Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 12 of 12
  1. #1
    Regular Coder
    Join Date
    May 2003
    Location
    34 54' N 82 13' W
    Posts
    996
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Banning by mutliple IP's

    I have a someone coming to my site misusing my contact forms as well as other things. I have his IP, but he uses dial-up and his IP varies by one or two digits sometimes. How can I ban/disallow acess to my site for him? I know how to ban, just his IP fluxuates because of dial-up.


    Thanks
    Stevie Peele
    Neverside IRC Network - irc.veonex.net | tc.tutorialnetwork.org
    #dev - any programming,etc. question
    #design - design discussion and critque
    #central - general chat
    Come join us!

  • #2
    Senior Coder Nightfire's Avatar
    Join Date
    Jun 2002
    Posts
    4,266
    Thanks
    6
    Thanked 48 Times in 48 Posts
    Could just ban the first 6 numbers, as it's rare they'd change on dialup. Use regex on the IP, but then again banning by IP is useless as they could then just download a proxy server and then you're fubar'ed again. Only way to stop ppl from abusing things like contact forms is to add a cookie, set stuff in sessions, ban IP, which are all easy to bypass. Other option is to make them sign up to your site before they're allowed to post anything.

  • #3
    Regular Coder
    Join Date
    May 2003
    Location
    34 54' N 82 13' W
    Posts
    996
    Thanks
    0
    Thanked 0 Times in 0 Posts
    The last two digits change sometimes here are the IP's I am getting from him --

    12.93.80.173
    12.93.81.68
    12.93.81.99
    12.93.81.91
    12.93.80.68
    12.93.81.113

    Could you show me an example?
    Stevie Peele
    Neverside IRC Network - irc.veonex.net | tc.tutorialnetwork.org
    #dev - any programming,etc. question
    #design - design discussion and critque
    #central - general chat
    Come join us!

  • #4
    Senior Coder Nightfire's Avatar
    Join Date
    Jun 2002
    Posts
    4,266
    Thanks
    6
    Thanked 48 Times in 48 Posts
    Another thing you could do is just ban the users host name instead of IP as I don't think this changes.

    Try something like this
    PHP Code:
    <?php
    if (preg_match ("/ADD_BANNED_HOSTNAME_IN_HERE/i""$_SERVER['REMOTE_HOST']")) { 
        
    header("Location: http://www.yahoo.com");
    }
    ?>

  • #5
    Regular Coder
    Join Date
    May 2003
    Location
    34 54' N 82 13' W
    Posts
    996
    Thanks
    0
    Thanked 0 Times in 0 Posts
    What exactly is the host name?
    Stevie Peele
    Neverside IRC Network - irc.veonex.net | tc.tutorialnetwork.org
    #dev - any programming,etc. question
    #design - design discussion and critque
    #central - general chat
    Come join us!

  • #6
    Senior Coder Nightfire's Avatar
    Join Date
    Jun 2002
    Posts
    4,266
    Thanks
    6
    Thanked 48 Times in 48 Posts
    I believe it's the name of the server or host the user is connected to the ISP with. Only disadvantage about banning IP's and hostnames is that you'll be banning more than one person, you'll be banning a whole block of them

  • #7
    Senior Coder missing-score's Avatar
    Join Date
    Jan 2003
    Location
    UK
    Posts
    2,194
    Thanks
    0
    Thanked 0 Times in 0 Posts
    im not really sure about how banning the remote host works, but i know from experience that banning IP is not the way to go.

    I had a site, and someone was abusing it, i too banned the first 6 digits.

    half my members could not acess it, as most of them were on AOL, with the same first 3 digits.

    must look into hostname.

  • #8
    Senior Coder
    Join Date
    Jun 2002
    Location
    frankfurt, german banana republic
    Posts
    1,848
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I second that. IP banning always looks like a effective measure (and it is), however it effects more often more people than you originally intended. The popular phpBB forum tried to tie a little bit more security into PHP sessions by storing and comparing IP ranges. If this feature was activated, it screwed up every forum member using AOL, because this host assigns totally different IP numbers on every *request* (yes, on every request - not dial-up). So the security effect paled in spite of those legitimate users who were banned.

    Maybe one could secure your contact forms? You were not very clear what kind of abuse it was, but if it's related to multiple consecutive form submits, there are ways to fix that.

    If you intend to bann the range of IPs you posted, you could use a simply string comparison:

    PHP Code:
    function isIpBanned($testIp) {
        
    $bannedRange '12.93.8';
        return 
    substr($testIp07) == $bannedRange;

    De gustibus non est disputandum.

  • #9
    Regular Coder
    Join Date
    May 2003
    Location
    34 54' N 82 13' W
    Posts
    996
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Would this work?
    PHP Code:
    <?php
    $ip 
    $_SERVER['REMOTE_ADDR'];
    $bannedips = array("IP HERE","IP HERE","IP HERE");
    foreach (
    $bannedips as $ip){
    Header("Location: http://www.google.com");
    }
    else {
    Header("Location: http://www.net-riches.com/includes/entry.php?cat=home");
    }
    ?>
    Stevie Peele
    Neverside IRC Network - irc.veonex.net | tc.tutorialnetwork.org
    #dev - any programming,etc. question
    #design - design discussion and critque
    #central - general chat
    Come join us!

  • #10
    Senior Coder missing-score's Avatar
    Join Date
    Jan 2003
    Location
    UK
    Posts
    2,194
    Thanks
    0
    Thanked 0 Times in 0 Posts
    no.

    PHP Code:

    <?php
    $ip 
    $_SERVER['REMOTE_ADDR'];
    $bannedips = array("IP HERE","IP HERE","IP HERE");
    foreach (
    $bannedips as $IP_ADDR){

    if(
    $IP_ADDR == $ip){

       
    // disallow

    } else {

       
    // allow

    }

    }

  • #11
    Regular Coder
    Join Date
    Sep 2002
    Location
    British Columbia
    Posts
    235
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hmm, but the foreach() like that may be a problem, so:
    PHP Code:
    <?

    $ip 
    $_SERVER['REMOTE_ADDR'];

    $bannedips = array("IP HERE","IP HERE","IP HERE");

    if (
    in_array($ip$bannedips)) {

       
    // disallow

    } else {

       
    // allow

    }

    ?>

  • #12
    raf
    raf is offline
    Master Coder
    Join Date
    Jul 2002
    Posts
    6,589
    Thanks
    0
    Thanked 0 Times in 0 Posts
    You should check on the IP's anyway (not to block out specific users from your blacklist, but because it' an easy way to prevent DOS attacks). I have an ADSL connection, and there is nothing dynamic about my IP. It sometimes starts with 212 and sometimes with 89 or so.

    Your best bet, i think, is requiring the users to accept cookies. You then set up a sessiontable in your db, where you record the IP and PHP- sessionID. Then store a persistent cookie on each machine, with the encoded PK value of your sessiontable in it.
    Then you need to update that sessiontable and set some value in a variable (like setting it to 'block' or 'allow'). If the user reconnects to your site, you check for this cookie and decode the PK-value and look up the value for that variale. If it's 'block', then you redirect the user. If it is 'allow', then you reset the cookie (to change the expirationdate). If you don't find a cookie, you set a dummy cookie (not persistent) and then redirect to another page. There you try to read the cookie. If that doesn't work --> print message that they need to enable cookies. If you can read the cookie --> enter new record in sessiontable, get the ID, encode it and send it in a persistent cookie to the user.

    Of course, the user can remove the cookie afterwards. But you'll soon see if he bothers or if he moves to another site. If he keeps abusing the form, you'll need to set up a login, with automatical cookielogin like on this and many other sites. A login procedure is the only more or less safe way. I tryed to explain some of this here:

    ban ip after two submissions?


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •