GeoLite Database

GeoLite Database

by Doug Moody -
Number of replies: 1

I usually post in the general topics, but this question properly belongs her, I think. If not, then please direct me to where I should ask.

Anyway, what got my attention recently was that I was reviewing logs of my moodle and have been noticing lately that I am getting hits from IP addresses all over the globe. I suppose these are people fishing for ways to exploit my site, and I know they are not students, since this term is over. So, I went to the address lookups in site admin and it informs me that the locations I am seeing can be wildly different than where they are actually coming from, and advises that I install the GeoLite City database from MaxMind.

OK, but I don't see how to do that. I am asking for some kind person here to walk me through how to actually install this database so that I can more accurately track site visitors and potentially block them.

Related to this question is whether or not I should block a geographic area or not. My students live in one large geographic area (a U.S. state) and I don't want to block them if their IP address should by chance be outside that zone (not sure if I can do this). But if anyone has advice on how to narrow logins to one specific area, I would be very appreciative.

Thanks in advance.

Average of ratings: -
In reply to Doug Moody

Re: GeoLite Database

by Ken Task -
Picture of Particularly helpful Moodlers

mkdir /var/www/moodledata/geoip

cd /var/www/moodledata/geoip/

wget the file they say to download ... a tar.gz

tar zxvf *.tar.gz or .tgz

chown apache:apache ../geoip/ -R

The location seen for an IP is only as good as the data you downloaded.

Blocks of IP addresses get re-assigned/re-allocated all the time.

Doing DNS checks on every access will slow things down ... besides that, DNS can be spoofed ... so what's the point?

Not sure I'd use the ip blocking in Moodle.   Best way is to do it at the network level ... but that too could be a 'catch 22'.

Do your students use smartphones or tablets?   Some of those 'strange IP addresses' you see really could be a carrier IP ... AT&T, Verizon, etc..   And if a kiddo went to 'grandma's' or uncles, or XXX?

At one time, I embarked on using an add on to apache to limit access by IP blocks.  Futile effort.

If you go the block route ... you'll have to map the entire globe.

If you go the allow route, there are always exceptions ... like student/parent ... even you on vacation in Florida using hotel/motel WiFi that will bite ya.

Best approach might be to make sure you are running a supported for fixes to code and security updates version of Moodle.   Moodle security is really pretty good.

Good luck! ;)

'spirit of sharing', Ken


Average of ratings: -