Google Says Blocking Countries Outside of the US is Against

[janeth]

This is a bit much.

Google says they will ban you if you block people from viewing your site.

Google Says Blocking Countries Outside of the US is Against Policies

If you are being spammed by a bunch of guys in India and would like to block the whole country, you better rethink.

[Tech Manager]

I suppose Google should stop helping China block content from outside the country.

I do a lot of work in regards to blocking traffic by country. So far I have seen absolutely no effect on any website taking appropriate steps to block an IP, an IP range or an entire country.

[janeth]

Quote:

Originally Posted by Tech Manager

I suppose Google should stop helping China block content from outside the country.

I do a lot of work in regards to blocking traffic by country. So far I have seen absolutely no effect on any website taking appropriate steps to block an IP, an IP range or an entire country.

I agree and have had to do it for clients in the past. Sometimes it is the only way to save a site.

[crankydave]

Let's see... an ecommerce site that only services a particular region, regularly receives attempts of credit card fraud from outside that region, blocks those particular IP ranges, is going to be considered to be cloaking?

Is it April 1st or sheer lunacy?

Dave

[wige]

But think about this from Google's standpoint. As a search engine, Google can't tell what parts of the world you are blocking from accessing your site, at least reliably, and Google may not have a system in place to filter out your site from the results when people in those parts of the world run searches.

Google has stated repeatedly that their goal is to provide the best possible search results, and avoid users from clicking into an error message. If IP filtering is perceived by Google to make their results look faulty to those who are blocked, would you not expect them to take action, up to dropping the sites that do this?

[janeth]

Quote:

Originally Posted by wige

But think about this from Google's standpoint. As a search engine, Google can't tell what parts of the world you are blocking from accessing your site, at least reliably, and Google may not have a system in place to filter out your site from the results when people in those parts of the world run searches.

Google has stated repeatedly that their goal is to provide the best possible search results, and avoid users from clicking into an error message. If IP filtering is perceived by Google to make their results look faulty to those who are blocked, would you not expect them to take action, up to dropping the sites that do this?

It's what I was thinking as well, but for the site owner it's a loose, loose situation.

[crankydave]

Quote:

Originally Posted by wige

But think about this from Google's standpoint. As a search engine, Google can't tell what parts of the world you are blocking from accessing your site, at least reliably, and Google may not have a system in place to filter out your site from the results when people in those parts of the world run searches.

Google has stated repeatedly that their goal is to provide the best possible search results, and avoid users from clicking into an error message. If IP filtering is perceived by Google to make their results look faulty to those who are blocked, would you not expect them to take action, up to dropping the sites that do this?

I see, Google's business model can't "reliably" do something so the answer is to make it a violation of their guidelines to do so? That's rich.

Quote:

Dear Google

These people keep coming to "my house" and stealing from me. Is it okay if keep them out of my house?

Dave

Quote:

Dear Dave

No it is not. That would be evil. You have to let them in your house or we will punish you.

Google

[Tech Manager]

I'm beginning to wonder whether George Orwell wrote the rulebook for Google.

Google might want to be the best, most accurate Search Engine around, but they aren't going to stay their if they require people to dumbdown their security to accomodate Google results. If Google wants to penalize me for blocking Russia, China and Korea they can do so without penalizing websites with the rest of the globe.

[Tech Manager]

I haven't noticed anything in Googles rulebook that declares cloaking to include denying access to certain IP ranges.

Cloaking, sneaky Javascript redirects, and doorway pages

I suppose you could stretch the rule to suggest serving no content is the same as serving different content.

[Webnauts]

John Mu at Google said:

"Blocking all users outside of the US from being able to see your site would likely be considered cloaking and would be against our Webmaster Guidelines. Instead of blocking these users automatically, I would recommend that you add blocks based on the user's activity, not based on his location. "

And I think that is pretty fair.

[Tech Manager]

Quote:

Originally Posted by Webnauts

John Mu at Google said:

"Blocking all users outside of the US from being able to see your site would likely be considered cloaking and would be against our Webmaster Guidelines. Instead of blocking these users automatically, I would recommend that you add blocks based on the user's activity, not based on his location. "

And I think that is pretty fair.

