How Ban/Filter IP Addresses + Secure your MuToolz

[LifeStealer]

Ok first of all this has nothing to do with SERVER security...It is only for MuToolz security!!

Have problems with MuToolz hacking?You did anything to prevent hackers and they are still find your password(s)?

There's still be another way to prevent it!Yea let's get to work guys :)


This works with all versions of MuToolz!

Main Code
*Paste the code given below in mutoolz.tpl.php right below the <?PHP
*What it does?It checks the IP coming to view the site and check if it is going to be banned or accepted, then logged to a file log.. in the tmp folder.
*

function ip_check($accept_ip,$type) {
$getip = $_SERVER["REMOTE_ADDR"];
$getdate = date( "l dS of F Y" );
$gettime = date( "h:i:sa (@B" );
foreach($accept_ip as $accept) {
$ip = $_SERVER['REMOTE_ADDR'];
if($ip == $accept) {
$accepted = true;
**
**
if ($accepted == true) {
$fp = fopen("tmp/ip_".$type.".txt", "a");
fputs($fp, "**".$type."** Visit logged on $getdate at $gettime internet time) for IP: $getip\\n");
fputs($fp, "");
fclose($fp);
return true;
**
**

ALLOWING AN IP ADDRESS

On every file in the modules folder is a modules that is used by mutoolz, u can just add this codes right below the <?PHP mark to accept an IP address...In this case we need to add it in modules/admin/index.php

Easy... just copy $ip[] = 'xx.xx.xx.xx'; replace the xx.xx.xx.xx with a real ip address. u can have as many ip as u want.

next.. the actual accept code:

if (ip_check($ip,'accepted') != true) { exit(); **

Final should look like this...

$ip = array();
$ip[] = '85.100.23.00';
$ip[] = '125.112.23.64';
if (ip_check($ip,'accepted') != true) { exit(); **

So you can the final code and you put it in modules/admin/index.php (copy and add it in the top of the index.php file) , so you can add any IP's and you are absolutely responsible for the IP you gave as accepted...for 100% secured you can give your server's IP or some IP that you know you will be the only that will have access from there ;)
OK YOU ARE NOW READY :)

BANNING THE IP INSTEAD OF ACCEPTING:

Actually it is almost the same...(You must do the first step also)
Just replace the

if (ip_check($ip,'accepted') != true) { exit(); **

with

if (ip_check($ip,'ban') == true) { exit(); **

And...it should look like this:

$ip = array();
$ip[] = '85.100.23.00';
$ip[] = '125.112.23.64';
if (ip_check($ip,'accepted') != true) { exit(); **

Pretty easy right?

Now to customize your banning script...

Some people don't like the exit(); due it just causes a white screen.
so how about redirecting them to another page... something like the main page.. or google... or watever the suits ur fancy...

here is how..

just replace exit();

with

header("LOCATION: http://website.com/");

WE ARE DONE! :)

Cool Things Right?
This Guide will help you stop that damn hackers once and for all...you just have to follow my instructions and be sure of the IP's you give as acceptable ;)

Any questions post them here...


Credits: LifeStealer

[MentaL]

[AnHiMiLaToR]

lol ! awesome !

[Xurbus]

wow thanks i really need that

[RedMG]

Thx man, we need it for our private server. Wait for your next posts ! ^_^

[CALYSTO]

Mmmm i understand, all this is security for control admin panel?

[IAmMe]

Naw, that wont stop hackers. -_- this wont stop them from hacking.

[clearity_stone]

Hi Life Stealer

Thank for your intesting codes.
Firstly, I have tried to seach for mutoolz.tpl.php but could not find it.
Secondly, when I paste your second code to modules/admin/index.php right under <?php. It give me and error eventhough I have replace my real IP in place of your sample.
I would be grateful if you could help me to resolve the problem.

Thanks a lot

[clearity_stone]

Sorry for noob question.. but where is mutoolz.tpl.php ... Plz help.. thx alot

[vazzius]

Just a question, this mutoolz is a page to manage MU right?

If it is you can use .htaccess of the apache web server to do the job of ip filter...

But really nice work man!!

[Biggspeed]

Doesn't work for me it just says unrecognized characters?

[HELL_IN_HEAVEN]

you mean i have to manually place all the ip that i need to accept to play?hacker can use diff ip'S. pls enlighten me about this..

[masternetpro]

make how? in asp web , it action the same. you guide me.

[john_d]

did something similar a long time ago... date... 11-20-2005

Quick IP BANNER!!!

Files to Edit: 2 ( config.php and headers.php )

config.php edit

PHP Code:
add above ?>
$config['banned'] = 'IP_HERE';
headers.php edit
PHP Code:
add above if (!isset($DONT_LOAD_DB)) {
#ip ban addon
$banlist = preg_split('/ /', $config['banned'], -1,PREG_SPLIT_NO_EMPTY);
if (in_array($_SERVER['REMOTE_ADDR'],$banlist)) {
Header("LOCATION: http://yahoo.com");
**
#end of ip ban addon

IP_HERE = u can change it to a list of ips.. just separate each one with a SPACE ( sample $config['banned'] = '123.132.0.2 215.225.224.3'; )

[CreationT]

Oh,ok thank you for your help..

[LifeStealer]

you mean i have to manually place all the ip that i need to accept to play?hacker can use diff ip'S. pls enlighten me about this..

Everything is possible, you can even ban a range of IP's to get rid of it.

[forgetpass]

Nice work. However, if you know the fopen command sometimes may lead to a remote include attack.