...

View Full Version : Banning by mutliple IP's



SDP2006
11-07-2003, 02:11 AM
I have a someone coming to my site misusing my contact forms as well as other things. I have his IP, but he uses dial-up and his IP varies by one or two digits sometimes. How can I ban/disallow acess to my site for him? I know how to ban, just his IP fluxuates because of dial-up.


Thanks

Nightfire
11-07-2003, 02:32 AM
Could just ban the first 6 numbers, as it's rare they'd change on dialup. Use regex on the IP, but then again banning by IP is useless as they could then just download a proxy server and then you're fubar'ed again. Only way to stop ppl from abusing things like contact forms is to add a cookie, set stuff in sessions, ban IP, which are all easy to bypass. Other option is to make them sign up to your site before they're allowed to post anything.

SDP2006
11-07-2003, 02:50 AM
The last two digits change sometimes here are the IP's I am getting from him --

12.93.80.173
12.93.81.68
12.93.81.99
12.93.81.91
12.93.80.68
12.93.81.113

Could you show me an example?

Nightfire
11-07-2003, 03:02 AM
Another thing you could do is just ban the users host name instead of IP as I don't think this changes.

Try something like this


<?php
if (preg_match ("/ADD_BANNED_HOSTNAME_IN_HERE/i", "$_SERVER['REMOTE_HOST']")) {
header("Location: http://www.yahoo.com");
}
?>

SDP2006
11-07-2003, 03:07 AM
What exactly is the host name?

Nightfire
11-07-2003, 03:13 AM
I believe it's the name of the server or host the user is connected to the ISP with. Only disadvantage about banning IP's and hostnames is that you'll be banning more than one person, you'll be banning a whole block of them

missing-score
11-07-2003, 07:49 AM
im not really sure about how banning the remote host works, but i know from experience that banning IP is not the way to go.

I had a site, and someone was abusing it, i too banned the first 6 digits.

half my members could not acess it, as most of them were on AOL, with the same first 3 digits.

must look into hostname.

mordred
11-08-2003, 12:38 AM
I second that. IP banning always looks like a effective measure (and it is), however it effects more often more people than you originally intended. The popular phpBB forum tried to tie a little bit more security into PHP sessions by storing and comparing IP ranges. If this feature was activated, it screwed up every forum member using AOL, because this host assigns totally different IP numbers on every *request* (yes, on every request - not dial-up). So the security effect paled in spite of those legitimate users who were banned.

Maybe one could secure your contact forms? You were not very clear what kind of abuse it was, but if it's related to multiple consecutive form submits, there are ways to fix that.

If you intend to bann the range of IPs you posted, you could use a simply string comparison:



function isIpBanned($testIp) {
$bannedRange = '12.93.8';
return substr($testIp, 0, 7) == $bannedRange;
}

SDP2006
11-12-2003, 03:11 AM
Would this work?


<?php
$ip = $_SERVER['REMOTE_ADDR'];
$bannedips = array("IP HERE","IP HERE","IP HERE");
foreach ($bannedips as $ip){
Header("Location: http://www.google.com");
}
else {
Header("Location: http://www.net-riches.com/includes/entry.php?cat=home");
}
?>

missing-score
11-12-2003, 11:30 AM
no.




<?php
$ip = $_SERVER['REMOTE_ADDR'];
$bannedips = array("IP HERE","IP HERE","IP HERE");
foreach ($bannedips as $IP_ADDR){

if($IP_ADDR == $ip){

// disallow

} else {

// allow

}

}

Dylan Leblanc
11-13-2003, 08:03 AM
Hmm, but the foreach() like that may be a problem, so:
<?

$ip = $_SERVER['REMOTE_ADDR'];

$bannedips = array("IP HERE","IP HERE","IP HERE");

if (in_array($ip, $bannedips)) {

// disallow

} else {

// allow

}

?>

raf
11-13-2003, 10:08 AM
You should check on the IP's anyway (not to block out specific users from your blacklist, but because it' an easy way to prevent DOS attacks). I have an ADSL connection, and there is nothing dynamic about my IP. It sometimes starts with 212 and sometimes with 89 or so.

Your best bet, i think, is requiring the users to accept cookies. You then set up a sessiontable in your db, where you record the IP and PHP- sessionID. Then store a persistent cookie on each machine, with the encoded PK value of your sessiontable in it.
Then you need to update that sessiontable and set some value in a variable (like setting it to 'block' or 'allow'). If the user reconnects to your site, you check for this cookie and decode the PK-value and look up the value for that variale. If it's 'block', then you redirect the user. If it is 'allow', then you reset the cookie (to change the expirationdate). If you don't find a cookie, you set a dummy cookie (not persistent) and then redirect to another page. There you try to read the cookie. If that doesn't work --> print message that they need to enable cookies. If you can read the cookie --> enter new record in sessiontable, get the ID, encode it and send it in a persistent cookie to the user.

Of course, the user can remove the cookie afterwards. But you'll soon see if he bothers or if he moves to another site. If he keeps abusing the form, you'll need to set up a login, with automatical cookielogin like on this and many other sites. A login procedure is the only more or less safe way. I tryed to explain some of this here:

http://www.codingforums.com/showthread.php?s=&threadid=25909&highlight=telnet



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum