to test it... you can buy a 1000 queries for $5, and if it works OK for you, you can stay with it.  To keep costs down, you want to use this ONLY on join.php to block registrations via undesirable IPs. 

One thing you need to know before you try to sign up, is that you MUST correspond with maxmind using an email address that belongs to the domain you want to use the proxy detection service on.  You should also exclude all search engines and bots from join.php so that  they don't deplete your queries.

Here's the code I added to the beginning of my join form:

$license_key = 'License_Key_Here';
$ipaddress = $_SERVER['REMOTE_ADDR'];
$query = "https://minfraud1.maxmind.com/app/ipauth_http?l=" . $license_key
. "&ipaddr=" . $ipaddress;
$score = file_get_contents($query);
$numericScore = str_replace("proxyScore=", "", $score);
if ($numericScore > .5) {
header( 'Location: ../404.html' ) ;
}

You'll get a license key when you subscribe to the service.  All this code does, is submit a query to the Maxmind API using the IP address of whoever, or whatever is requesting the join form.  The query to the API will return a score based on a bunch of important stuff.  The str_replace function cleans up the query results a bit, and then the result is compared to a preset value.  If the score is greater than the preset value, the remote address is presented with a 404 page instead of the join form.  Desirable traffic gets the join form.

In my opinion, everyone should consider entirely blocking every country that you don't need on your site.  In most cases, what possible reason could there be for allowing access from China, eastern europe, and about 95% of the planet.  I am 100% certain that 95% of the planet will have no interest in your site other than to hack, or register and post as much spam as possible.  For one site I'm developing, if you don't live in the US, you simply can't access the site at all.  I just use the Maxmind proxy detection service to take care of all the scumbags that work through US based proxy servers.

ok this is not gonnna work for me,, let me explain my issue why i need a proxy ip list to ban,, i have people coming in my chat with proxies and flooding,, so i need to ban them from entering chat,, please someone come up with a list or an idea PLEASE!

http://myip.ms/browse/blacklist/  has a list of blacklisted ips,, but i dont know how to export there list to something i can use in the .htaccess

i tried this here http://perishablepress.com/5g-blacklist-2013/   and added *see below* to my htaccess but it didnt seem to do any good

# 5G BLACKLIST/FIREWALL (2013)
# @ http://perishablepress.com/5g-blacklist-2013/

# 5G:[QUERY STRINGS]
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{QUERY_STRING} ("|%22).*(<|>|%3) [NC,OR]
    RewriteCond %{QUERY_STRING} (javascript:).*(;) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3) [NC,OR]
    RewriteCond %{QUERY_STRING} (\|../|`|='$|=%27$) [NC,OR]
    RewriteCond %{QUERY_STRING} (;|'|"|%22).*(union|select|insert|drop|update|md5|benchmark|or|and|if) [NC,OR]
    RewriteCond %{QUERY_STRING} (base64_encode|localhost|mosconfig) [NC,OR]
    RewriteCond %{QUERY_STRING} (boot.ini|echo.*kae|etc/passwd) [NC,OR]
    RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|[|%) [NC]
    RewriteRule .* - [F]
</IfModule>

# 5G:[USER AGENTS]
<IfModule mod_setenvif.c>
    # SetEnvIfNoCase User-Agent ^$ keep_out
    SetEnvIfNoCase User-Agent (binlar|casper|cmsworldmap|comodo|diavol|dotbot|feedfinder|flicky|ia_archiver|jakarta|kmccrew|nutch|planetwork|purebot|pycurl|skygrid|sucker|turnit|vikspider|zmeu) keep_out
    <limit GET POST PUT>
        Order Allow,Deny
        Allow from all
        Deny from env=keep_out
    </limit>
</IfModule>

# 5G:[REQUEST STRINGS]
<IfModule mod_alias.c>
    RedirectMatch 403 (https?|ftp|php)://
    RedirectMatch 403 /(https?|ima|ucp)/
    RedirectMatch 403 /(Permanent|Better)$
    RedirectMatch 403 (=\'|=\%27|/\'/?|).css()$
    RedirectMatch 403 (,|)+|/,/|{0}|(/(|...|+++|||\"\")
    RedirectMatch 403 .(cgi|asp|aspx|cfg|dll|exe|jsp|mdb|sql|ini|rar)$
    RedirectMatch 403 /(contac|fpw|install|pingserver|register).php$
    RedirectMatch 403 (base64|crossdomain|localhost|wwwroot|e107_)
    RedirectMatch 403 (eval(|_vti_|(null)|echo.*kae|config.xml)
    RedirectMatch 403 .well-known/host-meta
    RedirectMatch 403 /function.array-rand
    RedirectMatch 403 );$(this).html(
    RedirectMatch 403 proc/self/environ
    RedirectMatch 403 msnbot.htm)._
    RedirectMatch 403 /ref.outcontrol
    RedirectMatch 403 com_cropimage
    RedirectMatch 403 indonesia.htm
    RedirectMatch 403 {$itemURL}
    RedirectMatch 403 function()
    RedirectMatch 403 labels.rdf
    RedirectMatch 403 /playing.php
    RedirectMatch 403 muieblackcat
</IfModule>

# 5G:[REQUEST METHOD]
<ifModule mod_rewrite.c>
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
    RewriteRule .* - [F]
</IfModule>

# 5G:[BAD IPS]
<limit GET POST PUT>
    Order Allow,Deny
    Allow from all
    # uncomment/edit/repeat next line to block IPs
    # Deny from 123.456.789
</limit>

 Add to htaccess if you want to use their blacklist. Quite large with 34k ip's.

ty

Not sure how much this would slow down a website, but it definitely works, tested with my own ip in the list.

well it cant slow it down no more then people with proxies coming in my chat and crashing everyones flash with flooding

Can you post a few of the IPs of the proxy servers they are using?

93.126.105.41      90.191.0.55     91.239.27.135    217.115.183.2   188.134.91.99   are a few i have loads if you need more

 Ukraine, Estonia, Russian Federation are who all those IPs belong to.  I've told folks around here at least a hundred times, that ALL these useless countries should be blocked entirely.  Until you do, you are going to be really busy trying to keep up with an endless pile of IPs to block, and your life is going to be really miserable.  You can't block all these countries effectively with htaccess... you have to do it with geoip.

My only advice is to install GeoIP on your server, and allow traffic from ONLY the countries that are actually interested in your site.  I can tell you with 100% certainty, that no one in Eastern Europe, Asia, Pacific Rim and a bunch of others, gives a rat's ass about your site for anything other than a billboard to post spam.

Here's what I use in my .htaccess to block every country but the US:

<IfModule mod_geoip.c>
GeoIPEnable On
Order deny,allow
deny from all
SetEnvIf GEOIP_COUNTRY_CODE US TargetLocation
Allow from env=TargetLocation
</IfModule>

Thanks,, will take me a minute to think of what all country's to allow, I know we have chatters from Russia and a few from Malaysia and a couple other normally undesirable country's

 I'd still block all of Russia.... then you could allow a few small rang of IPs from RU if you really need to keep those chatters,but all those Ruskies are up to no good if you ask me.

yeah that is what im thinking,, i looked at installing geoip,, then got scared, and i think newton is away and he said he has never installed it, and pranshank is not online,, and the last time i tried blocking countrys i ended up blocking the word INCLUDING myself and it was a real mess.. you busy?

This script will block from IP and or complete countries. The IP banlist is generated from the stopspamforum and updated daily.

Install as directed

I inserted this line into design.inc.php:

require_once(BX_DIRECTORY_PATH_ROOT . "spamip/spamip.php");

running the script for the first time setting $days='365'; will download a massive banlist (80,000+), I would change this to 1 after the first run.

Works well,..ban away

Doing a little research I've found the top 5 spam countries are USA, Brazil, Ukraine, Russia and China.

Banning complete countries would result in the following:

Excluding the United States

Banning Brazil - Population Using Internet -> 45% -> 88,494,000 Potential Users Banned

Banning Ukraine - Population Using Internet -> 30% -> 13,712,000 Potential Users Banned

Banning Russia - Population Using Internet -> 49% -> 69,546,000 Potential Users Banned

Banning China - Population Using Internet -> 38% -> 510,769,000 Potential Users Banned

If you do this your banning 682,521,000 potential visitors to your site.

Banning complete countries doesn't sound like a very good decision.

Im not sure if this would require the same approach as to block an ip address, but is there a way to block the email domain mailnesia.com. I have been getting a lot of people signing up using email addresses to this domain.

 RE:

 Really?  What then, is the point of having 1 billion people that don't speak, write, or understand English, on a website that is essentially English language based, or one that is intended for US residents only?  Explain that to me, because I just don't get it.

If its intended for US residents only, by all means, ban the world. Nobody cares