Thanks to crazy thinks like the EU VAT laws, sometimes we really have to know where people are coming from when they visit our sites. The problem with this is … how?
There’s a cool extension for PHP called GeoIP, which I’ve finally installed on this server (along with my upgrade to PHP 5.5 and some other things, yes, still on Apache, shut up Otto). The extension comes from MaxMind, who also have a pure PHP version you can use. I’m not because the GeoLite2 databases are distributed under the Creative Commons Attribution-ShareAlike 3.0 Unported License and that means I can’t include it in a WordPress plugin.
But that really made me wonder why it was okay not to attribute Maxmind when I used it via Pecl. I mean, technically I should, right? But where and how? I ended up putting a note in my site footer, to say that the site used the Maxmind DBs, but I haven’t included any note about that in my plugin since the DBs are included in the plugin, just called if the functions are found. It’s on you to install and attribute as needed.
Installing mod_geoip
Installing this is simple, from a server admin perspective.
Since you can’t use the yum install on Apache 2.4, I got to use a cPanel Custom Module, which meant running this:
wget http://easyapache.cpanel.net/optmods/custom_opt_mod-mod_geoip.tar.gz tar -C /var/cpanel/easy/apache/custom_opt_mods -xzf custom_opt_mod-mod_geoip.tar.gz
And then I ran an EasyApache build. That was fine, I needed to do that anyway. Once that was done, I installed the pecl for GeoIP:
pecl install geoip
Done. Optionally you can add it to apache in either your .htaccess or (better) a conf file for your whole server:
<IfModule mod_geoip.c> GeoIPEnable On GeoIPDBFile /usr/local/share/GeoIP/GeoIP.dat </IfModule>
What about upgrades?
Every month you don’t upgrade your geoIP DB, the more your site sucks. Someone quoted a statistic that every month you don’t upgrade the DB, the accuracy drops by 1.5%. I can’t validate that, but I’d believe it.
Upgrades are fairly painless, thanks to geoipupdate, though it doesn’t include the IPv6 files for some reason. Still, being able to toss this into crontab makes my life easier:
38 15 * * 5 /usr/local/bin/geoipupdate
Of course… I did notice that there’s a new MaxMind DB Apache Module.
If you’re on nginx, you can grab the nginx geoip module too.
What if I can’t install PHP modules?
By request, I’d already added in the GeoIP2 PHP API to my wee little plugin. Not everyone can use mod_geoip or mod_maxminddb, after all, so it’s good to have options. And with this option, you have the question of how to update since geoipupdate won’t work anymore.
If you want to go hardcore, you can Auto-update your GeoIP databases with Cron via that very robust script. Or if you’re simple like me, it’s a geoip.sh script in your ~/scripts/ folder:
#!/bin/sh cd /home/username/public_html/wp-content/edd-pec-geoip wget -q http://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.mmdb.gz gzip -d -f GeoLite2-Country.mmdb.gz
And then I have this in my crontab:
30 22 2 * * /home/username/scripts/geoip.sh
Which is a lot easier for a lot of people.
Comments
5 responses to “GeoIP Options”
This is also a handy way to block wp-login.php attacks. You can just allow every IP from whatever country you are in. That wouldn’t admittedly work so well for the likes of yourself, since a lot of the attacks originate from the USA, but when I was in Norway, I was able to totally block all login attempts by only allowing Norwegian and New Zealand IP’s (I host a site used by New Zealanders).
@Ryan Hellyer: That’ll work right until I go to Canada or Europe or Japan and get pissed off I can’t log in, and forget that I did this.
If you have CloudFlare in front of your website, you can grab the country code from its CF-IPCountry custom header, accessible through `$_SERVER[‘HTTP_CF_IPCOUNTRY’]` in PHP. No additional software required.
@Ross McKay: I suppose I can fold that into my code, but I wouldn’t want to make an assumption that people use cloudflare. I mean… I don’t.
I wish this was available *before* someone accesses your site… it might save the mountains of stuff I have to put in .htaccess to block visitors from certain countries based on IP… I seem to be attracting a lot of Ukraine based would-be-hackers at the moment :-/