Bot Detection

Geolocation

Blocks requests from banned countries and penalizes IPs with incomplete or missing geolocation data.

The geolocation checker evaluates the richness of the client IP's geolocation data and optionally enforces a country blocklist. Legitimate residential and business IPs resolve to complete geolocation records with all geographic fields populated. IPs from proxies, VPNs, and certain datacenter allocations often return records with many null fields.

This checker runs in the heavy phase. It reads geolocation data already resolved from the MMDB database.

How It Works

Country blocklist: When bannedCountries is non-empty, the checker compares the resolved ISO 3166-1 alpha-2 country code against the list. A match applies the full banScore to the visitor's total, triggering an immediate ban. This check runs first before any field validation.

Missing geo fields: The checker validates nine geolocation fields independently. Each missing or null field applies its own penalty. The fields are: country, region, latitude/longitude, district, city, timezone, subregion, phone code, and continent. A residential IP in a well-covered region typically has all fields populated. An IP behind a VPN or in a poorly covered allocation may be missing several.

Configuration

server.ts

await defineConfiguration({
  store: { main: { driver: 'sqlite', name: './bot-detector.db' } },
  checkers: {
    enableGeoChecks: {
      enable: true,
      bannedCountries: ['KP', 'CU'],  // ISO 3166-1 alpha-2 codes
      penalties: {
        countryUnknown: 10,
        regionUnknown: 10,
        latLonUnknown: 10,
        districtUnknown: 10,
        cityUnknown: 10,
        timezoneUnknown: 10,
        subregionUnknown: 10,
        phoneUnknown: 10,
        continentUnknown: 10,
      },
    },
  },
})

All weights live inside the penalties: {} sub-object.

bannedCountries

string[]

List of ISO 3166-1 alpha-2 country codes to block. Requests from these countries are banned immediately. Default: [].

countryUnknown

number

Penalty when the country field is missing from the geolocation record. Default: 10.

regionUnknown

number

Penalty when the region/state field is missing. Default: 10.

latLonUnknown

number

Penalty when the latitude and longitude are missing. Default: 10.

districtUnknown

number

Penalty when the district field is missing. Default: 10.

cityUnknown

number

Penalty when the city field is missing. Default: 10.

timezoneUnknown

number

Penalty when the timezone field is missing. Default: 10.

subregionUnknown

number

Penalty when the subregion field is missing. Default: 10.

phoneUnknown

number

Penalty when the phone dialing code is missing. Default: 10.

continentUnknown

number

Penalty when the continent field is missing. Default: 10.

Reason Codes

Code	Trigger
`BANNED_COUNTRY`	The resolved country is in the `bannedCountries` list.
`COUNTRY_UNKNOWN`	Country field is missing from the geolocation record.
`REGION_UNKNOWN`	Region field is missing.
`LAT_LON_UNKNOWN`	Latitude and longitude are missing.
`DISTRICT_UNKNOWN`	District field is missing.
`CITY_UNKNOWN`	City field is missing.
`TIMEZONE_UNKNOWN`	Timezone field is missing.
`SUBREGION_UNKNOWN`	Subregion field is missing.
`PHONE_UNKNOWN`	Phone dialing code is missing.
`CONTINENT_UNKNOWN`	Continent field is missing.

Country blocklisting bans the visitor immediately and applies to all IPs that resolve to the blocked country, including VPNs, Tor exit nodes, and residential users in that country. Confirm your legal and business requirements before adding countries to bannedCountries.

Each missing geo field adds only 10 points by default. The cumulative effect of many missing fields is what provides signal. A completely empty geolocation record (all nine fields null) contributes 90 points, close to the default banScore of 100.

UA & Header Analysis

Known Bad User-Agents