My IP banning script [PHP]

Post by **Gogeta70** » 07 Dec 2006, 18:31

On my blog, someone's been spamming recently, so i took the liberty to code an (somewhat) advanced IP banning script. Here they are for your free use.

[ipban.php] lists ip's and posts associated with them.

Code: Select all

<?PHP

session_start();

if($_SESSION['admin'] == "*")
{
include("ips.php");
for($a = 0; $a < count($ip); $a++)
{
echo "IP: <a hr ef='banit.php?ip=" . $ip[$a] . "'>Ban " . $ip[$a] . "</a ><br/><br/>";
for($b = 0; $b < count($com[$ip[$a]]); $b++)
{
echo $com[$ip[$a]][$b] . "<br/>-<br/>";
}
echo "<h r><br/>";
}

} else {
echo "<!DOC TYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">
<ht ml><he ad>
<tit le>404 Not Found</ti tle>
</he ad><bo dy>
<h1>Not Found</h1>
<p>The requested URL /ipban.php was not found on this server.</p>
<h r>
<ad dress>Apache Server at fatalh.sytes.net Port 80</add ress>
</bo dy></ht ml>";
}

?>

[ips.php] list of ip's and posts associated with them (ommited the array because of large size)

Code: Select all

<?PHP

$ip = array();
$com = array();

$ip[] = "ip here";
$com['ip'][] = "comment";

[banip.php] adds an ip to the "banned" list. Adds only the first three parts, as to block a whole LAN.

Code: Select all

<?PHP

session_start();

if($_SESSION['admin'] == "*")
{
include("ips.php");
$bip = $_GET['ip'];

$bip = explode(".", $bip);
$bip = $bip[0] . "." . $bip[1] . "." . $bip[2];

$open = fopen("banned.php", "a");
$write = "\$bip[] = '$bip';" . chr(10);

fwrite($open, $write);
fclose($open);
header("location: ipban.php");

} else {
echo "<!DO CTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">
<ht ml><he ad>
<ti tle>404 Not Found</t itle>
</he ad><bo dy>
<h1>Not Found</h1>
<p>The requested URL /banit.php was not found on this server.</p>
<hr>
<add ress>Apache Server at fatalh.sytes.net Port 80</addr ess>
</b ody></ht ml>";
}

?>

[banned.php] list of banned IP's

Code: Select all

<?PHP
$bip = array();

$bip[] = '85.255.120'; // f*ckin' spammer

[addc.php] adds a comment, but also effectively blocks those with banned IP's.

Code: Select all

<?PHP

// die("maintenance.");

session_start();
include("banned.php");

$lip = $_SERVER['REMOTE_ADDR'];
$lip = explode(".", $lip);
$lip = $lip[0] . "." . $lip[1] . "." . $lip[2];

if(array_search($lip, $bip) !== FALSE)
{
die("You've been banned from posting comments, most likely because of extreme stupidity, noobishness, spamming, or refusal to follow my rules. No you're not getting a second chance, unless you can find me. So if your life revolves around reading and posting in my blog, well, go crawl in a corner and die.");
}


if($_POST['verify'] == $_SESSION['num'] and !empty($_POST['name']) and !empty($_POST['comment']) and !empty($_POST['id']))
{
$name = $_POST['name'];
$comment = $_POST['comment'];
$id = $_POST['id'];

$comment = htmlentities($comment);
$name = htmlentities($name);

$comment = str_replace("\'", "'", $comment);
$comment = str_replace(chr(10), "<br/>", $comment);
// $name = str_replace("<", "[", $name);
// $comment = str_replace("<", "[", $comment);

$wri = "\$comment[$id][] = \"<h4>$name</h4> $comment<div class=underline>&nbsp;</div>\";" . chr(10);

include("ips.php");
$open = fopen("ips.php", "a");
if(array_search($lip, $ip) === FALSE)
{
$write = "\$ip[] = '$lip';" . chr(10);
fwrite($open, $write);
}
$write = "\$com['$lip'][] = \"$comment\";" . chr(10);
fwrite($open, $write);
fclose($open);

$open = fopen("comment.php", "a");
fwrite($open, $wri);
fclose($open);

header("location: comments.php?id=$id");
} else {
die("You forgot to do the image verification, or you didn't fill out the whole form.");
}


?>

If you guys want to improve upon this script, go for it. But if you do use this script, i'd appreciate credit. (html tags are spaced because of HTML filter...)

steppinout · Post by **steppinout** » 09 Dec 2006, 07:24

what you've posted here seems like something I could use for my particular problem....if not maybe you could give me some advice? I'm new to the script area of computers in how to manipulate to get a program to run correctly.
this is my problem.....I get an online newspaper everyday (local paper) and this is the second time this has happened. The entire newspaper comes through fine except for one area of the classifieds. Classifieds include real estate, merchandise (buy sell) and a host of other sub-sections. I'm sure I'm not telling you anything so far you don't already know, but just so you get a good picture of the problem that occurs.
One such sub-section is the 'renting' ...apartment renting section. When I click this section, narrow it down to what 'type'...(unfurnished, furnished, etc) or for that matter I don't even need to narrow it, the section just won't come through, it displays in the address bar as 'error.shtml' at the end of the particular section address. This is the only part of this online paper that does this, I can click on the 'buy houses' or any other sub section and it displays fine. Can I change this somehow on my end to view the renting ads? Or is is something only the newspaper can do? Thanks for any help, very appreciated. If you need more info or it's not explained well enough please let me know. Thanks...

Post by **Gogeta70** » 09 Dec 2006, 14:15

I don't think there's much you can do on your end, sorry.

FrankB · Post by **FrankB** » 12 Dec 2006, 12:51

steppinout wrote: One such sub-section is the 'renting' ...apartment renting section. When I click this section, narrow it down to what 'type'...(unfurnished, furnished, etc) or for that matter I don't even need to narrow it, the section just won't come through, it displays in the address bar as 'error.shtml' at the end of the particular section address. .

It could be an error at the server SSI, can you post a lightweight screenshot ?, so we are sure on which end resides the problem.

FrankB · Post by **FrankB** » 12 Dec 2006, 13:08

@GoGeta.

Be careful when blocking IP numbers of the IPv6 type like "85.255.120", most of them (or all) are assigned by DHCP. So, for a permanent IP ban, you'd have to use a strong resolving script.
In both cases you can also use the realm of .htaccess.
In the root directory you'd make a file ".htaccess" and enter approximately this :

Code: Select all

SetEnvIf Remote_Addr ^85.255\.120\$ ban 
<Files ~ "^.*$"> 
order allow,deny 
allow from all 
deny from env=ban 
</Files>

And you must give PHP r-w-access to .htaccess or you spamtrap yourself.
Just a suggestion on the fly for those who use the allmighty Apache HTTPd server

Post by **Gogeta70** » 12 Dec 2006, 20:32

Well frank, i've never gotten around to getting .HTACCESS to work on my server...

steppinout · Post by **steppinout** » 12 Dec 2006, 22:04

I would load a screenshot but they did fix the problem. Thanks for your posts.

Post by **bad_brain** » 13 Dec 2006, 05:30

well, banning IP addresses is a little tricky anyway, it's a good way to ban the average skiddie but it's not a permanent solution. I mean, most of the users don't have a static IP, so after the next re-connect the ban is useless....and even when the user has a static IP the ban can be evaded by using a proxy. I know this is about banning on application level (httpd), but I just wanted to add that it's much better to ban the MAC address. I'm not sure if this is possible by .htaccess (I would do it by the firewall). another option would be to ban the whole /16 IP-range, I do this sometimes when attacks from "skiddie-country" appear (I'm not saying what country it is but most users will know what I mean)....but it's a risk to do this by an automatized script, because if an attacker is smart and notices the method it can be abused as a semi-DoS attack (by spoofing many different IPs until almost all ranges are banned and the service is unreachable to almost anybody).

well, like I said, it's tricky...but imo the script is good enough for banning those crappy spambots, I had to delete about 200 viagra-comments on the news already too...

as far as I know the names of those bots rarely change, so maybe you can use the names I posted on the web dev-board to create a blacklist....also it's good to add this kind of "enter security code here"-field and display the code as a .gif or .jpg...like it is often used on download-sites.

FrankB · Post by **FrankB** » 13 Dec 2006, 12:17

bad_brain wrote: I know this is about banning on application level (httpd), but I just wanted to add that it's much better to ban the MAC address. I'm not sure if this is possible by .htaccess (I would do it by the firewall).

Excellent idea ! Unfortunately, this is not 100% reliable when using .htaccess and|or scripting languages indeed.
Plus : in some countries , fetching someone's MAC address is considered as a pure privacy break ... whatever the reason is. ( and prolly for the solely reason you mentionned also ).

bad_brain wrote:another option would be to ban the whole /16 IP-range, I do this sometimes when attacks from "skiddie-country" appear (I'm not saying what country it is but most users will know what I mean)....but it's a risk to do this by an automatized script, because if an attacker is smart and notices the method it can be abused as a semi-DoS attack (by spoofing many different IPs until almost all ranges are banned and the service is unreachable to almost anybody).

.. f*cking brillant remark, BBrain ! it should be in the HOW_TO's !
( y'all have read that, punks ! ?

getdollar · Post by **getdollar** » 07 Jan 2007, 07:45

Thank,i need this script

cr4zy-C0D3R · Post by **cr4zy-C0D3R** » 23 Feb 2007, 09:28

great work admin

Post by **Gogeta70** » 23 Feb 2007, 17:11

Thanks guys.