Pages:
1
2 |
quibel
Member
 
Posts: 24
Registered: 8-27-2013
Member Is Offline
|
|
[New] IP Banning help / questions
Full Board URL: www.club-k.co.nz
XMB Version: 1.9.11
long time user but had to creat a new account since the move here (man has it been that long).
anyways I have recently been trying to refine my ip ban range as its just getting silly the number of bans I have in place.
I already run catcha image, approval by mod hack, random email password, and IP bans but I still get like 4-5 a day.
Question 1
Is there anyway to block a range of numbers (ie)
110.80.*.* to 110.90.*.* without having to have 10 entries.
I tried 110.8*.*.* but they were still able to register.
I dont want to ban the entire 110.*.*.* range as there are valid IPs in there.
Question 2
is there anyway to say point the xmb system at registration to this site .... http://www.stopforumspam.com/ they already have millions of blocks in place.
Question 3
i know this will be a hack request but rather than IPban is there anyway to have a system IPapprove system where xmb can automatically approve ranges
I know to be good then refer the rest to me for approval like normal.
Q
|
|
lottos
Administrator
      
Posts: 482
Registered: 6-3-2002
Member Is Offline
Mood: pass me a TimTam
|
|
re question 2, 'search' on 'stopforumspam'.,...
|
|
quibel
Member
 
Posts: 24
Registered: 8-27-2013
Member Is Offline
|
|
one more question re banning IPs.
if i ban a range that someone has already used to register can that person still log in or will it ban them as well.
Q
|
|
Mouser
XMB Contributor
      
Posts: 202
Registered: 4-14-2008
Member Is Offline
Mood: Christmasy. Yes, in September.
|
|
IP banning sounds a bit odd to me now. At work I can pick any from 15 proxy-servers located across the globe. And I'll be in different countries.
On the internet, there are quite some proxies and anonimizers.
I'm not sure that is still an accurate way to ban people that are pretty persistent.
Quote: Originally posted by quibel  | one more question re banning IPs.
if i ban a range that someone has already used to register can that person still log in or will it ban them as well.
Q |
When I'm not mistaken --> Ban.
|
|
quibel
Member
 
Posts: 24
Registered: 8-27-2013
Member Is Offline
|
|
the list of 1500 IPs i have are primarily all the same at registration. I built the list up over the last 2 years as people were registering and I
didnt approve their login for one reason or another.
normally txt in the signature like "watches, rebocks, my name is , i life at, street details and area codes, look find man etc etc ... " even ones
where i simply didnt like the forum name or email address.
I have checked that against the ips for accounts I did allow and have a pretty definitive range now.
not saying its perfect but it is better than nothing.
|
|
Mouser
XMB Contributor
      
Posts: 202
Registered: 4-14-2008
Member Is Offline
Mood: Christmasy. Yes, in September.
|
|
I don't know if you want to ban IP's in the Admin Panel ... Or by modifying a little bit in the header.php (where the actual banning is done)
The last one would be the easier.
This is the code-snippet that checks the database;
Code: | // Check if the client is ip-banned
if ($SETTINGS['ip_banning'] == 'on') {
$ips = explode(".", $onlineip);
$query = $db->query("SELECT id FROM ".X_PREFIX."banned WHERE ((ip1='$ips[0]' OR ip1='-1') AND (ip2='$ips[1]' OR ip2='-1') AND (ip3='$ips[2]' OR ip3='-1') AND (ip4='$ips[3]' OR ip4='-1')) AND NOT (ip1='-1' AND ip2='-1' AND ip3='-1' AND ip4='-1')");
$result = $db->num_rows($query);
$db->free_result($query);
if ($result > 0) {
// Block all non-admins
$serror = 'ip';
}
} |
I've done some testing, and on my server, the IP can be used with 'smaller' and 'bigger' signs. If you add this here, below the code I just showed
you, that should work;
Code: | if ( $onlineip > "110.80.0.0" AND $onlineip < "110.90.0.0" ) {
$serror = 'ip';
} |
Might be faster then writing a complete hack 
|
|
quibel
Member
 
Posts: 24
Registered: 8-27-2013
Member Is Offline
|
|
Think i get that ... so it will check the data base for singular IP addressess in the IPban table first , then check the range then continue if all
good.
Say I wanted the range like you supplied above first so that way I could remove a swag of addressess from my IPban table, where would i place it ?
between the lines if {$settings and $ips ?
thanks mouser
your still a legend after all these years.
Q
|
|
quibel
Member
 
