Full Board URL: www.club-k.co.nz
XMB Version: 1.9.11

long time user but had to creat a new account since the move here (man has it been that long).

anyways I have recently been trying to refine my ip ban range as its just getting silly the number of bans I have in place.

I already run catcha image, approval by mod hack, random email password, and IP bans but I still get like 4-5 a day.

Question 1
Is there anyway to block a range of numbers (ie)
110.80.*.* to 110.90.*.* without having to have 10 entries.

I tried 110.8*.*.* but they were still able to register.

I dont want to ban the entire 110.*.*.* range as there are valid IPs in there.

Question 2
is there anyway to say point the xmb system at registration to this site .... http://www.stopforumspam.com/ they already have millions of blocks in place.

Question 3
i know this will be a hack request but rather than IPban is there anyway to have a system IPapprove system where xmb can automatically approve ranges I know to be good then refer the rest to me for approval like normal.

Q

re question 2, 'search' on 'stopforumspam'.,...

one more question re banning IPs.

if i ban a range that someone has already used to register can that person still log in or will it ban them as well.

Q

IP banning sounds a bit odd to me now. At work I can pick any from 15 proxy-servers located across the globe. And I'll be in different countries.

On the internet, there are quite some proxies and anonimizers.
I'm not sure that is still an accurate way to ban people that are pretty persistent.

Quote: Originally posted by quibel

one more question re banning IPs. if i ban a range that someone has already used to register can that person still log in or will it ban them as well. Q

When I'm not mistaken --> Ban.

the list of 1500 IPs i have are primarily all the same at registration. I built the list up over the last 2 years as people were registering and I didnt approve their login for one reason or another.

normally txt in the signature like "watches, rebocks, my name is , i life at, street details and area codes, look find man etc etc ... " even ones where i simply didnt like the forum name or email address.

I have checked that against the ips for accounts I did allow and have a pretty definitive range now.

not saying its perfect but it is better than nothing.

I don't know if you want to ban IP's in the Admin Panel ... Or by modifying a little bit in the header.php (where the actual banning is done)
The last one would be the easier.


This is the code-snippet that checks the database;

Code:

// Check if the client is ip-banned if ($SETTINGS['ip_banning'] == 'on') { $ips = explode(".", $onlineip); $query = $db->query("SELECT id FROM ".X_PREFIX."banned WHERE ((ip1='$ips[0]' OR ip1='-1') AND (ip2='$ips[1]' OR ip2='-1') AND (ip3='$ips[2]' OR ip3='-1') AND (ip4='$ips[3]' OR ip4='-1')) AND NOT (ip1='-1' AND ip2='-1' AND ip3='-1' AND ip4='-1')"); $result = $db->num_rows($query); $db->free_result($query); if ($result > 0) { // Block all non-admins $serror = 'ip'; } }

I've done some testing, and on my server, the IP can be used with 'smaller' and 'bigger' signs. If you add this here, below the code I just showed you, that should work;

Code:

if ( $onlineip > "110.80.0.0" AND $onlineip < "110.90.0.0" ) { $serror = 'ip'; }

Might be faster then writing a complete hack

Think i get that ... so it will check the data base for singular IP addressess in the IPban table first , then check the range then continue if all good.

Say I wanted the range like you supplied above first so that way I could remove a swag of addressess from my IPban table, where would i place it ? between the lines if {$settings and $ips ?


thanks mouser
your still a legend after all these years.

Q

Mouser - move this to hacks if you want as i just had a brain wave while running.

