How Ban/Filter IP Addresses + Secure your MuToolz

Ok first of all this has nothing to do with SERVER security...It is only for MuToolz security!!

Have problems with MuToolz hacking?You did anything to prevent hackers and they are still find your password(s)?

There's still be another way to prevent it!Yea let's get to work guys :)


This works with all versions of MuToolz!

Main Code
*Paste the code given below in mutoolz.tpl.php right below the <?PHP
*What it does?It checks the IP coming to view the site and check if it is going to be banned or accepted, then logged to a file log.. in the tmp folder.
*

Quote:

---

Originally Posted by LifeStealer

function ip_check($accept_ip,$type) {
$getip = $_SERVER["REMOTE_ADDR"];
$getdate = date( "l dS of F Y" );
$gettime = date( "h:i:sa (@B" );
foreach($accept_ip as $accept) {
$ip = $_SERVER['REMOTE_ADDR'];
if($ip == $accept) {
$accepted = true;
**
**
if ($accepted == true) {
$fp = fopen("tmp/ip_".$type.".txt", "a");
fputs($fp, "**".$type."** Visit logged on $getdate at $gettime internet time) for IP: $getip\\n");
fputs($fp, "");
fclose($fp);
return true;
**
**

---

ALLOWING AN IP ADDRESS

On every file in the modules folder is a modules that is used by mutoolz, u can just add this codes right below the <?PHP mark to accept an IP address...In this case we need to add it in modules/admin/index.php

Easy... just copy $ip[] = 'xx.xx.xx.xx'; replace the xx.xx.xx.xx with a real ip address. u can have as many ip as u want.

next.. the actual accept code:

Quote:

---

Originally Posted by LifeStealer

if (ip_check($ip,'accepted') != true) { exit(); **

---

Final should look like this...

Quote:

---

Originally Posted by LifeStealer

$ip = array();
$ip[] = '85.100.23.00';
$ip[] = '125.112.23.64';
if (ip_check($ip,'accepted') != true) { exit(); **

---

So you can the final code and you put it in modules/admin/index.php (copy and add it in the top of the index.php file) , so you can add any IP's and you are absolutely responsible for the IP you gave as accepted...for 100% secured you can give your server's IP or some IP that you know you will be the only that will have access from there ;)
OK YOU ARE NOW READY :)

BANNING THE IP INSTEAD OF ACCEPTING:

Actually it is almost the same...(You must do the first step also)
Just replace the

Quote:

---

Originally Posted by LifeStealer

if (ip_check($ip,'accepted') != true) { exit(); **

---

with

Quote:

---

Originally Posted by LifeStealer

if (ip_check($ip,'ban') == true) { exit(); **

---

And...it should look like this:

Quote:

---

Originally Posted by LifeStealer

$ip = array();
$ip[] = '85.100.23.00';
$ip[] = '125.112.23.64';
if (ip_check($ip,'accepted') != true) { exit(); **

---

Pretty easy right?

Now to customize your banning script...

Some people don't like the exit(); due it just causes a white screen.
so how about redirecting them to another page... something like the main page.. or google... or watever the suits ur fancy...

here is how..

just replace exit();

with

Quote:

---

Originally Posted by LifeStealer

header("LOCATION: http://website.com/");

---

WE ARE DONE! :)

Cool Things Right?
This Guide will help you stop that damn hackers once and for all...you just have to follow my instructions and be sure of the IP's you give as acceptable ;)

Any questions post them here...


Credits: LifeStealer

lol ! awesome !

wow thanks i really need that

Thx man, we need it for our private server. Wait for your next posts ! ^_^

Mmmm i understand, all this is security for control admin panel?

Naw, that wont stop hackers. -_- this wont stop them from hacking.

Hi Life Stealer

Thank for your intesting codes.
Firstly, I have tried to seach for mutoolz.tpl.php but could not find it.
Secondly, when I paste your second code to modules/admin/index.php right under <?php. It give me and error eventhough I have replace my real IP in place of your sample.
I would be grateful if you could help me to resolve the problem.

Thanks a lot

Sorry for noob question.. but where is mutoolz.tpl.php ... Plz help.. thx alot

Just a question, this mutoolz is a page to manage MU right?

If it is you can use .htaccess of the apache web server to do the job of ip filter...

But really nice work man!!

Doesn't work for me it just says unrecognized characters?

you mean i have to manually place all the ip that i need to accept to play?hacker can use diff ip'S. pls enlighten me about this..

make how? in asp web , it action the same. you guide me.

did something similar a long time ago... date... 11-20-2005

Quote:

---

Quick IP BANNER!!!

Files to Edit: 2 ( config.php and headers.php )

config.php edit

PHP Code:
add above ?>
$config['banned'] = 'IP_HERE';
headers.php edit
PHP Code:
add above if (!isset($DONT_LOAD_DB)) {
#ip ban addon
$banlist = preg_split('/ /', $config['banned'], -1,PREG_SPLIT_NO_EMPTY);
if (in_array($_SERVER['REMOTE_ADDR'],$banlist)) {
Header("LOCATION: http://yahoo.com");
**
#end of ip ban addon

IP_HERE = u can change it to a list of ips.. just separate each one with a SPACE ( sample $config['banned'] = '123.132.0.2 215.225.224.3'; )

---

Oh,ok thank you for your help..

Quote:

---

Originally Posted by HELL_IN_HEAVEN

you mean i have to manually place all the ip that i need to accept to play?hacker can use diff ip'S. pls enlighten me about this..

---

Everything is possible, you can even ban a range of IP's to get rid of it.

Nice work. However, if you know the fopen command sometimes may lead to a remote include attack.