automatic ip banning for trollers

[durangod]

Hi, i was wondering if there was a way (even a paid service) to automatically ban an ip once they hit a set number of "file does not exist" error. Im tired of these idiots trolling my site for file names, i ban them but its after the fact. I wonder if there is a way to ban then automatically once they hit lets say 5 "file does not exist". This would keep out alot of them but allow for honest visitors that just have the wrong address. To do this i would also need to exclude my own ip from the mix as i do testing and i dont want to get banned lmao.

Any ideas?

Thanks so much.

I did find this (see link below) on my old hosting co forum, but its almost 5 years old, mitch is no longer with the company, and the only other people that have said anything about it in the forum are all new registrations. Maybe if some of the more experience people like mitch as given their kudos i would go for it, but that is not the case. So i am looking for something else. Or maybe someone here can give their opinion on this or maybe even improve on it.

http://www.lunarforums.com/lunarpage...-t43858.0.html

[byrondallas]

I can get you started. This is a script i use on my site to ban bad bots but can be modified to suit your needs. First create a cgi file named trap.pl and add this script to it and chmod 755:

Code:

#!/usr/bin/perl -w
# This is the only variable that needs to be modified. 
# Replace it with the absolute path to your root directory. 
$rootdir = "/home/byron/public_html/";

# Grab the IP of the bad bot 
$visitor_ip = $ENV{'REMOTE_ADDR'};
$visitor_ip =~ s/\./\\\./gi;

# Open .htaccess file 
open(HTACCESS,"".$rootdir."/\.htaccess") || die $!;
@htaccess = <HTACCESS>;
close(HTACCESS);

# Write banned IP to .htaccess file 
open(HTACCESS,">".$rootdir."/\.htaccess") || die $!;
print HTACCESS "SetEnvIf Remote_Addr \^".$visitor_ip."\$ ban\n";
foreach $deny_ip (@htaccess) {
print HTACCESS $deny_ip;
} 
close(HTACCESS);
# Close 
print "Content-type: text/html\n\n";
print "<html>\n";
print "<head>\n";
print "<title>Access Denied!</title>\n";
print "<meta name=\"robots\" content=\"noindex,nofollow\">\n";
print "</head>\n";
print "<body>\n";
print "<p><b>Access Denied!</b></p>\n";
print "</body>\n";
print "</html>\n";
exit;

Then add this to the top of your root htaccess file:

Code:

SetEnvIf Remote_Addr ^65\.29\.81\.103$ ban
order allow,deny
allow from all
deny from env=ban

Here are a couple of simple ways to auto ban an IP.

1. As a simple hyperlink:
http://www.yourdomain.com/cgi-bin/trap.pl

2. In your case you could write a php or perl/cgi script as your 404 page to check if a certain ip has hit the page more than 5 times. Once it is hit 5 times then show trap.pl and the bad ip is written to your htaccess file.

How it works.

Every time a user hits trap.pl their IP is written to the top of the .htaccess file. Your .htaccess file will begin to look something like this:

Code:

SetEnvIf Remote_Addr ^65\.29\.81\.103$ ban
SetEnvIf Remote_Addr ^201\.44\.73\.40$ ban
SetEnvIf Remote_Addr ^306\.90\.74\.60$ ban
order allow,deny
allow from all
deny from env=ban

If your not familiar enough with php or perl/cgi, you could ask in the those forums for help.

[byrondallas]

I had some time today so I went ahead and created a php script that will work with the code above. What this will do is record the ip address of the person who gets your 404 page and keep a count. Once the person's ip has been counted 5 times it will redirect them to the trap.pl file which bans the ip. It takes 5 hits by the SAME ip address before it redirects to trap.pl

Copy and paste the php script below as your 404 page and give it a .php extension:

PHP Code:

<?php
$file = "banned.txt";
$ip = $_SERVER[REMOTE_ADDR];

# delete banned.txt if more than 100 entries
# to keep file from filling up with ips
if (file_exists($file))
{
$array = file($file);
$count = count($array);
if ($count > 100)
{
unlink($file);
}
}

# create banned.txt if not created and log ip
file_put_contents($file, "$ip\n", FILE_APPEND);

# open banned.txt and check matching ips
$myArray = file($file, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
$newArray = array_count_values($myArray);

# find the largest number of matching ips
$lrgst = max($newArray);

# if over 5 hits by same ip, redirect to trap.pl 
# and delete banned.txt
if ($lrgst >= 5)
{
unlink($file);
header("location:http://yourdomain.com/cgi-bin/trap.pl");
exit;

} else {

# if same ip hasn't hit the 404 page over 5 times
# return 404 page
$nopage = <<<HEREDOC
<html>
<head><title>404 Not Found</title></head>
<body>
The Page You Requested Could Not Be Found
</body>
</html>
HEREDOC;
echo $nopage;
}
?>

[byrondallas]

After thinking about it I realized I could just as easily do everything with just one single php script. Make this your 404 error page:

PHP Code:

<?php
$file = "banned_ips.txt";
$ip = $_SERVER[REMOTE_ADDR];

# delete file if more than 100 entries
# to keep file from filling up with ips
if (file_exists($file))
{
$array = file($file);
$count = count($array);
if ($count > 100)
{
unlink($file);
}
}

# create banned.txt if not created and log ip
file_put_contents($file, "$ip\n", FILE_APPEND);

# open banned.txt and check matching ips
$myArray = file($file, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
$newArray = array_count_values($myArray);

# find the largest number of matching ips
$lrgst = max($newArray);

# if over 5 hits by same ip, add ip to deny list
if ($lrgst >= 5)
{
unlink($file);

# open .htaccess file and add banned ip
$htaccess = ".htaccess";
$banip = "Deny from $ip\n";
file_put_contents($htaccess, $banip, FILE_APPEND);

} else {

# if same ip hasn't hit the 404 page over 5 times
# return 404 page
$nopage = <<<HEREDOC
<html>
<head><title>404 Not Found</title></head>
<body>
The Page You Requested Could Not Be Found
</body>
</html>
HEREDOC;
echo $nopage;
}
?>

Make sure this is ALWAYS the last thing in your root .htaccess file

Code:

Order Allow,Deny
Allow from all

Also unless you modify the htaccess path, your 404 error page should be in your root folder.