XMB Forum Software - [New] IP Banning help / questions - Powered by XMB 1.9.12 (Debug Mode)

[New] IP Banning help / questions

quibel - 8-27-2013 at 08:17 AM

Full Board URL: www.club-k.co.nz
XMB Version: 1.9.11

long time user but had to creat a new account since the move here (man has it been that long).

anyways I have recently been trying to refine my ip ban range as its just getting silly the number of bans I have in place.

I already run catcha image, approval by mod hack, random email password, and IP bans but I still get like 4-5 a day.

Question 1
Is there anyway to block a range of numbers (ie)
110.80.*.* to 110.90.*.* without having to have 10 entries.

I tried 110.8*.*.* but they were still able to register.

I dont want to ban the entire 110.*.*.* range as there are valid IPs in there.

Question 2
is there anyway to say point the xmb system at registration to this site .... http://www.stopforumspam.com/ they already have millions of blocks in place.

Question 3
i know this will be a hack request but rather than IPban is there anyway to have a system IPapprove system where xmb can automatically approve ranges I know to be good then refer the rest to me for approval like normal.

Q

lottos - 8-27-2013 at 08:18 AM

re question 2, 'search' on 'stopforumspam'.,...

quibel - 8-27-2013 at 07:08 PM

one more question re banning IPs.

if i ban a range that someone has already used to register can that person still log in or will it ban them as well.

Q

Mouser - 8-27-2013 at 07:18 PM

IP banning sounds a bit odd to me now. At work I can pick any from 15 proxy-servers located across the globe. And I'll be in different countries.

On the internet, there are quite some proxies and anonimizers.
I'm not sure that is still an accurate way to ban people that are pretty persistent.

Quote: Originally posted by quibel

one more question re banning IPs.

if i ban a range that someone has already used to register can that person still log in or will it ban them as well.

Q

When I'm not mistaken --> Ban.

quibel - 8-27-2013 at 07:48 PM

the list of 1500 IPs i have are primarily all the same at registration. I built the list up over the last 2 years as people were registering and I didnt approve their login for one reason or another.

normally txt in the signature like "watches, rebocks, my name is , i life at, street details and area codes, look find man etc etc ... " even ones where i simply didnt like the forum name or email address.

I have checked that against the ips for accounts I did allow and have a pretty definitive range now.

not saying its perfect but it is better than nothing.

Mouser - 8-27-2013 at 08:14 PM

I don't know if you want to ban IP's in the Admin Panel ... Or by modifying a little bit in the header.php (where the actual banning is done)
The last one would be the easier.

This is the code-snippet that checks the database;

Code:

// Check if the client is ip-banned
if ($SETTINGS['ip_banning'] == 'on') {
    $ips = explode(".", $onlineip);
    $query = $db->query("SELECT id FROM ".X_PREFIX."banned WHERE ((ip1='$ips[0]' OR ip1='-1') AND (ip2='$ips[1]' OR ip2='-1') AND (ip3='$ips[2]' OR ip3='-1') AND (ip4='$ips[3]' OR ip4='-1')) AND NOT (ip1='-1' AND ip2='-1' AND ip3='-1' AND ip4='-1')");
    $result = $db->num_rows($query);
    $db->free_result($query);
    if ($result > 0) {
        // Block all non-admins
        $serror = 'ip';
    }
}

I've done some testing, and on my server, the IP can be used with 'smaller' and 'bigger' signs. If you add this here, below the code I just showed you, that should work;

Code:

if ( $onlineip > "110.80.0.0" AND $onlineip < "110.90.0.0" ) {
	$serror = 'ip';
}

Might be faster then writing a complete hack

quibel - 8-27-2013 at 10:55 PM

Think i get that ... so it will check the data base for singular IP addressess in the IPban table first , then check the range then continue if all good.

Say I wanted the range like you supplied above first so that way I could remove a swag of addressess from my IPban table, where would i place it ? between the lines if {$settings and $ips ?

thanks mouser
your still a legend after all these years.

Q

quibel - 8-28-2013 at 12:32 AM

Mouser - move this to hacks if you want as i just had a brain wave while running.

I can use the code you supplied as an approval system built into the header.php file by saying something along the lines of

if its in approved range do nothing ... If possible dont wait for admin to approve registration, email password and let them get on with it

if its in banned range , error message

if its not in banned range check ipban table like normal

IE (do not use my code its just me playing)

Code:


// Check if the client is ip-banned
if ($SETTINGS['ip_banning'] == 'on') {

    // check if IP in approved IP range (numbers between a-b or c-d or e-f)
    if ($onlineip > "A" AND $onlineip < "B" ) OR 
       ($onlineip > "C" AND $onlineip < "D" ) OR 
       ($onlineip > "E" AND $onlineip < "F" ){
           bypass the IP system
           if you have admin approval on can this be bypassed ???
           letting the user just get on with it once they get here ???
           password emailed to them like normal ???
    } 
    // check if IP in IPban range (as per your section of code)
    else ($onlineip > "A" AND $onlineip < "B" ) OR 
           ($onlineip > "C" AND $onlineip < "D" ) OR 
           ($onlineip > "E" AND $onlineip < "F" ){
           $serror = 'ip';
    } 
    // normal proceedure
    else { 
        $ips = explode(".", $onlineip);
        $query = $db->query("SELECT id FROM ".X_PREFIX."banned WHERE ((ip1='$ips[0]' OR ip1='-1') AND (ip2='$ips[1]' OR ip2='-1') AND (ip3='$ips[2]' OR ip3='-1') AND (ip4='$ips[3]' OR ip4='-1')) AND NOT (ip1='-1' AND ip2='-1' AND ip3='-1' AND ip4='-1')");
       $result = $db->num_rows($query);
       $db->free_result($query);
       if ($result > 0) {
           // Block all non-admins
           $serror = 'ip';
           }
      }
}

Im not sure on the linking of the a-b or c-d or e-f range but i think you get the idea of what I am trying to do.

if you cant bypass the notifying person on new registration for approval thats no biggie, just trying to cut down on admin time

Q

Mouser - 8-28-2013 at 04:27 PM

Glad I could provide you some insight

Yes, that could be done like that.

Just a quick question; The IP checks, that is just for registration? Or for general board browsing?

Or cut it in pieces....
-> Allow all registrations coming from IP ranges U, V, W ...
-> Deny all registrations coming from IP ranges X, Y,Z ...
-> For the rest, use the normal approval steps.

-> Deny board browsing from IP ranges D, E, F.

Don't know anything about your hosting package, and bandwidth costs... deny certain IP's to browser your board, might help you save something there.

Could you attach your member.php? Maybe yours is different then the plain normal one.

quibel - 8-28-2013 at 08:12 PM

I was originally thinking about doing it on registration but I suppose doing it as the page opens for browsing makes more sence. Then they cant even register so I wont have to do any approving

.

I just added your original code and set it from 1.1.1.1 to 255.255.255.255 and uploaded (just to test).

I could browse as an admin but when i logged out, or used a test member account, or moderator account i got this error : "You are banned. You may not view the forums, post, make new topics, send U2U's or edit your posts".

I like it

Bandwidth isnt to much of an issue.

header.php attached.

At presnt I now have 267 IP bans in place (mostly 2nd level ip range), these could be reduced by using ranges a-b, c-d etc which I am currently sorting out on a spreadsheet.

For browsing the board (ignoring registration) it really doesnt matter if you are from a good address or an unknown so really that takes us back to just stopping those in the banned range from using.

so yeah .....
--> if you fall into one of the banned ranges (a-b,c-d,e-f etc)then error, do not pass go, do not collect $200
--> anything else checked like normal, possible browsing, posting, registration etc.

Cheers

Q

Attachment: header.php (28kB)
This file has been downloaded 432 times

Mouser - 8-29-2013 at 08:01 PM

Sounds good enough

Now I don't know how you want to provide the ranges.

Network ranges can be specified as:
1. Wildcard format: 1.2.3.*
2. CIDR format: 1.2.3/24 OR 1.2.3.4/255.255.255.0
3. Start-End IP format: 1.2.3.0 - 1.2.3.255

If you only wish to use #3, the following would be interesting. I'd say, ban single IP's in the Admin Panel, and then the ranges using the function below.

Add to the bottom of config.php (perhaps a nice place for it)

Code:

    $banned_ranges = array (
        '10.0.0.0|10.255.255.255', // single class A network
        '172.16.0.0|172.31.255.255', // 16 contiguous class B network
        '192.168.0.0|192.168.255.255', // 256 contiguous class C network
        '169.254.0.0|169.254.255.255', // Link-local address also refered to as Automatic Private IP Addressing
        '127.0.0.0|127.255.255.255' // localhost
    );

As an example, the private address ranges are specified. Perhaps no good idea to keep them there..

Add to functions.inc.php

Code:

function ip_in_range ($ip) {
    global $banned_ranges;
    $long_ip = ip2long ($ip);
    if ($long_ip != -1) {
        foreach ($banned_ranges AS $pri_addr) {
            list ($start, $end) = explode('|', $pri_addr);
            if ($long_ip >= ip2long ($start) && $long_ip <= ip2long ($end)) {
                return true;
            }
        }
    }

    return false;
}

in header.php , find this

Code:


    if ($result > 0) {
        // Block all non-admins
        $serror = 'ip';
    }
	
}

Replace with this

Code:


    if ($result > 0) {
        // Block all non-admins
        $serror = 'ip';
    }
    if ( ip_in_range($onlineip) ) {
        $serror = 'ip';
    }
}

Found the function over here;
http://stackoverflow.com/questions/13818064/check-if-an-ip-a...

The stuff was spread out over multiple files, as it might come in handy in other parts of the board as well sometime.

quibel - 8-29-2013 at 09:02 PM

Thanks mouser

As you said I ban the single ranges in the IPban feature in control panel (ie) '14.147.*.*' or '20.223.209.*'

There are 14 major ranges in total that would remove about 40% of my individual bans while adding a range of IPs not yet banned but recorded and getting close to bans, ie
2.100.0.0 --> 9.255.255.255
11.0.0.0 --> 23.255.255.255
25.0.0.0 --> 27.250.255.255

As you can see I have tried where possible to start at a x.x.0.0 and run to the end of a range x.x.255.255

================

I assume you are adding the bit in config so that it can be used if needed in other areas of the forum at a later stage if need be?

The functions call basically returns a true or false where $long_ip is the users ip address and is compared with the start and end values in the above table?

then the header just says, check normal table and error or check the range (found in config via functions) and error if true.

does that sound about right?

Mouser - 8-29-2013 at 09:11 PM

That is completely correct

quibel - 8-29-2013 at 09:17 PM

p.s

I have 1841 IP address's recorded as suspect,
I have bans in place to cover 994 of those 1841
Thats 54% of the recorded numbers at present.

I have 5 new registrations a day - a cap I put in place to curb false registrations.

I used to get 5-6 a day now im down to maybe 2-3 a day.

By adding the ranges I have and removing the individuals in control panel the bans in place would cover 1176 of the 1841
Thats 64% coverage instantly.

And thats only at first glance,
There will be more I just need to refine the ranges as I get time.

Q

quibel - 8-29-2013 at 09:56 PM

No Go

End of config file looks like (just put in 3 ranges to cover all while testing)

Code:


// IP Range Banning
    $banned_ranges = array (
        '1.0.0.0|100.255.255.255', 
        '101.0.0.0|200.255.255.255', 
        '201.0.0.0|250.255.255.255'
    ); 

// Do not edit below this line.
// ---------------------------
return;
?>

Only other thing I changed was the function name to
"ip_ban_range ($ip)" rather than "ip_in_range ($ip)"

of cource I then changed the header text to match.

Im guessing it has to be the function call itself but I dont know how to test that.

Im not overly concerned about it being used elsewhere, As if they are banned at the header they wont be able to do anything further in anyways.
Maybe your original code : if "ip>a and <b" or "ip>c and ip<d" etc etc is the way to go ???

