Blocking countries : The big Google Ads issue

nlaruelle

Member
Sep 4, 2017
13
3
3
Belgium
cPanel Access Level
Website Owner
Hello,

Recently, I was very proud of myself to make a good optimisation to my cPanel servers, and lowered the server load !

I identified in cPHulk that some IPs from countries attacks more than others.

And some countries are absolutely not in my customers target.

Then, I played to block these countries, through cPHulk, CSF and Imunify360 :

Argentina
Azerbaijan
Bangladesh
Brazil #this one, I was not confident, but I did
China
Colombia
Iran
Iraq
Pakistan
Russia
Serbia
Sudan
Ukraine

Also, Morocco, Vietnam, Thailand, South Korea and Philippines are countries which from I have a lot of attacks.
But I have customers living over there, so I cannot block these frequented countries.

So, here, my list of 13 (winners) blacklisted countries :
AR,AZ,BD,BR,CN,CO,IQ,IR,PK,RS,RU,SD,UA

The beautiful dream was not long !

I get errors from Google Ads : cannot start a new campaign :

> Not eligible : Disapproved (Destination not working)

(see attachment below)

Do you know that Google require your website to be accessible all around the world, even if you don't target these countries :

> Destinations that don't function properly or have been incorrectly set up
> Examples: A site that returns an HTTP error code, such as 403 Forbidden or 404 Not Found;
> a site that doesn't work in all locations or on common browsers and devices; DNS lookup errors;
> internal server errors; site under construction


Source :
https://support.google.com/adspolicy/answer/6368661?hl=en

I ask to the Google Support a confirmation, and they told me :

> Your site cannot work properly for all locations :
> Thank you for sharing the "uptrends" screenshot with us. However, when I used another internal tools to check on the URL "Example Domain". It is showing unavailable to countries like Brazil… Appreciate if you can help to check on this again.


As the WordPress plugin Wordfence have a Blocking Country feature, they talk well about this :

> Please note that if you are using Google Ads (formerly Google AdWords) on your site, you may get penalties for blocking access to your site. If you are using Google Ads, we recommend you only use Country Blocking to block access to the login form. Note that there is no way to get around the Google Ads policy. Google Ads does not allow any participant to block any country from viewing pages at all, even if you have told Google Ads to not show adverts in that country. If you are a participant, you can only block access to the login form. If you get a warning from Google Ads, uncheck “Block access to the rest of the site (outside the login form)” to fix this.

Source :
https://www.wordfence.com/help/blocking/country-blocking/

The reality is clear :

I cannot block the whole access to my servers for certain countries, because I have some customers who want to run Google Ads to their websites, and Google require your website to be accessible from every country in the world, expected maybe some countries (China ? Russia ? Embargoed regions (src) : Crimea, Cuba, Iran, North Korea, Sevastopol, Sudan, Syria ? dunno)

So my question is :

Do you know a way to restrict some things (a kind of hardening) for my 13 countries. Maybe restrict access to wp-login.php pages, cPanel connection page, some protocols SMTP, FTP, etc, totally for certain countries but allow the countries to read the frontend of the HTTP(s) websites ?

I mean, restrict access to certain countries, only to sensitive areas but not restrict them to visit the frontend of websites ?

Exactly like is suggested by Wordfence here :
> you can only block access to the login form

Then, it's OK for Google Ads, and it's OK for the server load and security concern.

For your info, I am a CloudLinux user.

Thanks in advance for your experience.
 

Attachments

Last edited by a moderator:
  • Like
Reactions: ZenHostingTravis

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
6,923
912
313
cPanel Access Level
Root Administrator
Hey there! Thanks for posting that, as that is good information to have about the Google Ads tools.

I don't have anything on my end that would restrict access to certain resources based on country codes - it is either an "all or nothing" system when blocking countries. Wordfence is a specific tool that may have this option, but cPanel itself doesn't have something like that.

I'd recommend making a feature request to see if that is something we could implement in the future.
 

nlaruelle

Member
Sep 4, 2017
13
3
3
Belgium
cPanel Access Level
Website Owner
Thanks cPRex !

I was thinking it is an important feedback to share here for people lost in Google about this recurring issue. Can make hosting provider searching a lot why customers ads cannot be approved.

For my Countries Grey List feature request… Am I wrong ? After looking further, the cPHulk Country Blacklist seems to work as expected :

> Select which countries you want to block, click the gear icon on the right of the list, and select the Blacklist Selected Countries option. Now, users from the selected countries will not be able to log into mail, FTP, cPanel.

Source : Plot Host


It was obvious ?? I was so confused with my Google Ads issue and my both firewall software, I forget cPHulk is for on Brute Force logins.

I am just not 100% sure about wp-login.php, because I am used to ask final user to move their wp-login.php page somewhere else. What 90% of customers are doing (lucky). So, it seems I don't have many "failed WordPress login" in my cPHulk History log.

Anyway, I restore my 13 countries in the cPHulk Blacklist only (in Country Management) and it seems to work as excepted.

Thanks and see you later :)
 
  • Like
Reactions: cPRex

ZenHostingTravis

Well-Known Member
PartnerNOC
May 22, 2020
275
95
28
Australia
cPanel Access Level
Root Administrator
Rather than move the wp-login.php page somewhere else, you could block attacks using CSF (see below):

# XMLRPC if (($globlogs{CUSTOM2_LOG}{$lgfile}) and ($line =~ /(\S+).*] "\w*(?:GET|POST) \/xmlrpc\.php.*" /)) { return ("your ban comment",$1,"XMLRPCorWHATEVER","3","80,443,21,25,22,23","1"); }
# WP-LOGINS if (($globlogs{CUSTOM2_LOG}{$lgfile}) and ($line =~ /(\S+).*] "\w*(?:GET|POST) \/wp-login\.php.*" /)) { return ("your ban comment",$1,"WPLOGINorWHATEVER","3","80,443,21,25,22,23","1"); }

Sourced from: Blocking Wordpress Login and xmlprc attacks with LFD - ConfigServer Community Forum
 
  • Like
Reactions: nlaruelle and cPRex