Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 2 12 LastLast
Results 1 to 15 of 17
  1. #1
    Regular Coder low tech's Avatar
    Join Date
    Dec 2009
    Posts
    852
    Thanks
    173
    Thanked 94 Times in 94 Posts

    Should I block this IP? If so how do I do that?

    Hi all.

    I have two questions.

    I'm teaching myself PHP and trying to learn how to use logs to improve my site.

    Question 1:
    Should I block this IP? If so how do I do that?

    I have a small site that I only expect to get busy at certain periods of the year
    and hits should be 90% from within my country.
    I wanted to work out if my site did in fact get busier during these periods so
    in March I set up a simple PHP script to get the IP and date of sites visiting my homepage.


    Now when I look at the log I find this

    /index.php, RUSSIA, May 25th 16:48:19 //IP is from Russia. Not sure I can show the actual IP here.
    /index.php, RUSSIA, May 25th 16:48:20
    /index.php, RUSSIA, May 25th 16:48:21
    /index.php, RUSSIA, May 25th 16:48:21


    which has been logged every two days since March.
    Just the times are different.

    Why would I get this? Is it a robot and harmless or an attack?
    I don't have a database on my site or any sensitive info.

    Should I block this IP? If so how do I do that?


    Question 2:

    Is there any way that I can show the place of origin instead of the IP?
    so for example instead of this

    /index.php, 000.12.345.678, May 25th 07:01:10

    I would see this
    /index.php, London, May 25th 07:01:10


    any help would be greatly welcomed

    low tech
    "The greatest revenge is to accomplish what others say you cannot do."
    ~ Unknown

    I used to be indecisive, but now I'm not so sure.

  • #2
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,327
    Thanks
    60
    Thanked 525 Times in 512 Posts
    Blog Entries
    4
    Its probably a search engine. If it was an attack you'd see in your logs calls to phpmyadmin/ and all sorts of others where it is trying to find a vulnerability.

    When you first start a website its easy to become paranoid about who's connecting to your site because you're not sure how well you've defended it. Search engines crawl websites frequently to ensure they've got the latest data and their search results are accurate. Google for instance crawls every 2 minutes on some websites and every 10 on others.

    If you want, you can create a mysql table, put your blocked IPs in there and then in your index.php check for the incoming ip connection against the table. If its in there then you can call exit() or just do what i do - sleep(600) (10 mins) which is long enough for bots to get bored and move on to their next victim. Just be careful though that you don't actually block the search engines or you'll be back asking why you can't get into them. Admittedly i've blocked some chineese and russian search engines on my site though as there was a botnet trying to hit my guestbook on a daily basis to find weaknesses and it all started after a crawl from those 2 countries.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • Users who have thanked tangoforce for this post:

    low tech (05-27-2011)

  • #3
    Regular Coder low tech's Avatar
    Join Date
    Dec 2009
    Posts
    852
    Thanks
    173
    Thanked 94 Times in 94 Posts
    Thanks tangoforce


    put my mind at ease a bit hhahahahaa

    stupid question but is there anyway to tell the difference between search engine and a user hitting the page after a google search for instance?

    I'm collecting IPs at the moment because I thought I would be able to see more hits on my index page during my busy periods and cross that against how many actual enquires I get. But of course I don't want to include search engine hits hahahhaaha


    I'm new at this so I don't if I should be collecting IPs --- should I be using http_referer?


    Does this make sense?

    thanks for your input --- really appreciated

    low tech
    ps :-)smile
    "The greatest revenge is to accomplish what others say you cannot do."
    ~ Unknown

    I used to be indecisive, but now I'm not so sure.

  • #4
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,327
    Thanks
    60
    Thanked 525 Times in 512 Posts
    Blog Entries
    4
    hahahahahaha? I don't see anything funny about IPs and search engines..

    I think you're worrying too much. Yes you can block ips but you need to look in the logs for the referrers and query strings.

    Most big search engines will tell you who they are like googlebot (although google is guilty of not doing this sometimes).

    At the end of the day unless you're a terrorist theres not much point blocking people and search engines from reaching your site or they'll never find it on a search.

    I personally think you're worrying too much. When you start seeing repeated attempts to get into /phpmyadmin or /admin or /cpanel etc then you know you've got a bot problem and need to start blocking them. Until that time..
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #5
    Regular Coder low tech's Avatar
    Join Date
    Dec 2009
    Posts
    852
    Thanks
    173
    Thanked 94 Times in 94 Posts
    Hi tangoforce

    I think we are a bit mixed up

    forget about blocking IPs because you've answered that question just fine:-)

    What i'm trying to say is:
    how do I find out if my index page is being viewed? (excluding search engines)

    I did this

    PHP Code:
    $address $_SERVER['PHP_SELF'];
    $ipaddress $_SERVER['REMOTE_ADDR'];
    $date date("M dS H:i:s"); 
    but doing it this way seems to capture search engine IPs which I don't need.

    At the moment this is the only log i'm looking at ie this one I created:-)

    I'm just trying to create a record of how many times my index page gets hit.

    Should I use http_referer instead of remote_addr?

    low tech
    :-)

    you need to look in the logs for the referrers and query strings
    what logs? where will I find them? I thought I had to create my own log:-(
    Last edited by low tech; 05-27-2011 at 12:11 PM.
    "The greatest revenge is to accomplish what others say you cannot do."
    ~ Unknown

    I used to be indecisive, but now I'm not so sure.

  • #6
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,327
    Thanks
    60
    Thanked 525 Times in 512 Posts
    Blog Entries
    4
    Yes you can use the HTTP_REFERRER in the $_SERVER array but tht will only tell you where people have been referred from.

    The best method is simply to look at the webserver logs because there are a lot of different things you need to take into consideration to determine if a request is a viewer or a bot and even if its a viewer, is it from the same session, ip, browser etc. It's a small minefield as you could have two different users on the same shared network at home looking at your site at the same time. Now do you classify that as one visit or two?

    See what i mean?
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • Users who have thanked tangoforce for this post:

    low tech (05-27-2011)

  • #7
    Regular Coder low tech's Avatar
    Join Date
    Dec 2009
    Posts
    852
    Thanks
    173
    Thanked 94 Times in 94 Posts
    Hi tangoforce

    Thanks for your replies

    It's a small minefield
    hahha yeh I am beginning to see that hahahaa

    but it's a good learning curve and you've given me some things to think about,


    I'll check out the webserver logs ---- I've had the site for years but up to now I've never looked at the logs hahahhaha

    again thanks

    low tech
    :-)
    "The greatest revenge is to accomplish what others say you cannot do."
    ~ Unknown

    I used to be indecisive, but now I'm not so sure.

  • #8
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,327
    Thanks
    60
    Thanked 525 Times in 512 Posts
    Blog Entries
    4
    Good luck!
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #9
    New to the CF scene
    Join Date
    May 2011
    Posts
    9
    Thanks
    0
    Thanked 1 Time in 1 Post
    1.detect users ip with $REMOTE_ADDR
    2.dectect the country from the ip2country script posted here.
    3.deny access of the country like
    PHP Code:
    if($iso_country_code=="uk")
    {
    echo 
    " Sorry We dont allow UK visitors here.";
    }
    else
    { echo 
    " acess link to the site.";


  • Users who have thanked krypton for this post:

    low tech (05-27-2011)

  • #10
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,327
    Thanks
    60
    Thanked 525 Times in 512 Posts
    Blog Entries
    4
    @krypton: How does that work with users who are proxying through the TOR network? - who could be from any country..
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #11
    Regular Coder low tech's Avatar
    Join Date
    Dec 2009
    Posts
    852
    Thanks
    173
    Thanked 94 Times in 94 Posts
    Hi krypton

    1.detect users ip with $REMOTE_ADDR
    2.dectect the country from the ip2country script posted here.
    3.deny access of the country like

    PHP Code:
    if($iso_country_code=="uk")
    {
    echo " Sorry We dont allow UK visitors here.";
    }
    else
    { echo " acess link to the site.";
    }
    Thank you for the code.

    appreciated

    low tech

    ps
    @tangoforce
    good point
    :-)
    "The greatest revenge is to accomplish what others say you cannot do."
    ~ Unknown

    I used to be indecisive, but now I'm not so sure.

  • #12
    New to the CF scene
    Join Date
    May 2011
    Posts
    9
    Thanks
    0
    Thanked 1 Time in 1 Post
    Quote Originally Posted by tangoforce View Post
    @krypton: How does that work with users who are proxying through the TOR network? - who could be from any country..
    u can block ip range too if this happens

  • #13
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,327
    Thanks
    60
    Thanked 525 Times in 512 Posts
    Blog Entries
    4
    @krypton:You're missing the point. Supposing someone from an allowed country is connecting via the TOR network using another country IP. They will be wrongfully blocked.

    Now how do you account for that?
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #14
    New to the CF scene
    Join Date
    May 2011
    Posts
    9
    Thanks
    0
    Thanked 1 Time in 1 Post
    Quote Originally Posted by tangoforce View Post
    @krypton:You're missing the point. Supposing someone from an allowed country is connecting via the TOR network using another country IP. They will be wrongfully blocked.

    Now how do you account for that?
    why someone will connect by changing another ip address? that man must have something wrong in his mind then only he will connect with another ip address...... and that person should be totally blocked from site........
    Last edited by krypton; 05-28-2011 at 04:58 PM.

  • #15
    Regular Coder
    Join Date
    Dec 2010
    Location
    Kent, UK
    Posts
    573
    Thanks
    23
    Thanked 10 Times in 10 Posts
    this may sound a bit old, however i just wanted to add that if you use statcounter you can see which pages are being viewed most ect, i do believe the url is statcounter.com, a quick google search would do, just include it in all pages, would be easier if u had an include file thats included in every page.
    http://360-tactics.co.uk/forum/index.php

    Crime-Wave

    please post your code wrapped in tags
    please post your PHP wrapped in tags

  • Users who have thanked Dan13071992 for this post:

    low tech (05-31-2011)


  •  
    Page 1 of 2 12 LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •