...

View Full Version : Can I IP Ban?



grudziegirl
03-13-2003, 08:09 AM
Hi there,

I was wondering if someone could tell me if it's possible to ban certain IP's from viewing my website and then how I could go about that?

To be honest, when I go past HTML or basic JavaScript, I'm pretty clueless, but it's IMPERITIVE that I ban a handful of IPs from viewing my site...and I'm desperately trying to find a way to do that.
If anyone could offer any help, I'd VERY MUCH appreciate it!

Thank you,

- Tammy

Spookster
03-13-2003, 08:23 AM
I know you won't like this answer but....

Honestly it's pointless to try and ban someone from viewing your site by banning their IP address. If they are using a dialup connection their IP address changes each time they connect and the IP address you ban will be given to someone else. Same thing goes with Cable/DSL users however their IP's don't change as often as dialup, maybe once a day or anytime they reboot their modem or machine.

arnyinc
03-13-2003, 02:45 PM
Most DSL and cable modem users pick up a DHCP address and keep their leases for a really long time. I've only had two IP addresses with my comcast cable internet and it only changed when the company went from @home to comcast.

pegglas
03-13-2003, 03:52 PM
You could make a .htaccess file, if you have permission to do so. Its an ordinary text-file, only with no name and .htaccess as extension. In that file you write

order allow,deny
deny from 10.45.6.7
deny from 192.168.5.
allow from all

This will deny access from IP-adress 10.45.6.7 and from all users coming from the scope 192.168.5.X

Of course these are examples. You can write as many lines as you wish. Just remember that NOONE from a banned scope can gain access to your site.

Regardz
PLN

Spookster
03-13-2003, 04:58 PM
Originally posted by arnyinc
Most DSL and cable modem users pick up a DHCP address and keep their leases for a really long time.

And please do explain how you arrived at that conclusion.

BroadBand through RoadRunner/Earthlink sets their leases at 24 hours.

It would not be a good idea as far as security goes for a broadband service to give you the same IP for a lengthy period of time.

MarvinTheRobot
03-13-2003, 05:14 PM
It all depends on the setup, at home I run a roadrunner-->linksys firewall/router-->Server and user comps

Unless you spicifically ask it to do so, the firewall keeps the same external IP, however, it is farly easy to change it if it is your own equipment.

arnyinc
03-13-2003, 10:17 PM
Originally posted by Spookster
And please do explain how you arrived at that conclusion.

Because I've had the same IP address for months now.

Spookster
03-13-2003, 10:46 PM
Originally posted by arnyinc
Because I've had the same IP address for months now.

Just because you personally have had the same IP for months doesn't mean most DSL/Cable companies use the same policy.

Check your connection information and you can see when the lease was issued and expires and that will give you an idea of what your current provider's lease length is.

arnyinc
03-14-2003, 02:44 PM
Originally posted by Spookster
Just because you personally have had the same IP for months doesn't mean most DSL/Cable companies use the same policy.

Check your connection information and you can see when the lease was issued and expires and that will give you an idea of what your current provider's lease length is.

It expires every three days. With DHCP you don't lose your address every time it expires though. If the device remains attached to the same network and uses the IP then the client will automatically attempt to renew its lease from the DHCP server. That's how Comcast and my employer (150,000 employees) do it, so I know I'm not being completely ridiculous in assuming that a good deal of other companies do as well.

Spookster
03-14-2003, 03:57 PM
But if you are not on the network when your lease expires then that IP address will go to someone else. Many people don't leave their computers on all the time so they will get new IP's often.

The policy of keeping the same IP for lengthy periods of time as I said before is not a good policy. Leaves you more vulnerable to being hacked.

And it is almost never a good idea to assume.

If a network is crowded then lease lengths will be short because those IPs are in more demand. If a network is not crowded then lease lengths will probably be longer as those IP pool will be greater.

Back to the original topic..... Banning people by IP is still about pointless. Most people are still on dialup and their IP addresses do change often. Cable/DSL users IP's change as well (you do agree that at some point their IP will change) so by banning an IP address you ban not only the person that was causing trouble but you also ban anyone else that will be using that IP address.

Also if the user is using a laptop (this was one of the prime reasons for having DHCP) then their IP will change often since people typically don't leave laptops on all the time and the leases will expire and that IP will go to someone else.

Plus consider this fact....you ban an IP address, but what if the person was using a computer at a public library or cyber cafe. Odds are when they go back they won't be using the same computer again.

arnyinc
03-14-2003, 09:34 PM
I never said IP banning was a good idea, just pointing out that in certain specific circumstances it works. Anyone can get around any forum protection without even being relatively persistent.

All I'm saying is that IP banning is the best you can do without requiring people to register with a valid email, etc. Maybe you can send a cookie to them and hope they don't realize it and clear them. :)

Spookster
03-14-2003, 11:24 PM
Originally posted by arnyinc
Maybe you can send a cookie to them and hope they don't realize it and clear them. :)

Well actually that just made a lightbulb come on. :)

What one might be able to do is store in a banned users file on the server not only the IP address of the user but also any other uniquely identifiable information about the user like maybe browser, browser version, O/S, etc. Can't think of what else could uniquely identify a user (kind of like a composite key in a database). In this way when someone else gets that IP if their information doesn't match the banned information then it possibly means that IP is being used by someone new now and that IP can be removed from the banned list.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum