Slashdot Mirror
How To Keep a Web Site Local?
Cornwallis writes "The universal accessibility of the Internet is one of its attractions. But what do you do when you don't want your board to be Slashdotted? Back in the day it was great to run a local BBS where friends and neighbors could dial in using their 9600-baud modems to pick up mail or share games or stories. Now, my Web-based board gets slammed by people from all over the world who have no reason to access it, can't possibly take advantage of the locally focused services it offers, and generally take up my time because I have to block their accounts or explain to them why they can't have access. This despite the fact that the board explains quite clearly that it is for local use only and couldn't possibly be of interest to them. Other than putting thousands of entries in my hosts file to block IP ranges, what options do I have to restrict access to locals only? Or isn't that feasible?"
order allow,deny
.
deny from all
allow from iprange
allow from iprange
allow from iprange
etc. etc.
There are websites all over the internet that allow you to do country-by-IP-range lookups.
You could also do;
ErrorDocument 403 "Sorry, this website is only available to people living in
(Yes, no final quotation mark).
Or don't worry, what does it hurt if people who aren't benefiting from a website visit it?
How do you define locals?
If it's just people living in a small area - like friends and neighbours, how about having your server only serve to anyone on a wifi network you set up for that purpose?
...I doubt Slashdot can make a good assessment without taking a look at the site. Mind posting the URL?
Would it not be easier to approve individuals than spend time unapproving anyone not from your little community. Do you threaten the intruders with pitchforks whilst crying "Are you local????".
Facebook is open to the world, but still manages to sustain small communities / groups. It's not impossible.
You could restrict your website to 127.0.0.1 - that's very local. Or you could wire all the houses together on a private subnet.
Get some paper, pin it up around the neighbourhood with a private key. Ensure that people can't create an account or access the boards without the private key.
Am I missing something? Why use an overly technical solution when some paper and pens will fix the whole thing?
"It does not do to leave a live dragon out of your calculations, if you live near him." - Tolkien
I don't know if this idea will work.
When registering for an account, how about asking question only locals will know? One that is easily known by the locals, but may create a bit too much effort for someone not local. Like, "What is the street that goes by such as such restaurant?"
Give us a link to the board, we need to have a look at it before we can properly assess the best way to 'keep it local'.
You can allow the website to be usable only by certain IP addresses. One way to do this would be to find out IP address ranges for all ISPs in your area, and allow only those. Another would be to filter by Country/City information about each IP address that you can get using GeoIPLocation or something similar. Also, having a good CAPTCHA will help you avoid some of those unnecessary users.
If you use PHP, consider getting Maxmind and filter on its city / country databases.
Download a database of IP address to location, then do a lookup. If it's within your state, for example, then allow access. Otherwise, send them to a "sorry" page with contact info in case they really are local and you need to add an exception.
Or implement SMS verification on account signup that only allows your area code and then do manual review, perhaps using a community approval process.
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
google maps
+funny
This is a LOCAL site for LOCAL people!
Your really asking the impossible. The Internet is fundamentally designed to share data across the various networks that comprise it. I understand your desire to keep costs down (time+bandwidth), but if for some reason you are having large numbers of users visit your site that is raising your costs, there is practically nothing you can do that you are not already doing.
A block list, or allow list is your only option AFAIK. There are services that attempt to provide geographical data associated with IP addresses. They are not always accurate, and proxies/TOR would allow people to still bypass those restrictions.
I don't think you are really trying to restrict the data to "locals" only, but instead reduce your costs. Unfortunately, I don't think you can suffer the costs of looking up those visiting IP addresses on demand with such a service as surely they would charge you which would defeat the purpose.
Keep expanding your block list, it's your only option that I can think of. Just keep in mind, that any geographic data you get regarding IP ranges can get stale quickly. You will have to keep updating it.
You have no idea what is of use to other people. Maybe they're thinking of visiting your local area. Maybe they have friends that live there. Maybe they're thinking of setting up a similar board for their own area and want to know how yours is going. Put down your ego for a minute.
How we know is more important than what we know.
I'd put good money on this being 4chan
I think I heard one time about a free, open source IP-geogrphy list or database you can implement in programs and webpage code. Other than that, databases that DNSStuff.com use all want money for you to access them. They're probably a bit more accurate and up to date but I doubt you want to pay for their use. Other than that, you can look them up manually and make a whitelist type filter like the first reply said but then you have to cross your fingers and hope no location ever changes their IP addresses (yeah right). Plus, some local people are using protection programs and proxy internet content filters that make it look like they're from elsewhere. And other people could just use a local proxy server to make it look like they're from your area. There really is no good solution to this at all but that won't stop me from suggesting the best possible system:
Put a splash page that says for example "Click here if you're from Wisconsin" and then "Click here if you're from elsewhere" and if they don't click the Wisconsin one, BOOM! it runs a script that banned them from the server. Now that's foolproof lol.
Google's Super Secret Search Algorithm: SELECT @search_results FROM internet WHERE @search_results = 'good'
Get a list of local ip ranges from local ISPs and whitelist them in your firewall. It'll take a lot of work, but that's what happens when you work against the openness of the internet.
Just make it members only, and implement a signup procedure. Lots of sites do this; it's relatively easy.
Use this service to determine where they are coming from, and ask them to enter their location as part of the registration process.
If the two match, you can probably approve them.
If they don't then tell them that it's a local access service only, and that out of area access has a $20 processing fee payable via Paypal.
That way you can fund the database service, and filter out those who want access for the wrong reason.
Make the user registration form (mandatory to access said services) ask a mandatory piece of information: location. City, town, or what ever your target population is described by. If the answer is not what you want, give the account, but make the website just as defunct as it used to be before making the account. :-)
If you want to restrict access to your country only, you could give geoip a try. Either call geoiplookup for every visitor or use one of the many bindings.
It might block users you would want on your site though and there's not a lot you can do about proxies. YMMV.
This sig is intentionally left blank
Turn off anonymous posting
I'd have to think this is a bad idea.
Let's say someone want's to go there (ie: vacation or move there) and would like a 1st hand account of what its like. ("How hot is it in the summer?" or questions like that).
And of course lets say that the ISP borks up and the GeoIP is wrong. Trust me, it happened to me before. It thought I lived a couple thousand miles away.
In other words: this is a bad idea. A bad idea for your forum, and a bad idea for the internet in general.
Maybe you could use an invite system?
Implement something similar to a captcha: Ask questions only people from your neighborhood can answer. Make sure the answers are not too easily found by using google.
A couple of years ago we started to get a lot of people signing up from China, India, Russia etc and then posting spam. So now, to register with the forum you have to answer a question that requires you have some local knowledge. That gets rid of most automatic signups. And secondly, the accounts are not activated automatically but have to be approved by an administrator. So we delete those with spammy URLs in their signatures ("Buy WOW gold" seems to be a common variety). In a small community, the number of real local people siging up is a few per week. Maybe a couple of spammers get past that in a month, and then their posts and accounts are quickly deleted.
1.) Make your own server via spare comp, bought up internet connection.
You might not need a terribly fast one if you intend to keep this strictly local, so DSL or Comcast (default subscriptions) should do.
2a.) Utilizing the trust low-tech solution of offline marketing, post flyers, pass by word of mouth in the community, etc. to those in your locale that you wish to know about your site.
2b.) Here's the catch: when you inform others of your site, tell them explicitly that your site will only be online from Hour A to Hour B (i.e. 8PM to 10PM).
They will require any of the following; login info that you provided for them, a keyword to say upon entering the chat room, a certain thread to post in on the BBS, etc.
Use your imagination with this one.
3.) Repeat & vary the process, keeping your local site online only when needed or desired.
For the days that you don't want to filter access, utilize all the traditional methods of blocking outsiders out.
Not a perfect solution, but it's another tool to use rather than just whitelisting (blacklisting is less effective).
This is a pretty insecure authentication mechanism, because it necessarily has to be simple -- so you'll want to use some obscurity as well.
Make sure that if the incorrect answer is given, the user is redirected to a 'login success' page that has minimal and outdated content.
They will quickly lose interest and leave.
If you redirect to a 'login error' page, then they may try harder to get in.
Another approach would be to distribute (multiple or a single) SSL client keys to all your neighbors.
Then its a simple matter to redirect users based on the key -- if they have it, they get the content; if they don't, they get the dummy page.
Make all potential users send scanned copies of at least forms of ID, one with a local address and a copy of any utility bill or credit report.
Deltron 3030 - Virus (music video)
You put it on the wrong Internet, basically.
Did you even read the whole post? The submitter gives plenty of reasons why they want this. It's their site, they can do what the hell they want. Either provide an answer or something else constructive, or STFU.
