...

View Full Version : Need quick help with ip ban



masterofollies
08-24-2007, 06:46 PM
I have a major problem with a user creating many accounts spamming everything, they are traced to the same ip. Does anyone know a simple and easy ip ban script I can put in to stop it? Thanks

Mwnciau
08-24-2007, 06:55 PM
Just a simple one:



<?php
$ips = file('banlist.txt');

if in_array($_SERVER['REMOTE_ADDR'], $ips) die ('You are banned');
?>


In banlist.txt put the ips you want to ban, one line for each IP and put that code at the top of your pages.

masterofollies
08-24-2007, 09:09 PM
It isn't stopping him. I put down 3 IP's and he keeps changing them. Is there another way of stopping him?

CFMaBiSmAd
08-24-2007, 09:35 PM
As you have found, getting a different IP address is easy and banning them provides no protection.

1) If you are not already doing so, use email opt-in registration, where your registration script sends an email to the email address they entered, and they must click on a link in the email to activate their account. This will require that they have an email address that they have access to. You can than ban that email address when you disable the account of any spammer to prevent them from using it again to create another account. Throw-a-way/free email address are also easy to get, but this might slow them down enough so that they will go elsewhere.

2) Close the loop holes in your code that is providing the benefit to the spammer. If he is posting content/links, add filters to detect that content and prevent those posts... If he is using email header injection to send out spam email, add filters to detect that content and prevent those emails from getting sent...

3) If you believe the content is being automatically posted, add some tricks to your from processing code to detect and prevent automated posts. Typically a good image CAPTCHA or a random set of human only questions/answers...

masterofollies
08-24-2007, 09:42 PM
He said he is using a dynamic IP and that I can never stop him.

For your helpful tips

1). I have that feature coded, but I am wondering if it's enabled? I will check that.

2). He is mainly just sending emails from within the website.

3). None of it is automation. I have some captcha security on the website in different places.

MHaris
08-24-2007, 10:06 PM
He said he is using a dynamic IP and that I can never stop him.

For your helpful tips

1). I have that feature coded, but I am wondering if it's enabled? I will check that.

2). He is mainly just sending emails from within the website.

3). None of it is automation. I have some captcha security on the website in different places.

What does he post? Spamming his website? A particular word?

Are you using a particular script?

masterofollies
08-24-2007, 10:18 PM
Sending mail to people, some people he sent over 150 messages filling up their inbox. Just random useless crap like (Haha I can never be banned, ever)

CFMaBiSmAd
08-24-2007, 10:44 PM
In addition to disabling any accounts he is creating and banning any registration email address he has used, if the abuse is of an email system, you would need to put limits on how often an email can be sent, how many recipients each one can have, and limit the total number in any period of time.

For example, limit emails to no more than one in a 60 second interval, a maximum of one or two TO: recipients and one or two CC: recipients, and a maximum of 10 per hour/30 per 24 hours... Use whatever values would be appropriate for normal usage of your system.

If the email feature is not critical to your application, temporarily disable it while you put safeguards in place. Maybe he will go elsewhere if he thinks the email system does not exist anymore.

Edit: It sounds like the benefit he is receiving by doing this is just a boost to his ego. Takeaway this benefit and he will go elsewhere.

masterofollies
08-25-2007, 12:52 AM
CFMaBiSmAd, that is a excellent idea, about putting a time limit on game mails. I will do that. I think I fixed the problem, I had my host tech support help out. All but his original account starts with 172 and no other users start with that. So I did a 172.* which any IP that starts with 172 will be blocked from the site. I really hope this work and that it won't stop normal people. Thanks to all of you.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum