I would like to use a php script to block entire classes of networks (example: 192.168.0.0/24) and have the script read the networks off of a text file instead of hardcoding the networks into the script. Could anyone help with this please? Thanks in advance guys/girls.
This method is relatively straightforward. Simply edit, copy and paste the following code example into the top of any PHP for which you wish to block access: <?php $deny = array("111.111.111", "222.222.222", "333.333.333"); if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) { header("location: http://www.google.com/"); exit(); } ?> Code (markup): The code basically creates an array of the IP addresses that you wish to block, and then checks incoming addresses against the array. If the incoming (i.e., remote) address matches against any value in the array, the function will deny access with a redirect header to the specified URL, which in this case is the majestic Google home page. It all happens quickly, quietly, and without any fuss. Thus, when using this code in your pages, simply replace the “dummy†IP addresses (i.e., "111.111.111", "222.222.222", ...) with those that you wish to block (e.g., "123.456.789", "123.456.*", "123.*", ...). Yes, PHP understands wildcard operators (i.e., *). After editing the array of IP addresses, upload the file to your server and relax. If you would like to verify this method, simply lookup your own IP address, add it to the array, and try loading the target page. That’s all there is to it
#1 -The OP clearly stated that IP blocks were to be loaded from a file and not hard-coded into the script. #2 - PHP *does not* support wildcards. Not sure where you got this information from but an asterix in a text string is an asterix, not a wildcard operator. @moofy - using PHP to read a file and parse through text strings is a terribly slow way to accomplish this task. I suggest you try using .htaccess file as it is a much more robust solution and it you don't have to code it into every page on your site. For more information (including full IP blocks for specific countries) look here http://www.countryipblocks.net/
Thanks, but is there any way to load the ip addys from a text file? I would simply like to update the text regularly instead of the code. Thanks again for taking the time to respond.
Sounds like you're using SMF forum software, am I right ?? OK, here's something you might not have thought about : What if a new user using a proxy wants to register? You'll be blocking them as well. Also, if they're using a TOR proxy, you'll never get the same IP twice because TOR exit points are constantly changing IP's. If you're trying to stop spammers from accessing your forum, there are better ways to handle it. I operate a webmasters forum with over 12K members and I've pretty much plugged all the spam holes through a three pronged attack : 1. Eliminate all proxy signups using proxy detection software I authored (and sell) that nixes http proxies as well as TOR proxies. 2. Ban certain Russian and Chinese IP blocks in my register.php from signing up 3. Add code so new users with less than 10 posts can't post a link. The third method has reduced forum spam to almost zero. Before that, my mods and I were chasing spam all day long. If you're just trying to block nuisance members who get banned and want to come back and cause trouble, I do have a proxy detection PHP script that is 100% accurate which I sell for $20 a pop. It plugs right into your register.php with two lines of code. Putting IP's in a text file will just be chasing your tail and you'll end up spending more time updating the file than the trouble is worth.
ip.txt 66.249.73.* 192.168.1.* Code (markup): <?php error_reporting(0); if ($handle = fopen("ip.txt", "r+")) { $ip = explode(" ", fread($handle, filesize("ip.txt"))); for ($i = 0; $i < count($ip); $i++) { $ip[$i] = str_replace("*", "(.*)", $ip[$i]); if (ereg($ip[$i], $_SERVER['REMOTE_ADDR'])) { header("Location: http://google.com/"); } } fclose($handle); } ?> Code (markup):
I tried this with the IP format as you outlined above but it did not redirect when I connect from the test IP. Any thoughts?
you are right. I am already doing a port scan of the remote host for ports like 80,3128 etc etc which I embedded in the Register.php script. But it's those paid proxies that don't listen on any of these ports that I'm trying to block with a text file read. I figured since I already had a txt file to block the tor network it would be more efficient to block by net address rather than single ip addy's thanks again for taking the time to respond!
Bryce, thank you for the link to our website. Bryce is correct, using PHP is probably going to slow things down, especially if you are using a large block of IPs. .htaccess would probably improve performance but if your .htaccess list is quite large and your system doesn't have the CPU/Memory to handle it, you'll take some performance hits as well. While many of our Country IP Blocks clients use .htaccess lists, some also use IP tables on their firewalls. Others actually use SQL or MySQL to store their blocks and then do a very fast search on incoming traffic to see if it needs to be blocked or redirected. It is also a great way to develop better traffic origin stats.