I've got a somewhat more complex GPL PHP script you may like to try. It's a anti-spam, anti-hack, and definitely a domain/IP range filtering script for all php websites. It's called ZB Block. It does not require any Apache security modules, MySQL or even the rewrite module for .htaccess. However, it will give you all the functionality you are looking for, and much more. The only thing it does need, outside of pure PHP 4 or 5, is .htaccess to be able to deny a directory to all, and ftp (or like) access to get around the blockage to edit files. You can read more about it at http://www.spambotsecurity.com/zbblock.php . You can download it from http://www.spambotsecurity.com/zbblock_download.php . Zap P.S. Support forum on site. Hope to hear from you soon!
I got the same problem, I run a local community announcement site, how can I ban every other country's ip range? I'm getting heavily hammered with spam. I started banning individual ips, but then it got ridiculous, the spammers just get a new ip, but i noticed they all start with the same two numbers. That's when I thought about banning the ip range.
Hi superscript, This is a post I made in a different forum yesterday: "You can actually do quite a few things to slow them down and eventually stop a lot of spam coming through webforms. Image captchas showing text are unfortunately not unbreakable anymore with some bots using: - OCR - Human Captcha Solving services Re-Captcha can be broken with a success rate of 23% (as of researchers) Captcha implementations like: - Microsoft Assira still keep a lot of automated spam at bay What else can be done is: - IP Filtering (DNSBLs, ProjectHoneypot, Local IP Blacklists and so on) - IP2Country detection (Only allow visitors from countries you are expecting legit business from) - UserAgent tracking and blocking (block certain UserAgents which keeps Spammers out even if they come back with a different IP) - Referrer tracking and blocking (block certain Referrer which keeps Spammers out even if they come back with a different IP) - Charset detection (Do not allow posts if parameters contain a certain character set) - HTTP Header checks - Block URL Attacks that show a certain pattern - Block Ranges of known "Bad IPs" These steps combined with a captcha implementation like Assira to let visitors who are human and have been detected, unblock themselves, actually helps a lot. Hope this post was usefull " If you need any help, please feel free to contact me.
Here is an really simple script. <?php $ip = $_SERVER['REMOTE_ADDR']; if($ip == "00.00.00.00"){ echo "<font color='red'>Ooops, your ip address has been banned from this website.</font>"; exit(); } ?> PHP:
I believe you can do: <?php $ip = $_SERVER['REMOTE_ADDR']; if($ip == "00.00.00.00" - "11.11.11.11"){ echo "<font color='red'>Ooops, your ip address has been banned from this website.</font>"; exit(); } ?> PHP: This will then ban all IP addresses what are between 00.00.00.00 and 11.11.11.11 I hope i helped. I have not tried this but i believe it would work. Thanks.
This will not work. If you want to block an IP by its range, you need to use binary shifts and/or ip2long to convert the octets.
I highly recommend blockscript.org They offer finite control, that is, if a paid option is suitable for you. But it's quality is way beyond anything you can do alone.
have you tried to ask what might be the issue in your htaccess file? htaccess is much better in blocking ips..
Many devices and users could be using a single IP to connect to your website. Banning IP(s) is not a good option at all times.
hi all, i need the script in this topic. $sql = mysql_query("SELECT ip FROM ip_blocked"); while ($row = mysql_fetch_array($sql)) { $targetAddr = array ($row['ip']); } foreach($targetAddr as $var) { if (preg_match('/^' . $var . '$/', $_SERVER['REMOTE_ADDR'])) { echo "ip blocked "; } else { echo "ok"; } } Code (markup): If the IP in database are all different from the visitor's IP I obtain the "ip blocked" message If there aren't IP in database I obtain "Notice: Undefined variable: targetAddr + Warning: Invalid argument supplied for foreach()" If the IP in database is the same of visitor's IP OK (i try in localhost) If the IP in database is 127.0.0.* OK (i try in localhost) How can I fix the first and second issue? Thanks! regards!!
All it takes is moving a single close brace from after $targetAddr = array ($row['ip']); to the end of the code you show. If there's no row, $targetAddr never gets set (so it doesn't exist) so the code using it never gets executed. You have the foreach using a variable that was never set if there are no rows.