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
While it does involve having thousands of addresses, this kind of thing is pretty easy to automate, given what your goals are. For example, I use this tool to determine which country my visitors are in and display the relevant contact information (show the French address to people in France, the Belgian one to people in Belgium, etc). I have a cron job set up to update the database once a week; it is fully automatic and very reliable.
If you need to be more specific, this guy has a php class that can supposedly give you information as specific as city, or you can write your own using the db you can download here, although I can't personally vouch for either. You could also parse the hostnames in your server and only allow service providers in your area.
Also, google code has a really good tutorial for a client side application if your server is limited in its capabilities.
Either way, it sounds from the summary like you have access to a database of ip address ranges you want to allow. Just set up a cron job to download it and parse it.
weirdest thing I ever saw: scientology advertising on slashdot.
This is the type of problem that always brings me back to IPv6. One of the main selling points for IPv6 is that the larger address space allows for better address categorisation. The groups could be anything, such as geographical location (including hierarchy of state, city, etc.) to organisation type (company, educational, government, etc.). As the OP has found, trying to solve this problem on an IPv4 framework is rather unwieldy and unfeasible (seriously, good luck achieving your aim with any measure of success in the near future). For an IPv6 infrastructure, such a problem would be a relatively quick solve.
Unfortunately, as many of us are aware, IPv6 isn't here yet (currently at 1-2% adoption). A proper roll-out relies on an expensive overhaul of existing internet infrastructure, which is unlikely to happen for many years. As usual, it will take IPv4 address exhaustion to get Governments and ISPs into gear. Even then, they'll probably just apply band-aid solutions for another 5-10 years.
To answer the OP's plea: don't waste your time. You'll spend an inordinate amount of energy setting up a system that trades an increased positive-hit rate for an equally increased negative-hit rate. As irritating as it is, your current manual-approach will probably consume less time in the long run than any of the other ideas floating around, such as setting up a comprehensive IP-table of all non-local addresses.
One previously common method of authentication was call-back. You give the site your phone number, then then site calls you (and you press a digit, or answer with your modem).
Nowadays the equivilent is SMS. When they sign up, have them put in their cell number to receive an SMS, then require them to enter that code to continue. You can send SMSes via email for most carriers, so no equipment on your end. Only allow SMSes to your area code and local carriers. For people without cell phones, have them enter their landline phone number and then have a human call them.
Yes, exactly: "... you may want to be careful with IP address filtering since that can result in unexpected disadvantages when a local is out traveling."
Don't expect that your users stay in one place.
Do expect that they sometimes travel to other countries.
Actually, I do feel he is a dick.
can't possibly take advantage of the locally focused services it offers
Let's say Joe want's to go to Anytown, USA. He's never been there before. Doesn't know anyone. But from what he heard, it sounds cool. Before he decides 100% to go in the Summer, he want's more info. Joe searches the web, and finds this forum. "Perfect", he thinks, "now I'll be able to ask people who live there!" So yes, I do feel that people from say, Nowhere, USA (which let's say is on the other side of the country) can take advantage of such services.
and generally take up my time because I have to block their accounts or explain to them why they can't have access.
This is 100% your fault. Why block such accounts if all they want is info? Why not just have the only forum accessible by default be an off-topic one? And if people are from your town, enable access?
Just, FYI, you do understand this is the Internet. No forum will ever be safe from the trolls.
And it sounds like you've never had to pay for things like bandwidth and server space out of your own pocket. Maybe he wants to keep it small because that's what he can afford. Information may want to be free, but the infrastructure to host it never is.
I want a new quote. One that won't spill. One that don't cost too much. Or come in a pill.
I'm not sure he adequately explained this.
If they have no reason to access it, why do they? It sounds like they do. Maybe they get benefit out of it that the submitter doesn't understand?
Of course, if he were being a bit more specific, eg. "we get spam from other countries", that would make a lot more sense. Or even if he said, "we don't want things we discuss of a personal nature all over the world". But he didn't say that. He said, "they have no reason to look at this."
This is a local shop for local people. There's nothing for you here.
Doh...the simplest solution is to create a VPN :o)
He started by accusing a guy he has never met of being a dick for wanting to control access to a resource he provides, I seriously doubt whether he read the article or not would have any affect on his inability to interact via the internet.
Only no-tails aren't local.
"a bit too much effort"
Change the sign-up page to read the following:
Hello, this site is run by Joe, living in the yellow house down the main road. If you want to have an account on this site, just drop by at my house Sunday between 3pm and 5pm to get your account details.
Please bring some time and home-made cake. Your initial status on the site depends on the taste of the cake.
Run your main site on a port other than 80/443. Have another site listen to port 80 with a kind message to please go bugger off. Tell your visitors to go to the site with the other port. Make use of the robots.txt file so that site won't get indexed.
I'd suggest you to look into some geolocation/ipaddress database such as http://www.maxmind.com/app/city to deny access to the signup form for "foreigners".
They have two editions of their database, a commercial one and a free one which is inferior to the commercial product (in terms of accuracy). They also offer code to read from the database file or a webservice (which is not free as far I remember).
At work we're using the commercial product and we're quite satisfied, despite not being US residents and thus not having the luxury of zip codes.
Add Meta noindex nofollow to the pages served
Include robots.txt disallow everyone
This will make sure spammers cannot find your site. This worked for me for many many years. I also follow many of the other advices given in this thread.
Don't get a DNS name for the site, set up a server with a separate IP address and give that to them.
Your local audience may leave the area (either on holiday or to live) but still want to talk to people back home. This means that blanket IP Range blocking is out of the question.
What I suggest is restrict viewing the website to people who are logged in. A default splash page for those not logged in could be shown that's minimal in graphics and text, containing just the log-in form and a 'register here'.
To stop unwanted people registering a new account, you could to a blanket IP ban on the registration page ONLY, meaning that a local person can register at home, and then roam to wherever and still access the site.
someone mentioned earlier this library for blocking a range of IP's by country and this PHP class that can do it too.
Just use them on the registration page and set up a redirect for those who are not logged in (regardless of location) and you should have a nice walled in forum.
It pays to be obvious, especially if you have a reputation for being subtle.
Set-up account registration such that you can only get an account if you were referred by an existing user. You know, since you already have a good sized user base (you do, yes?). It isn't unreasonable as long as you're keeping things local. Most people should know one another, or know someone who knows someone.
But, honestly, why are you even explaining yourself to these people. An email solely with RTFM in it with a link to the page the explains what the site is about is more than enough. Seriously, stop feeding the help vampires.
ctrl+t maps.google.com such and such restaurant
Do an IP filter so only prople in your area can sign up for an account. The website can then be put on the web.
or so I have been told here on slashdot.
PS. Apple users suck.
It is hard to think a good solution without knowing what you mean by "locals" (is there a simple offline way to get them a passphrase?), what kind of users you have (will they be thrown off from the site if they have to login?), etc.
Anyway, something that might work and can be used together with other filtering methods mention by other people here is filtering by HTTP referrer field.
This is assumming that your users have alternate ("local") ways of getting the URL of your site, and you don't mind being a bit detached from the rest of the web (apparently, you don't). So what you do, is filter every HTTP request where the referrer field is not empty or inside your site. This will essentially stop people from following links from other sites (google, blogs, whatever) into your site. You will be able to enter your site only by entering your URL (like knowing the BBS phone number), and then following internal links. Of course, this is not "secure" (for someone who knows http, it is not very hard to enter directly once they realize how the filter works), but I think it will stop a lot of "casual bypassers".
Btw, if you avoid being in google (robots.txt covering your whole site) you will avoid a lot of visitors already.
Use an invitation system like Google did for GMail. Each existing user would have a dozen or so invites. They enter the recipient's email address in a form on your site, and it sends a welcome email with an invite code. Those codes could only be used one time each. Locally you could spread invite codes far and wide on your hardcopy flyers, business cards, etc, with another set of codes that allowed multiple use - say 500-1000 uses per code. When that bulk code starts running low, create a new code and post new flyers. Eventually you'll get the local saturation you desire, and those public codes could be reduced so they can only be used 50-100 times before expiring. The idea is if they get into the hands of a spambot there will only be a limited number of accounts they can create.
When a public code runs out, your website can say something like "This code has expired. You will find the latest code posted at the community bulletin board at the local post office."
Basically your advertising will be word of mouth (where the invite codes come in), or via local hardcopy posters, flyers and business cards (bulk codes). I believe the invite system would serve as a form of viral advertising in and of itself (which is probably a major reason why Google went that route).
Anyway, that's how I'd do it.
Better known as 318230.
How about Facebook?
Setup an Asterisk Callback Server attached to initial registration process. Get users to provide a local callback number via a form. (They must have a local region code ...)
Have the asterisk server ring the number as part of registration process, and have it attached to the IVR system, along with a generated pin the potential user has to enter when it dials
AEnertia
Witty, tag line goes here
Oh come on, editors! Why is there an "or" inserted in the last sentence of the summary? There is no alternative being proposed. It's simply a continuation of the preceding thought. Please have at least a basic command of the English language BEFORE you apply for an editing job! Is it too much to ask to expect people to be competent in their area of employment?
> who cares about the library shutting an hour earlier on Thursdays and the
> graffiti on the bus shelter, except the people living there?
It might be fun to troll even if you don't live there. If only local access were allowed, then the population of possible trolls would be much smaller.
Like everything else it's a tradeoff between the benefits, and the disadvantages (in this case, probably the main disadvantage is blocking access to some people who should have it).
Remember, locals come from all over the world. Can you think of a time when you need local news more then when you are away from home? Just keeping out visitors because some geolocation outfit made some guess about their IP range is gonna hurt a lot of innocent people. And does IP based geolocation even work with mobile phones? If you considder your forum delicate and in need of easy access for locals then frustrating even some of them some of the time will hurt.
If its a forum you can decide to give *more* access to the kind of locals you want, instead of trying to give less to the visitors you dont like. I would try having online trivia quizzes about local events. Then you can give those who score well and have historically contributed interesting post moderating powers.
You can also demand referrals from current members at signup. Kinda like google did when it started gmail. I like the idea of plastering private keys around the neighborhood. Maybe you could use business cards, each with a different unique number and good for one account. If people know someone in the area a unique number will make their way, but if they dont then they are out of luck. Even back in the BBS days some boards were hard to get in. I remember typing up and "application" for access to a board, and then being voted into the community by a couple of regulars. Voting out people who figured "I hav l0adz of pr0n to tr4de" would get them in was kinda fun.
If its just bandwidth thats the problem then I would really considder just paying for the bandwidth someway. Maybe small local businesses would like to advertise cheaply but think adwords ads are for people with a website rather than brick and mortar store? Maybe you can serve more intrusive ads to those without a local IP? Or... just find a way to pay for the extra bandwidth! Bandwidth can be so insanely cheap these days
If that's a girl's name, damn straight he's going to want to look at the website. :)
Just modify the TTL in your answer packets.
TTL=8 won't leave your state, TTL=3 is roughly your suburb, TTL=1 is your mom
Just run it on a non-standard port.
You sound as if you know the wanted users personally.. just tell them instead of port 80 to use whatever random port you choose.
As other posters have said, use some local identifier:
Phone books are usually by city/region:
Request that the user get their phone book for that year, go to page xx, go down xx number of entries, use that phone number for login credentials.
Don't change it too often and when someone travels, they will know the code as well.
Now, after all these years, I've finally found a use for the phone book. (haven't used one in many years, it just takes up space).
Comment removed based on user account deletion
Now, my Web-based board gets slammed by people from all over the world
Have you never wondered what "www" stands for?
"Wise men talk because they have something to say; fools, because they have to say something" - Plato
Actually, that's not just a joke.
The differences between creation privileges and evolution privileges might be significant. At least, you do want to examine the issues of context relative to the evolution of the resources your site maintains.
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
Thats where darknet comes in.
Pages not for the public are served by nfs instead of http here.
Get them to submit their address - and then use google maps to determine their longtitude and latitude. From there is is fairly straightforward to calculate the distance between a fixed location (town hall in your village) and their address. If it is more than 50 kms, then they can't subscribe.
Show users registering a photo of the city between 3 other photos from other cities. And repeat the process 2 or 3 times. If the user gets 100% success, then he is local.
Show original photos, not photos taken from Internet where people can find where are they from.
Just install some GEOIP software and do a GEOIP lookup on people when they hit the site. Putting in all those netblocks for an allow is just idiotic.
Save your self time and pain of automating ip lookups. Make your landing page a login box only adn force users to authenticate prior to any access.
Set-up a script to auto block IP addresses for a time period that fail to login 3 times.
this is not hard.
As a local small business advertiser, I would welcome a website catering to local people. The problem is not to keep non-locals out, but to get more locals in. In the newspaper biz, this is called density of circulation. I've never seen a local website that has much.
A website with as strong a local following as a popular small-town newspaper would be good for both website visitors and advertisers.
http://sourceforge.net/projects/geoip/
reduce the MHz on the web server. No need to blast it all over the planet,
Give a Hoot Don't pollute. - Woodsy Owl,
Sorry about the writing. Robot fingers, you know? Cliff Steele in DOOM PATROL #23
Or don't worry, what does it hurt if people who aren't benefiting from a website visit it?
