Forum Discussion

Benjamin's avatar
Benjamin
Mentor
8 years ago

How to implement country bans

For compliance reasons, we want to ban users or at least raise a flag for our staff as soon as a user from a country under embargo wants to interact with us.

 

Given the fact that IP ranges can vary and the lists are huge, what would be the best way to go about implementing this?

  • ChiaraS's avatar
    ChiaraS
    8 years ago

    you could call a webservice (like http://ip-api.com/docs or https://db-ip.com/api/) on user login to get the country (users could still go thru proxies, so not 100% accurate) and for example send a PM to a moderator in case of a specific country.
    You could store the country value either in the default "Location" user field or into a custom one.
    You could even ban the user via REST automatically (/t5/Developer-Documentation/bd-p/dev-doc-portal?section=commv1&leaf-id=User.moderation#User.moderation.ban ) but I wouldn't advise to do that.

  • ChiaraS's avatar
    ChiaraS
    Lithium Alumni (Retired)
    8 years ago

    you could call a webservice (like http://ip-api.com/docs or https://db-ip.com/api/) on user login to get the country (users could still go thru proxies, so not 100% accurate) and for example send a PM to a moderator in case of a specific country.
    You could store the country value either in the default "Location" user field or into a custom one.
    You could even ban the user via REST automatically (/t5/Developer-Documentation/bd-p/dev-doc-portal?section=commv1&leaf-id=User.moderation#User.moderation.ban ) but I wouldn't advise to do that.

    • VarunGrazitti's avatar
      VarunGrazitti
      Boss
      8 years ago
      Yes, we have done a similar implementation to redirect users based on their geo locations using the 3rd party API services. Works great!
  • Fellsteruk's avatar
    Fellsteruk
    Boss
    8 years ago
    I've had a simpler issue but solutions are limited. IP addresses can be spoofed so an IP ban isn't a great solution, i ended up banning email domains but again not perfect.

    If you want to glad with agents why not do a custom component on the post page which displays a flag if the user has post from a given range of ip,s?

    Again not an exact science as they can and in my experience are spoofed at lot in my community