FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


detect ip, block ip





filet
I want to deter this problem , how do I detect that particular IP and block that IP with either warning or redirect somewhere and block that IP from visiting my site? Can I do it with php ?
fromegame
Code:
<?php
$ip = $_SERVER['REMOTE_ADDR'];
if($ip = "1.1.1.1") {
     echo ("Your not allowed to come here!");
}
?>
Mgccl
I think you might want to do more than one IP address.
and I think record ip address in ip2long form, I never tested but I think it might be faster at comparing.
MrBlueSky
A better option is to use .htaccess to block ip's:

For example, putting this in your .htaccess

Quote:

order allow,deny
deny from 123.45.6.7
deny from 012.34.5.
allow from all


denies access from ip 123.45.6.7 and every ip that starts with 012.34.5.

Using htaccess to block ip's has several advantages:

* You can easily ban complete ip-blocks (as in the example above)
* You ban them from your entire site, without having to add code to your PHP files
* It is faster then using PHP, because PHP is never executed when an IP that is blocked requests a page from your site
ncwdavid
I think a good way and I use it is to do it by a database. If your site has an admin area and stuff like that then just have a table in the database that stores ip addresses that are blocked. Then just do this at the top of every page:
Code:

$ip = $_SERVER['REMOTE_ADDR'];
$sql_ip = mysql_query("SELECT * FROM blocked WHERE ip_address='$ip'");
$num_ip = mysql_num_rows($sql_ip);
if($num_ip>=1){
echo "You are blocked!";
}
else{
The rest of the web page!
}


There is obviously many ways to do it, just use your imagination that what i always do.
filet
thanks for the information!!!!
rocrfella
thanks alot i've been looking for this Razz
filet
i've came across about this blog on .htaccess and its vulnerable to hacking:

hxxp://spamhuntress.com/2006/09/21/hacked-htaccess/

how safe it is using .htaccess?
MrBlueSky
filet wrote:
i've came across about this blog on .htaccess and its vulnerable to hacking:

hxxp://spamhuntress.com/2006/09/21/hacked-htaccess/

how safe it is using .htaccess?


In order for malicious users to change .htaccess they need write access to your webdocuments which basically means they can change anything.

Then why does the article make such a deal out of this, you might ask. Because someone hacked into a website, but being a spammer, he didn't change anything except .htaccess. A 'normal' hacker would put up a nice message on your site saying something like 'Th1s h4s b33n h4x0rt by l4m3 k1d'. But this being a spammer he only changed .htaccess. Hence the website owner had no clue about his site being compromised and didn't check is files. Then he, or a visitor, noticed that visiting his site from a search engine didn't take him to the site, but the site of the spammer instead due to the changes in his .htaccess.

When your site can be compromised a whole lot of damage can be done, including this one using htaccess. So you shouldn't worry about the safety of .htaccess, but about the safety of your site. If your site is properly secured, so are your htaccess-files.

To cut a long story short: using .htaccess is safe enough. If your htaccess can be compromised, so can your entire site, leaving you with more important things to worry about. Very Happy
filet
Thanks MrBlueSky..really appreciate the explanation!!! You have such depth knowledge on these, where and how do I educate myself with such knowledge?

Quote:
In order for malicious users to change .htaccess they need write access to your webdocuments which basically means they can change anything
.

So there are security issues in the scripts / software / etc, am I right? Does using firewall will prevent a site from being compromised? or there are other precautions must be taken?
MrBlueSky
filet wrote:
Thanks MrBlueSky..really appreciate the explanation!!! You have such depth knowledge on these, where and how do I educate myself with such knowledge?


You will learn it the same way I do: just trying a lot and reading, searching, asking questions. It looks like you are already doing that, so with a few years, when you're hanging around on the internet as long as I do you will know as much as me. Probably more.
(Now I'm feeling old Sad )

Besides that: everybody has his own area of expertise. I am certain there are a lot of computer-related skills you have, which I don't.

Quote:

So there are security issues in the scripts / software / etc, am I right? Does using firewall will prevent a site from being compromised? or there are other precautions must be taken?


Yes, there are and will always be security issues with software. The best way to keep your site from being compromised is making sure you keep up to date. Check the official site of the scripts you use on a regular basis to see if there are updates or new security issues.
Fire Boar
The spammer in question probably found out the FTP or control panel details of the website. Click the link below for an example, but do not further investigate 4chan.

http://lurkmore.com/wiki/index.php?title=Naruto-Kun

Be warned that there is some swearing in amongst the screenshotted conversation between /b/tards, but it's not too bad.
b123400
or you should use a array? it is much simpler!
manum
y nt use db for the sake of simplicity....
jabapyth
MrBlueSky wrote:
A better option is to use .htaccess to block ip's:

For example, putting this in your .htaccess

Quote:

order allow,deny
deny from 123.45.6.7
deny from 012.34.5.
allow from all


denies access from ip 123.45.6.7 and every ip that starts with 012.34.5.

Using htaccess to block ip's has several advantages:

* You can easily ban complete ip-blocks (as in the example above)
* You ban them from your entire site, without having to add code to your PHP files
* It is faster then using PHP, because PHP is never executed when an IP that is blocked requests a page from your site

.htaccess is the way to do it
Clever_As_Sin
ncwdavid wrote:
I think a good way and I use it is to do it by a database. If your site has an admin area and stuff like that then just have a table in the database that stores ip addresses that are blocked. Then just do this at the top of every page:
Code:

$ip = $_SERVER['REMOTE_ADDR'];
$sql_ip = mysql_query("SELECT * FROM blocked WHERE ip_address='$ip'");
$num_ip = mysql_num_rows($sql_ip);
if($num_ip>=1){
echo "You are blocked!";
}
else{
The rest of the web page!
}


There is obviously many ways to do it, just use your imagination that what i always do.


The code mentioned above may be improved as well:
Code:

function get_ipaddress()
{
   if (empty($_SERVER["HTTP_X_FORWARDED_FOR"])) {
      $ip_address = $_SERVER["REMOTE_ADDR"];
   } else {
      $ip_address = $_SERVER["HTTP_X_FORWARDED_FOR"];
   }
   if(strpos($ip_address, ',') !== false) {
      $ip_address = explode(',', $ip_address);
      $ip_address = $ip_address[0];
   }
   return $ip_address;
}

$ip = get_ipaddress();

$sql_ip = mysql_query("SELECT * FROM blocked WHERE ip_address='$ip'");
$num_ip = mysql_num_rows($sql_ip);
if($num_ip>=1){
echo "You are blocked!";
}
else{
The rest of the web page!
}

It tries to get the real ip adress even if user utilizes proxy server.
lolnubcakes
Hm, denying IPs... This gets me thinking of the possibilities of creating a PHP IP blocker for online multiplayer PC games such as Halo, Unreal Tournament, Quake, etc. Could PHP be used to block IPs from connecting to more than just a website? Say, block them from connecting to your game server?

(This might be handy considering some games don't have built in banners/kickers, especially game demos.)
AftershockVibe
That's only really possible if the game runs on a webserver which you have access to. Most don't even use a webserver at all, let alone one you can hack about with PHP in.

Also, the method below (the database one, not the .htaccess) doesn't really block IPs at all, it just displays a different page depending on your IP address. Just that if your IP is "blocked" it shows you a page saying "you are blocked".

The .htaccess is slightly different as described better below because the webserver itself says "no, I'm not talking to you".

I'll confess I'm not sure on the internals of Halo, Unreal or Quake but I'd bet significant money that they're not HTTP based.

I think the closest you can get to using this for game banning is to require people to visit the PHP website with blocked IP list in order to get the password for the day/week/whatever if the games themselves do not allow for blocking.
Web_master
So
If i put the code above in my .htaccess
I can put their IPs in
And they wudnt be able to enter the site?
SmartNess.
Well, im going to get hosting soon
And block people i dont want
To come into my site xD
lolnubcakes
AftershockVibe wrote:
I think the closest you can get to using this for game banning is to require people to visit the PHP website with blocked IP list in order to get the password for the day/week/whatever if the games themselves do not allow for blocking.


That's a good idea, but it really limits who can join your server. Thanks for all the information, and what you say makes sense. With Halo, I think the case is that the joining players directly connect to your IP and packets are sent back in forth between the two, so blocking an IP from connecting to your computer (by using a command line) will work. I haven't examined UT or Quake, but I'm sure it's a similar case.
Related topics
.htaccess IP Blocking
Ip Banning Using Php
Spyware Doctor 3.2
[RESOLVED]Does anyone know how to block a specific site...
Looking for a person via his email or IP
Make me a script get paid 500 frih
A good way to see your computer IP address
How are you preventing spam bots to spam your forums
How to block an IP
need IP blocker on my site
Advanced/Expert Computer Users: A Challenge.
Can you improve my sql injection detection
Malwarebytes detect frihost as potentialy malicious website
Am I getting bad neighbourhood?
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.