Closing the Door

The basis of this approach is that it’s better to prevent problems than to fix them, so to that end; I’ll attempt to block the offending visitors at the server level, preventing them from ever entering my site. The main tool for doing this is a geo-IP redirect added to my .htaccess file:

• Asian:
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^CN$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^HK$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^MO$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^MY$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^SG$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^TW$ [NC]
RewriteRule ^(.*)$ https://chinese.url [R,L]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^JP$ [NC]
RewriteRule ^(.*)$ https://japanese.url [R,L]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^KP$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^KR$ [NC]
RewriteRule ^(.*)$ https://korean.url [R,L]

• Illegal and/or High Fraud:
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^AE$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^AF$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^AL$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^AM$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^AZ$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^BG$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^BH$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^BR$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^BY$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^CR$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^CU$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^CZ$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^EE$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^EG$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^GE$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^HR$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^HU$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^ID$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^IL$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^IN$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^IQ$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^IR$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^JO$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^KG$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^KH$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^KW$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^KZ$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^LA$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^LB$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^LT$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^LV$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^LY$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^MD$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^OM$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^PH$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^PK$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^QA$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^RO$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^RU$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^SA$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^SD$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^SI$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^SK$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^SY$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^TH$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^TJ$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^TM$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^TN$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^TR$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^UA$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^UZ$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^VN$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^YE$ [NC,OR]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^YU$ [NC]
RewriteRule ^(.*)$ https://garbage.url [R,L]

This code, which you can copy and paste, allows for separate targeting of Asian traffic with redirects to Chinese, Japanese and Korean websites, while blocking “high fraud” countries, redirecting them to a “garbage” URL.

You can find a list of the country codes that you'll need to build your own list here.

As I said, this is the main tool, but not necessarily the only tool. Criminals will often use proxy and other no-referrer means of hitting your site and this must be dealt with as well, but that’s a story for another day.