...

View Full Version : Website under attack! I need to find IP to ban them



pilty
04-03-2007, 11:24 PM
Hi there. I work really hard to have a website with a bit of everything for everyone. Lately though I have been getting some obscene posts. The result is that I have to keep emptying my shoutbox so that I can keep my site family friendly. Is it possible to put in something that will send the abusers IP address to a file that I can view? If all visitors IP's are logged I will be able to narrow it down.

iLLin
04-04-2007, 01:02 AM
You can use .htaccess. That should be a simple solution for you.

Spookster
04-04-2007, 02:38 AM
Have you checked the web server log files? Is this your server or are you using a commercial host? Are they running apache or IIS?

_Aerospace_Eng_
04-04-2007, 03:44 AM
And what shoutbox are you using?

pilty
04-04-2007, 12:27 PM
And what shoutbox are you using?

The one on the freewebs website. I don't know what it's called.

pilty
04-04-2007, 12:28 PM
Have you checked the web server log files? Is this your server or are you using a commercial host? Are they running apache or IIS?

It's a commercial host and I don't know what thet are running. How do I check the server log files?

pilty
04-04-2007, 12:31 PM
You can use .htaccess. That should be a simple solution for you.

How do I implement that?

Spookster
04-04-2007, 01:34 PM
It's a commercial host and I don't know what thet are running. How do I check the server log files?

Did they give you shell access to the server? Does it come with a web based control panel?

pilty
04-04-2007, 01:39 PM
Did they give you shell access to the server? Does it come with a web based control panel?

I feel so stupid. I don't know the answers to your questions but, I can add "raw HTML" to my paragraphs in the editor that the site uses if that helps.

iLLin
04-04-2007, 02:52 PM
Do you have FTP access?

CFMaBiSmAd
04-04-2007, 03:00 PM
The one on the freewebs website. I don't know what it's called.The lack of information you can give us about the script and your server setup will make it difficult for anyone to give specific direction on what to do.

Most major scripts have support forums where you can get current, up to date, and detailed support, often from the script's author. There may be a version update or a user contributed patch that addresses either IP logging/banning and/or bad content or HTML content injection. Therefor, I recommend that you see if there is a support forum for the specific script that you are using.

In the meantime, while you sort out what you need to solve this problem, disable this feature on your web site.

pilty
04-04-2007, 03:10 PM
I police the site rigorously and empty the shoutbox any time that the person posts. I'll take a look at the www.freewebs.com site and see if there is anything in the help files. Is it possible that I could include some javascript in a paragraph on the page in question to reach my goal? Thankyou for all the help. I really appreciate it.

Chris (Crazy Englishman)

pilty
04-04-2007, 03:20 PM
Do you have FTP access?

No. I can change to HTML only instead of the sitebuilder that they provide but, I don't really feel confident enough yet to do the whole page in HTML.

pilty
04-04-2007, 03:28 PM
The live help on the site says that I can upload a javascript chat box and embed it in a "Raw HTML" paragraph. Can anyone advise me on a good one to use please?

Spookster
04-04-2007, 04:56 PM
I feel so stupid. I don't know the answers to your questions but, I can add "raw HTML" to my paragraphs in the editor that the site uses if that helps.

I don't provide answers via PM. In your PM you said you do have a control panel.

Does the control panel have a name? Many web hosts like to use cPanel. Many control panels will have a feature to allow you to look at or download the log files for your site. If not you will either need shell access to get to the log files or FTP access to get to them. At this point you should probably ask your web host tech support to help you find the log files. The log files will generally contain various information on your visitors including IP addresses. Once you have that you can use .htacess assuming you are allowed to use .htacess to ban individual IP addresses.

Of course banning individual IP addresses will likely not stop the attacks. They just have to use a different IP address. If this is just a person manually doing it their IP address can/will change if they are using a dynamic IP address ISP. If this is an automated spammer it will likely use different IP's or spoof different IP's. In that case you would end up spending all your time adding new IP addresses to ban.

pilty
04-04-2007, 05:00 PM
OK, thanks for all your help.

pilty
04-04-2007, 05:04 PM
I'd still like to know if anyone has some advice on a shoutbox feature that I can add to my site please?

_Aerospace_Eng_
04-04-2007, 05:07 PM
Well freewebs limits you to what you can and can't do. My suggestion would be to get a real host that allows ftp access. There are decent free ones out there. www.freehostia.com
www.awardspace.com
www.byethost.com

You can't add .htaccess to freewebs and I know you can't put dynamic pages on there so you are pretty much out of luck with freewebs.

pilty
04-04-2007, 05:10 PM
Well freewebs limits you to what you can and can't do. My suggestion would be to get a real host that allows ftp access. There are decent free ones out there. www.freehostia.com
www.awardspace.com
www.byethost.com

You can't add .htaccess to freewebs and I know you can put dynamic pages on there so you are pretty much out of luck with freewebs.

I'm not real good at HTML though and I like the site builder on freewebs. I'll check em out though, thanks.

Spookster
04-04-2007, 07:25 PM
And one thing that can help when you use a widely used shoutbox or other application is to change the name of the main file that people access. What spammers and such do is search a website for the common name of a file. So for example if the main file was shoutbox.php for this particular shoutbox spammers can then just search the web for sites that have that file name and apply their automated scripts against it. If you change the default name to something else it would make it harder for them to find.

pilty
04-04-2007, 10:40 PM
I've changed it to a forum that guests need to register for so the person in question won't be a problem anymore. Thanks for all the help everyone. I'm also considering moving the site to one of the suggested hosts mentioned above.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum