I have a web app that has no users in the Philippines, but is constantly bombarded by spammers, carders testing cards, and other undesirable activity from there. I can see in the logs that they have IPs in the Philippines and are initially finding my site via google.ph or other .ph
sites.
I have pretty good filters and security checks in place, so they don't really cause much damage, but nonetheless, I'm really getting tired of it. They use up bandwidth, fill up my database, abuse logs, and security logs with crap, waste my time terming accounts, etc.
While the vast majority of Philippine citizens aren't spammers, and I can't just block every country that annoys me, at this point, I think the solutions is simply to block all traffic from the Philippines to my webapp. (I know blocking entire countries' IP blocks is not a great practice, and has many problems, but for this country, I want to make an exception.)
(I know they could spoof their IP address, but at least I can make them work for it a bit.)
I know there are a few geoip services out there. Anyone know of any free or inexpensive services? Or any other way to filter out traffic from a specific country?
I'm running PHP on Apache 2, if it matters.