I can use the code you supplied as an approval system built into the header.php file by saying something along the lines of

if its in approved range do nothing ... If possible dont wait for admin to approve registration, email password and let them get on with it

if its in banned range , error message

if its not in banned range check ipban table like normal

IE (do not use my code its just me playing)

Code:

// Check if the client is ip-banned if ($SETTINGS['ip_banning'] == 'on') { // check if IP in approved IP range (numbers between a-b or c-d or e-f) if ($onlineip > "A" AND $onlineip < "B" ) OR ($onlineip > "C" AND $onlineip < "D" ) OR ($onlineip > "E" AND $onlineip < "F" ){ bypass the IP system if you have admin approval on can this be bypassed ??? letting the user just get on with it once they get here ??? password emailed to them like normal ??? } // check if IP in IPban range (as per your section of code) else ($onlineip > "A" AND $onlineip < "B" ) OR ($onlineip > "C" AND $onlineip < "D" ) OR ($onlineip > "E" AND $onlineip < "F" ){ $serror = 'ip'; } // normal proceedure else { $ips = explode(".", $onlineip); $query = $db->query("SELECT id FROM ".X_PREFIX."banned WHERE ((ip1='$ips[0]' OR ip1='-1') AND (ip2='$ips[1]' OR ip2='-1') AND (ip3='$ips[2]' OR ip3='-1') AND (ip4='$ips[3]' OR ip4='-1')) AND NOT (ip1='-1' AND ip2='-1' AND ip3='-1' AND ip4='-1')"); $result = $db->num_rows($query); $db->free_result($query); if ($result > 0) { // Block all non-admins $serror = 'ip'; } } }

Im not sure on the linking of the a-b or c-d or e-f range but i think you get the idea of what I am trying to do.

if you cant bypass the notifying person on new registration for approval thats no biggie, just trying to cut down on admin time

Q

Glad I could provide you some insight

Yes, that could be done like that.

Just a quick question; The IP checks, that is just for registration? Or for general board browsing?

Or cut it in pieces....
-> Allow all registrations coming from IP ranges U, V, W ...
-> Deny all registrations coming from IP ranges X, Y,Z ...
-> For the rest, use the normal approval steps.

-> Deny board browsing from IP ranges D, E, F.




Don't know anything about your hosting package, and bandwidth costs... deny certain IP's to browser your board, might help you save something there.

Could you attach your member.php? Maybe yours is different then the plain normal one.

I was originally thinking about doing it on registration but I suppose doing it as the page opens for browsing makes more sence. Then they cant even register so I wont have to do any approving .

I just added your original code and set it from 1.1.1.1 to 255.255.255.255 and uploaded (just to test).

I could browse as an admin but when i logged out, or used a test member account, or moderator account i got this error : "You are banned. You may not view the forums, post, make new topics, send U2U's or edit your posts".

I like it

Bandwidth isnt to much of an issue.

header.php attached.

At presnt I now have 267 IP bans in place (mostly 2nd level ip range), these could be reduced by using ranges a-b, c-d etc which I am currently sorting out on a spreadsheet.

For browsing the board (ignoring registration) it really doesnt matter if you are from a good address or an unknown so really that takes us back to just stopping those in the banned range from using.

so yeah .....
--> if you fall into one of the banned ranges (a-b,c-d,e-f etc)then error, do not pass go, do not collect $200
--> anything else checked like normal, possible browsing, posting, registration etc.

Cheers

Q

Attachment: header.php (28kB)
This file has been downloaded 353 times

Sounds good enough
Now I don't know how you want to provide the ranges.

Network ranges can be specified as:
1. Wildcard format: 1.2.3.*
2. CIDR format: 1.2.3/24 OR 1.2.3.4/255.255.255.0
3. Start-End IP format: 1.2.3.0 - 1.2.3.255


If you only wish to use #3, the following would be interesting. I'd say, ban single IP's in the Admin Panel, and then the ranges using the function below.

Add to the bottom of config.php (perhaps a nice place for it)

Code:

$banned_ranges = array ( '10.0.0.0|10.255.255.255', // single class A network '172.16.0.0|172.31.255.255', // 16 contiguous class B network '192.168.0.0|192.168.255.255', // 256 contiguous class C network '169.254.0.0|169.254.255.255', // Link-local address also refered to as Automatic Private IP Addressing '127.0.0.0|127.255.255.255' // localhost );

As an example, the private address ranges are specified. Perhaps no good idea to keep them there..


Add to functions.inc.php

Code:

function ip_in_range ($ip) { global $banned_ranges; $long_ip = ip2long ($ip); if ($long_ip != -1) { foreach ($banned_ranges AS $pri_addr) { list ($start, $end) = explode('|', $pri_addr); if ($long_ip >= ip2long ($start) && $long_ip <= ip2long ($end)) { return true; } } } return false; }

in header.php , find this

Code:

if ($result > 0) { // Block all non-admins $serror = 'ip'; } }

Replace with this

Code:

if ($result > 0) { // Block all non-admins $serror = 'ip'; } if ( ip_in_range($onlineip) ) { $serror = 'ip'; } }

Found the function over here;
http://stackoverflow.com/questions/13818064/check-if-an-ip-a...


The stuff was spread out over multiple files, as it might come in handy in other parts of the board as well sometime.

Thanks mouser

As you said I ban the single ranges in the IPban feature in control panel (ie) '14.147.*.*' or '20.223.209.*'

There are 14 major ranges in total that would remove about 40% of my individual bans while adding a range of IPs not yet banned but recorded and getting close to bans, ie
2.100.0.0 --> 9.255.255.255
11.0.0.0 --> 23.255.255.255
25.0.0.0 --> 27.250.255.255

As you can see I have tried where possible to start at a x.x.0.0 and run to the end of a range x.x.255.255

================

I assume you are adding the bit in config so that it can be used if needed in other areas of the forum at a later stage if need be?

The functions call basically returns a true or false where $long_ip is the users ip address and is compared with the start and end values in the above table?

then the header just says, check normal table and error or check the range (found in config via functions) and error if true.

does that sound about right?

That is completely correct

p.s

I have 1841 IP address's recorded as suspect,
I have bans in place to cover 994 of those 1841
Thats 54% of the recorded numbers at present.

I have 5 new registrations a day - a cap I put in place to curb false registrations.

I used to get 5-6 a day now im down to maybe 2-3 a day.

By adding the ranges I have and removing the individuals in control panel the bans in place would cover 1176 of the 1841
Thats 64% coverage instantly.

And thats only at first glance,
There will be more I just need to refine the ranges as I get time.

Q

No Go

End of config file looks like (just put in 3 ranges to cover all while testing)

Code:

// IP Range Banning $banned_ranges = array ( '1.0.0.0|100.255.255.255', '101.0.0.0|200.255.255.255', '201.0.0.0|250.255.255.255' ); // Do not edit below this line. // --------------------------- return; ?>

Only other thing I changed was the function name to
"ip_ban_range ($ip)" rather than "ip_in_range ($ip)"

of cource I then changed the header text to match.

Im guessing it has to be the function call itself but I dont know how to test that.

Im not overly concerned about it being used elsewhere, As if they are banned at the header they wont be able to do anything further in anyways.
Maybe your original code : if "ip>a and <b" or "ip>c and ip<d" etc etc is the way to go ???

Q

Curious as to whether you have done the stopforumspam bit yet:
http://forums.xmbforum2.com/viewthread.php?tid=776782#pid137...

?

I did look at it but my understanding is that they can still browse the forum and attempt a registration before getting told to sod off.

With the code mouser was building up they would get the home page but they could do nothing as they got an error message as soon as they hit the forum, plus I still maintain control over who gets banned and who doesnt.

I know its not a purfect solution but what is with these guys,

I just wanted to reduce the work load and te u2u notications on joining somewhat.

Easier, quicker to use IP ban via CSF if you have access to it. That way they don't see your website at all.

CSF ???

if you mean stopforumspam then my server is setup to run the files like in the link you supplied. If I was going to run that I think I would want the oppisite of what I am doing here now. ie - if ip in an approved range continue like normal , else check ip , then allow in if OK

Q

http://configserver.com/cp/csf.html