The local advertisers won't pay for hits outside the target area.
Or, if you don't like people reading, require registration to read and make it manual.
Better yet, make it automated if and only if the person can demonstrate local knowledge, like:
"Match the following:
1. Tigers
2. Bears
3. Methodist
4. Founders
A. High School
B. Arch Rival
C. Church
D. Festival
Where the correct answers are:
Local high school = Tigers
Arch rival high school = Methodist Acadamy
Founders = name of local mega-church
Bears = mascot of annual community festival
If they fail the automated signup, have them mail you a local address or phone number for verification.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Set up a robots.txt file to tell the search engines not to index the site (or maybe only the front page), and then require a ZIP code to register. It's the find of information any local would know, and that relatively few outsiders would bother to look up - but could if they have a valid reason to want to use your site.
And then brace yourself, because you're going to get an earful from the next local person who tries to catch up with her friends back home while she's on holiday, only to be told that she's banned because she's "not local".
X0563511 got it right: Allow registered users of the web site, who created their accounts while at a local IP address and a local postal code, to view the site even at a not-local IP address.
How about creating a vpn and hosting the website as an intranet site? That would be my definition of local for networking. It also carries with it the advantage of no special configuration for people who may be traveling.
Use the public facing website to give instructions and credentials for access to the vpn. You could also use the idea posted earlier about using local landmarks as a sort of filter to get said instructions to genuine locals.
Other than putting thousands of entries in my hosts file to block IP ranges, what options do I have to restrict access to locals only?
Instead of trying to blacklist entire IP ranges on who can't access your web board, instead of a deny ruleset, put in an allow only ruleset. For example, you could plug in your university IP range only in the allow and issue redirects with a proper error message on anyone outside of the allowed range
Perhaps as part of the login you could ask a question that only a local would know, and maybe give them a couple of multiple-choice questions to choose from.
Please answer only one of:
Which local talk radio station carries Rush Limbaugh?
What restaurant is at the corner of 4th and main?
What's the name of our high school?
Of course answers like this could be found on the web, but most non-local people won't bother. And having a decent sized collection of questions so that they don't get repeated will help prevent a slashdotter from posting the answer to the question so all his readers can get in.
I often don't like the choices people make, but I like the fact that people make choices. That's why I'm a conservative.
Or implement SMS verification on account signup
The last time I checked, most land-lines in the United States do not support Short Message Service. Nor do I see how people who rely exclusively on a land-line are willing to buy a $50 prepaid mobile phone and a $20 top-up card just to sign up for one site that uses SMS verification.
Have you ever heard of a NUP ? From back in the BBS days?
If someone gave you the NUP, then you were able to apply/create an account. Otherwise, you weren't able to even apply (unless of course the sysop broke in to chat while you were applying and you were able to woo him into allowing you to create an account with some great story or reason.)
Perhaps this is something to consider... although you'd obviously have to distribute the NUP for any new users you wanted to apply for an account... which might defeat your purpose...
Just a thought..
Danny
-- Daniel R. Blair Senior Software Architect/Unix & FreeBSD Guru/DJ w: http://unixcoders.org t: @freebsd_hacker
You could try asking for the users zip code when they sign up and then check that against a list of local zip codes that you have approved as being local enough. This allows users who are traveling to still access your content to see what is going on at home.
Figure out what ISP's are in your area, and whitelist them. For example, comcast and verizon typically have the State and City in their addresses (though the city may be one close by and not the actual city). Penn State Univ also shows the campus in the address, etc.
Ah yes the 80's to early/mid 90's for me. The local computer monthly papers would have a BBS list that listed all the local dial BBSes.
I used to dial around and enjoy all the good freeware, shareware, live chats, message boards and door games.
I was a Sysop for about 7 years running my own 'Local BBS'. But it never occurred to me to not allow long distance callers to access my BBS. Heck that is what made running a BBS so much fun, was when people would actually call from GOD knows where and actually be active on your 'Local BBS'. Why would I want to discourage someone from using my BBS? Why would I punish him or her for spending their own money to call my BBS on their dime?
Now the real point. What if the person is an ex-patriot? Also known as someone who had lived locally for most of their life, but circumstances have had them move away. What about the people in your country's military who are using your site from abroad, are you going to block them because their IP is 'out of scope'?