I have no sites that only allow USA access, but regardless, I think John Mu is entirely incorrect. Sure, blocking based on user activity might be preferable, but it can be impossible for some webmasters. I manage a significant number of servers and networks. Malicious traffic from Russia, China, North Korea and a myriad of other locales can be highly disruptive to email servers, websites, intranets, etc. Is it more expedient for me to spend my time actively responding to the behavior of traffic that is 99.9% malicious or is my time better spent blocking the traffic entirely?

As an IT Manager I don't plan security and protection of sensitive data around the whims of Google, Yahoo, MSN or others. I have an obligation to the clients I support to keep their sites, servers and traffic as safe as possible.

Strong Security is multifaceted. When it calls for blocking a range of IPs or an entire country I will do so.

Is Google going to penalize you for relying on SBL, PBL, XBL lists to identify IP addresses and IP ranges of spammers? Are they going to penalize you for blocking known IP ranges of comment spammers, brute force attackers and email harvesters?

Prevention is the first line of defense. If my security becomes solely based on behavior instead of proactive prevention, I have failed.

[crankydave]

Quote:

Originally Posted by Webnauts

John Mu at Google said:

"Blocking all users outside of the US from being able to see your site would likely be considered cloaking and would be against our Webmaster Guidelines. Instead of blocking these users automatically, I would recommend that you add blocks based on the user's activity, not based on his location. "

And I think that is pretty fair.

Except that "users" are not assigned individual IP's. Blocking a particular IP or IP range prevents everyone in the "region" from access not just the individual.

Dave

[Tech Manager]

Excellent point Dave.

[Martinscholes]

If someone in -say- California attacks a website in Washington State but uses spoof ips of -say- Holland, then the website in Washington State would block Dutch ips, whereas the real villain is in California, laughing his socks off.

[Tech Manager]

A spoofed IP attack is not quite as simple as your post would lead someone to believe. IP spoofing doesn't truly hide your actual IP. Generally speaking, IP spoofing does not generally allow for a normal network connection. This type of activity generally entails a blind spoof.

While IP spoofing can happen it is more common to see various other attacks.

[Webnauts]

Quote:

Originally Posted by crankydave

Except that "users" are not assigned individual IP's. Blocking a particular IP or IP range prevents everyone in the "region" from access not just the individual.

Dave

Already my team Information Architect is working on a script that blocks suspicious bots by IP for 24 hours, and then get unblocked. This thread is a good hint to extend that also for bad visitors. I will discuss that with him tomorrow to see what and how that would be possible.

[Tech Manager]

Quote:

Originally Posted by Webnauts

Already my team Information Architect is working on a script that blocks suspicious bots by IP for 24 hours, and then get unblocked. This thread is a good hint to extend that also for bad visitors. I will discuss that with him tomorrow to see what and how that would be possible.

Let us know.

[Webnauts]

I was also thinking about something else.

We get in average 8-10 emails a day from Indian companies, offering links building, etc services, mentioning that they conform to the US CAN-SPAM law. We report all those mails as spam, since that law is not valid in Germany were we are located. In Germany unsolicited emails, no matter which nature, are strictly forbidden.

Now they began using our contact form. We created an IP based script which we wanted to add in our contact form, which would redirect all India visitors to our homepage instead.

Before we had the chance to go live, we read the thread at Googles Webmaster Help Center, which Janeth shared here too.

Looks like we only have two options:

1. Disallow our contact page in our robots.txt and implement our script.

or

2. Extend the script by blocking the transaction of the mail if the visitor comes from India.

In both cases it will not be cloaking. I assume the 2nd option would be possible and I obviously prefer, since I do not want my contact page to be de-indexed. I will check that with our IA too.

[Webnauts]

Quote:

Originally Posted by Martinscholes

If someone in -say- California attacks a website in Washington State but uses spoof ips of -say- Holland, then the website in Washington State would block Dutch ips, whereas the real villain is in California, laughing his socks off.

This is what we also planning to implement: Http:BL Application Programming Interface (API) | Project Honey Pot
Worth to have a look.

Upon the chance, allow me to refer you all to the excellent service:
Distributed Spam Harvester Tracking Network | Project Honey Pot