Q

lottos - 8-30-2013 at 12:30 AM

Curious as to whether you have done the stopforumspam bit yet:
http://forums.xmbforum2.com/viewthread.php?tid=776782#pid137...

?

quibel - 8-30-2013 at 01:10 AM

I did look at it but my understanding is that they can still browse the forum and attempt a registration before getting told to sod off.

With the code mouser was building up they would get the home page but they could do nothing as they got an error message as soon as they hit the forum, plus I still maintain control over who gets banned and who doesnt.

I know its not a purfect solution but what is with these guys,

I just wanted to reduce the work load and te u2u notications on joining somewhat.

lottos - 8-30-2013 at 03:22 AM

Easier, quicker to use IP ban via CSF if you have access to it. That way they don't see your website at all.

quibel - 8-30-2013 at 10:59 PM

CSF ???

if you mean stopforumspam then my server is setup to run the files like in the link you supplied. If I was going to run that I think I would want the oppisite of what I am doing here now. ie - if ip in an approved range continue like normal , else check ip , then allow in if OK

Q

lottos - 8-31-2013 at 03:54 AM

http://configserver.com/cp/csf.html

Mouser - 8-31-2013 at 07:21 AM

Odd, worked fine on my tests.

When I copied from my own post, the line breaks were gone. So here it is in TXT format.

Please note, it will not ban you as an admin..

Attachment: 12345.txt (3kB)
This file has been downloaded 337 times

quibel - 9-1-2013 at 09:09 PM

here is the end of my config. I placed the code at the end of the debug mode and before the end of the file.

Quote:

// Debug-mode

/**
* To turn on DEBUG mode (you can then see ALL queries done at the bottom of each screen (except buddy-list & u2u)
* just uncomment this variable. These queries are ONLY visible to the user currently loading that page
* and ONLY visible to Super Administrators. Comment first line and uncomment second line to use debug mode.
*/

define('DEBUG', FALSE);
// define('DEBUG', TRUE);

/**
* To enable logging of all MySQL errors (necessary in the case of registration, login, or captcha errors), comment first
* line and uncomment second line. Note the log file will be visible to the public unless it is protected
* by your web server configuration. The file name will be 'error_log' unless you change the PHP configuration.
* If the chmod settings of this directory prevent file Write then the log will not be created.
*/

define('LOG_MYSQL_ERRORS', FALSE);
// define('LOG_MYSQL_ERRORS', TRUE);

//IP Range Banning
$banned_ranges = array (
'1.1.1.1|10.255.255.255',
'11.1.1.1|111.255.255.255',
'112.1.1.1|211.255.255.255',
'222.1.1.1|255.255.255.255'
);

// Do not edit below this line.
// ---------------------------
return;
?>

are my IP ranges ok ... just want a blanket range while I test and will replace later with correct ranges.

in the functions file I found the last function and added the new code above the end of the file. As mentioned i renamed the function to ip_ban_range

Quote:

and finally header having chaned the function call to ip_ban_range as well

Quote:

// Check if the client is ip-banned
if ($SETTINGS['ip_banning'] == 'on') {
$ips = explode(".", $onlineip);
$query = $db->query("SELECT id FROM ".X_PREFIX."banned WHERE ((ip1='$ips[0]' OR ip1='-1') AND (ip2='$ips[1]' OR ip2='-1') AND (ip3='$ips[2]' OR ip3='-1') AND (ip4='$ips[3]' OR ip4='-1')) AND NOT (ip1='-1' AND ip2='-1' AND ip3='-1' AND ip4='-1')");
$result = $db->num_rows($query);
$db->free_result($query);
if ($result > 0) {
// Block all non-admins
$serror = 'ip';
}
if ( ip_ban_range($onlineip) ) {
$serror = 'ip';
}
}

one thing to note - If i only put in one range 1.1.1.1|255.255.255.255 it makes no difference and i simply get the you are not registered or logged in message

help

quibel - 9-7-2013 at 08:17 PM

any ideas mouser? what range did you put in to test?

Q