Blocking by any method other than actually having to register and get approved for an account, is just plain crazy. Your potential users should be given a chance to explain the need to access your service. What if the so called non-local visitor is going to be exactly that? Visiting your town, city, state/provence? They may need to know about these locally relevant services. Maybe they are thinking about moving to your 'locale' and your site is what seals the deal for them!
My parting thoughts:
1) As an avid BBS user, I loved looking up so called 'Local BBS' numbers in other cities. This broadened the access I had to new sources of freeware and shareware. It even often gave access to BBS door games that no one in town had yet. Also it allowed me to communicate with friends who had moved away, prior to both of us getting on the internet.
2) You failed to explain the nature of your 'locals only please' service.
Regards,
Ryan Pritchard
Fun Extends All Basic Life Expectancies
It sounds like you're just trying to save some server resources, not run an ultra high security operation, and that you probably DO want to let legitimate users access the site even when they're travelling. The simplest thing, it sounds like, is to just ask people to enter their zip code when they register. Explain that it's a site for a certain locality and they shouldn't register if they're not from there. If they enter an out-of-area zip code, give them an error page explaining the same thing again. Don't tell them the "valid" zip codes. Yes they could look them up if they're motivated enough, but in that case you probably want to let them in anyway, i.e. maybe they used to live there and still have connections to the area, that sort of thing.
All the stuff about IP geolocation seems like a waste of resources in this context.
First, un-register it from all the search engines and deny all bots in your /robots.txt file. This will DRASTICALLY reduce your unwelcome traffic.
Second (if the first step isn't enough -- the first step really should be adequate), make it members-only. Only members can read the site content. Non-members get a "please log in or register for a new account" page. The registration should require some kind of quiz of local knowledge that you can't find on the web. You can also limit registration by IP as noted above.
This will let people visit the site from afar, so long as they registered locally with the right knowledge.
Use my userscript to add story images to Slashdot. There's no going back.
I would verify ZIP codes from my local area during account registration,.
do a search for :
$ units 1311 units, 63 prefixes You have: 3 millilightseconds You want: miles * 558.84719 / 0.0017893979 "500 miles, or a little bit more." Trey Harris
You'll figure it out...
"it's my wife's car"
1 Go to your local newsagent, supermarket, post office, church - whatever
2 Ask if you can put up a notice
If yes, job done.
If they all refuse, perhaps a notice that rates the top 10 brothels/crack suppliers in town is a bit non-u in your cultural context.
Turning an address into a physical location isn't as easy (and by that, I really mean "accurate") as people think. If you really want to, try out a free database.
The problem is that you will eventually block local users. Maybe they're traveling and like all 'net addicts they just have to "check the board" when they have 30 minutes to kill at the hotel, or maybe they're just using a circuitous route that fools your lookup.
It's not so bad if my geo-targeted ads are occasionally (3%? So they tell me) directed to the wrong people. An error rate that high for user access, though, is intolerable.
Why are non-locals visiting your site? What's the attraction?
"You are accessing a long-distance website, additional charges may apply" I wish bbs' back in the day had that back in the day. I might have not have incurred the wrath of my parents when the phone bill arrived for the first time after I discovered the joy of some out-of-state bulletin boards that had a lot of interesting files that took a while to download on my shiny new 14.4. . . but the bootleg copy of doom II beta was worth the many, many hours damnit! >.>
Insert witty sig here.
1. location based ip filtering
2. if they are not local then offer an alternative method to gain access (local question or login)
least impact, most effect.
There are APIs for accessing Maxmind's geoip dbs in just about every web server language you might be using. And if you're using something really obscure, you could implement it yourself or link with the C lib.
There are 0x40000000 types of people: those who understand 32-bit IEEE 754 floating point, and those who don't.
Use citadel - citadel.org
Actually, you can set filters right in apache, at least at a country-level (I haven't tried cities).
For example, some sites like the block China/Russia because of the massive number of hack-attempts and lame SPAM that come from those countries. I've not tried blocking anything *not* from a given region, but I'd imagine is should be doable in a similar way.
Rather than potentially faulty IP-based geo-location, how about making the first page of you site ask the user what country they are from, followed by state/province, and city? Save a cookie in their browser with their selection and it will have a minimal impact on the sites usability.
There are lots of good reasons to do such filtering. Note the joking comment about 4chan elsewhere in the discussion. Managing an online community is a lot of work, but it's a great deal easier when its participants are a member of the same physical community. Those face-to-face encounters do a lot to defuse online anger.
He's not worrying about "what is of use to other people," he's worrying about what is of use to him. That's not self-centered, that's just smart product development.
Two words: wire cutter
URL?
No SIG for you!
Sure, but there wouldn't be account deletion on the grounds of non-locality if only people who met whatever the criteria for "locality" are were able to create accounts in the first place. Personally, I think a big problem with automating this is that there doesn't appear to be a concrete set of criteria. Given that, the best idea may be to require an in-person, face-to-face meeting at which it can be verified that the applicant is a genuine "local" prior to creating an account. To scale up, allow certain privileged users with the trust of the site owner to validate accounts rather than requiring the site owner to do all the face-to-face meetings himself.
If the concept of "local" involved is one which requires an ongoing connection, you might also require all users to be revalidated by an administrator periodically (e.g., annually) or have their accounts automatically suspended.
Maybe I should setup an BBS also for my local area.
For fun!
Well, Country based IP blocking, Or close the registration system and let people ask for accounts.
Or do something like a invitation code system like demonoid has.
Well, That are all my ideas.
Good luck!
1) Ask new visitors to enter their ZIP code.
2) Check the ZIP code against a simple array of "acceptable" local ZIP codes.
3) Store it as a cookie in their browser (so they don't get asked over and over)
Remote users (from Kentucky or Afghanistan) have no idea which of the thousands of available ZIP codes you'll accept visitors from, but local users who give you a simple and honest answer will be allowed in quickly.
Brute-forcing your valid ZIP codes is certainly possible, but not worth the trouble.
You can run but you can't hide, except, apparently, along the Afghan-Pakistani border.
I would love to know what kind of site it is that's getting "slammed by people from all over the world" but which "couldn't possibly be of interest" to anyone but the residents of Jerkwater, USA. Because -- clearly -- these users think that it is of interest to them.
You certainly have a problem, but I'm not sure it's the one you think it is. Sounds like you should expand the scope of your site, gain a billion world-wide users, and stop turning potential users away.
Callback number field = "911" or "$googled_local_police_number" or "$googled_local_crisis_hotline" or etc...
Now the problem is white/blacklisting the callback system.
wget your_web_page | lpr -# 100 Then glue the printouts on the billboards located close to your target community.
What's that? Is it a VPN? Is it a P2P? No! It's...DARKNET!
Normality is now: overrated.
Very simple... Grab a free MaxMind GeoIP database from http://www.maxmind.com/ and integrate it into your sign-up process. Done!
I just wasted your mod points! HA!
http://www.maxmind.com/app/city
Not a plug for them but its fast,easy and has an apache module and php extension that calls its files. There is also a free version.
Agreed, but easily manageable
The only way this will work is if you make the site by invitation only and then it is not a good idea.
Think of "What you are trying to do?"
While I travel, no access to my local favorite site. When I move away, I can't participate in my local interest anymore. You force me to dis own my friends in this country, town.
If you want to keep it local, ask people for something that ties them to the group: Who do they know (let the person confirm), where do they live (don't need to publish that info), etc. But don't cut the greatest feature of the Internet (making the world a village).
Busy helping non technical users of OpenOffice.org - http://plan-b-for-openoffice.org/
Why not allow registration from local IP addresses only and login from any IP so that if one of your users is traveling around he/she can still use the site.
Are you living in the future or something? In my day, only the wealthiest of people (royalty, aristocrats) could afford 1200 baud. Everybody else used 300 baud acoustic-couple modems, or newspapers.
... and then they built the supercollider.
Go back to you BBS, and Gopher protocols. We've no more use for you here.
/* oops I accidentally made a comment, sorry */
A local forum I am a member of keeps things cleaned up by not allowing unregistered viewers access to anything more than a welcome message, and anyone who registers an account must be vetted by a current member of the forum. They still get the occasional spammer trying to register, but they are automatically denied if it looks suspicious of if no one knows who it is.
Just make the sign-up form ask a question that all the locals can easily answer.
If I were doing one for Galion, and non-locals or bots were making a nuisance of themselves, I'd probably ask something like "The haunted house that the Jaycees run every October is on the corner of which two streets?" or "What's the name of the drug store on the square?" or perhaps "Who teaches US Government at Galion High School?" That would let in people who used to live here or have family here even if they aren't located here currently, but on the whole that's probably a good thing.
Of course, it's not worth messing with this at all unless you are having an actual problem. In most cases I would not expect any significant number of non-locals to find or bother molesting a site of purely local interest.
Cut that out, or I will ship you to Norilsk in a box.