Posts: 24
Registered: 8-27-2013
Member Is Offline
|
|
Mouser - move this to hacks if you want as i just had a brain wave while running.
I can use the code you supplied as an approval system built into the header.php file by saying something along the lines of
if its in approved range do nothing ... If possible dont wait for admin to approve registration, email password and let them get on with it
if its in banned range , error message
if its not in banned range check ipban table like normal
IE (do not use my code its just me playing)
Code: |
// Check if the client is ip-banned
if ($SETTINGS['ip_banning'] == 'on') {
// check if IP in approved IP range (numbers between a-b or c-d or e-f)
if ($onlineip > "A" AND $onlineip < "B" ) OR
($onlineip > "C" AND $onlineip < "D" ) OR
($onlineip > "E" AND $onlineip < "F" ){
bypass the IP system
if you have admin approval on can this be bypassed ???
letting the user just get on with it once they get here ???
password emailed to them like normal ???
}
// check if IP in IPban range (as per your section of code)
else ($onlineip > "A" AND $onlineip < "B" ) OR
($onlineip > "C" AND $onlineip < "D" ) OR
($onlineip > "E" AND $onlineip < "F" ){
$serror = 'ip';
}
// normal proceedure
else {
$ips = explode(".", $onlineip);
$query = $db->query("SELECT id FROM ".X_PREFIX."banned WHERE ((ip1='$ips[0]' OR ip1='-1') AND (ip2='$ips[1]' OR ip2='-1') AND (ip3='$ips[2]' OR ip3='-1') AND (ip4='$ips[3]' OR ip4='-1')) AND NOT (ip1='-1' AND ip2='-1' AND ip3='-1' AND ip4='-1')");
$result = $db->num_rows($query);
$db->free_result($query);
if ($result > 0) {
// Block all non-admins
$serror = 'ip';
}
}
}
|
Im not sure on the linking of the a-b or c-d or e-f range but i think you get the idea of what I am trying to do.
if you cant bypass the notifying person on new registration for approval thats no biggie, just trying to cut down on admin time
Q
|
|
Mouser
XMB Contributor
      
Posts: 202
Registered: 4-14-2008
Member Is Offline
Mood: Christmasy. Yes, in September.
|
|
Glad I could provide you some insight
Yes, that could be done like that.
Just a quick question; The IP checks, that is just for registration? Or for general board browsing?
Or cut it in pieces....
-> Allow all registrations coming from IP ranges U, V, W ...
-> Deny all registrations coming from IP ranges X, Y,Z ...
-> For the rest, use the normal approval steps.
-> Deny board browsing from IP ranges D, E, F.
Don't know anything about your hosting package, and bandwidth costs... deny certain IP's to browser your board, might help you save something there.
Could you attach your member.php? Maybe yours is different then the plain normal one.
|
|
quibel
Member
 
Posts: 24
Registered: 8-27-2013
Member Is Offline
|
|
I was originally thinking about doing it on registration but I suppose doing it as the page opens for browsing makes more sence. Then they cant even
register so I wont have to do any approving  .
I just added your original code and set it from 1.1.1.1 to 255.255.255.255 and uploaded (just to test).
I could browse as an admin but when i logged out, or used a test member account, or moderator account i got this error : "You are banned. You may not
view the forums, post, make new topics, send U2U's or edit your posts".
I like it
Bandwidth isnt to much of an issue.
header.php attached.
At presnt I now have 267 IP bans in place (mostly 2nd level ip range), these could be reduced by using ranges a-b, c-d etc which I am currently
sorting out on a spreadsheet.
For browsing the board (ignoring registration) it really doesnt matter if you are from a good address or an unknown so really that takes us back to
just stopping those in the banned range from using.
so yeah .....
--> if you fall into one of the banned ranges (a-b,c-d,e-f etc)then error, do not pass go, do not collect $200
--> anything else checked like normal, possible browsing, posting, registration etc.
Cheers
Q Attachment: header.php (28kB) This file has been downloaded 426 times
|
|
Mouser
XMB Contributor
      
Posts: 202
Registered: 4-14-2008
Member Is Offline
Mood: Christmasy. Yes, in September.
|
|
Sounds good enough 
Now I don't know how you want to provide the ranges.
Network ranges can be specified as:
1. Wildcard format: 1.2.3.*
2. CIDR format: 1.2.3/24 OR 1.2.3.4/255.255.255.0
3. Start-End IP format: 1.2.3.0 - 1.2.3.255
If you only wish to use #3, the following would be interesting. I'd say, ban single IP's in the Admin Panel, and then the ranges using the function
below.
Add to the bottom of config.php (perhaps a nice place for it)
Code: | $banned_ranges = array (
'10.0.0.0|10.255.255.255', // single class A network
'172.16.0.0|172.31.255.255', // 16 contiguous class B network
'192.168.0.0|192.168.255.255', // 256 contiguous class C network
'169.254.0.0|169.254.255.255', // Link-local address also refered to as Automatic Private IP Addressing
'127.0.0.0|127.255.255.255' // localhost
); |
As an example, the private address ranges are specified. Perhaps no good idea to keep them there..
Add to functions.inc.php
Code: | function ip_in_range ($ip) {
global $banned_ranges;
$long_ip = ip2long ($ip);
if ($long_ip != -1) {
foreach ($banned_ranges AS $pri_addr) {
list ($start, $end) = explode('|', $pri_addr);
if ($long_ip >= ip2long ($start) && $long_ip <= ip2long ($end)) {
return true;
}
}
}
return false;
} |
in header.php , find this
Code: |
if ($result > 0) {
// Block all non-admins
$serror = 'ip';
}
} |
Replace with this
Code: |
if ($result > 0) {
// Block all non-admins
$serror = 'ip';
}
if ( ip_in_range($onlineip) ) {
$serror = 'ip';
}
} |
Found the function over here;
http://stackoverflow.com/questions/13818064/check-if-an-ip-a...
The stuff was spread out over multiple files, as it might come in handy in other parts of the board as well sometime.
|
|
quibel
Member
 
Posts: 24
Registered: 8-27-2013
Member Is Offline
|
|
Thanks mouser
As you said I ban the single ranges in the IPban feature in control panel (ie) '14.147.*.*' or '20.223.209.*'
There are 14 major ranges in total that would remove about 40% of my individual bans while adding a range of IPs not yet banned but recorded and
getting close to bans, ie
2.100.0.0 --> 9.255.255.255
11.0.0.0 --> 23.255.255.255
25.0.0.0 --> 27.250.255.255
As you can see I have tried where possible to start at a x.x.0.0 and run to the end of a range x.x.255.255
================
I assume you are adding the bit in config so that it can be used if needed in other areas of the forum at a later stage if need be?
The functions call basically returns a true or false where $long_ip is the users ip address and is compared with the start and end values in the above
table?
then the header just says, check normal table and error or check the range (found in config via functions) and error if true.
does that sound about right?
|
|
Mouser
XMB Contributor
      
Posts: 202
Registered: 4-14-2008
Member Is Offline
Mood: Christmasy. Yes, in September.
|
|
That is completely correct 
|
|
quibel
Member
 
Posts: 24
Registered: 8-27-2013
Member Is Offline
|
|
p.s
I have 1841 IP address's recorded as suspect,
I have bans in place to cover 994 of those 1841
Thats 54% of the recorded numbers at present.
I have 5 new registrations a day - a cap I put in place to curb false registrations.
I used to get 5-6 a day now im down to maybe 2-3 a day.
By adding the ranges I have and removing the individuals in control panel the bans in place would cover 1176 of the 1841
Thats 64% coverage instantly.
And thats only at first glance,
There will be more I just need to refine the ranges as I get time.
Q
|
|
quibel
Member
 
Posts: 24
Registered: 8-27-2013
Member Is Offline
|
|
No Go
End of config file looks like (just put in 3 ranges to cover all while testing)
Code: |
// IP Range Banning
$banned_ranges = array (
'1.0.0.0|100.255.255.255',
'101.0.0.0|200.255.255.255',
'201.0.0.0|250.255.255.255'
);
// Do not edit below this line.
// ---------------------------
return;
?>
|
Only other thing I changed was the function name to
"ip_ban_range ($ip)" rather than "ip_in_range ($ip)"
of cource I then changed the header text to match.
Im guessing it has to be the function call itself but I dont know how to test that.
Im not overly concerned about it being used elsewhere, As if they are banned at the header they wont be able to do anything further in anyways.
Maybe your original code : if "ip>a and <b" or "ip>c and ip<d" etc etc is the way to go ???
Q
|
|
lottos
Administrator
      
Posts: 482
Registered: 6-3-2002
Member Is Offline
Mood: pass me a TimTam
|
|
|
|
quibel
Member
 
Posts: 24
Registered: 8-27-2013
Member Is Offline
|
|
I did look at it but my understanding is that they can still browse the forum and attempt a registration before getting told to sod off.
With the code mouser was building up they would get the home page but they could do nothing as they got an error message as soon as they hit the
forum, plus I still maintain control over who gets banned and who doesnt.
I know its not a purfect solution but what is with these guys,
I just wanted to reduce the work load and te u2u notications on joining somewhat.
|
|
lottos
Administrator
      
Posts: 482
Registered: 6-3-2002
Member Is Offline
Mood: pass me a TimTam
|
|
Easier, quicker to use IP ban via CSF if you have access to it. That way they don't see your website at all.
|
|
quibel
Member
 
Posts: 24
Registered: 8-27-2013
Member Is Offline
|
|
CSF ???
if you mean stopforumspam then my server is setup to run the files like in the link you supplied. If I was going to run that I think I would want
the oppisite of what I am doing here now. ie - if ip in an approved range continue like normal , else check ip , then allow in if OK
Q
|
|
lottos
Administrator
      
Posts: 482
Registered: 6-3-2002
Member Is Offline
Mood: pass me a TimTam
|
|
|
|
Pages:
1
2 |