Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

[Question] iP bann from site

Junior Spellweaver
Joined
Jan 16, 2007
Messages
133
Reaction score
0
Hello,
I've been getting some annoying people in my web site and I want to block them from viewing my site.
I added the follownig code to my index.php but it din't work, If any one knows please help me out.

<?php
$ip
= getenv('REMOTE_ADDR');
$blocked = "xx.xx.xx.xx";
if (ereg($blocked,$ip))
{
echo
"You Have Been Banned";
exit();
}
?>

Thanks in advice.
 
Custom Title Activated
Member
Joined
Aug 8, 2004
Messages
3,892
Reaction score
20
Dude.. Regular expressions for a simple stringmatch? Its not C you know.. :icon6:

PHP:
if($_SERVER['REMOTE_ADDR'] == 'xx.xx.xx.xx')
  die("Access to this page is restricted. You are teh suck!");

If you want to make a more general blacklist you can simply use an array:
PHP:
$blaclist = array('xx.xx.xx.xx', 'yy.yy.yy.yy');
if(in_array($_SERVER['REMOTE_ADDR'], $blacklist))
  die("Access to this page is restricted. You are teh suck!");
 
Junior Spellweaver
Joined
Jan 16, 2007
Messages
133
Reaction score
0
hehe thanks a lot FragFrog, I'll check it out now :p
and btw i like that ' You are teh suck!' LOL

EDIT: Worked man! thanks :p
 
Custom Title Activated
Member
Joined
Jun 8, 2006
Messages
1,030
Reaction score
0
hehe thanks a lot FragFrog, I'll check it out now :p
and btw i like that ' You are teh suck!' LOL

EDIT: Worked man! thanks :p
Off topic: i like teh suck too :p
On topic: I tried what FF posted and its working like a machine :)
GL & HF
 
Divine Celestial
Member
Joined
Jul 7, 2004
Messages
853
Reaction score
5
sage

Learn to use .htaccess.

And unless you're trying to block very stupid n00bs, they'll get around it pretty easily.
 
Custom Title Activated
Member
Joined
Aug 8, 2004
Messages
3,892
Reaction score
20
You cannot easily block people dynamically using a .htaccess file username1, which is why this sollution is a lot more elegant. You could easily add the IP's in the blacklist to a database and make a form to add new ones which would mean you could make an instant 'IP-ban' button on userprofile pages for example. You can't do that with a .htaccess file without resorting to file functions, which is quite ugly in my opinion.

As for bypassing this, you have a point there, a nice way to make it harder for them is to give banned users a cookie (logic there would be: if (user = banned) -> setcookie (banned = true) ), and if someone comes in on a new IP with a banned cookie, automatically add that IP to the banlist. Great way to detect proxies too.

Ofcourse, if someone FIRST clears his cookies, THEN uses a proxy and doesn't login, he'd be able to see the site, but I think less then 1% of your users will be that smart.. :wink:
 
Junior Spellweaver
Joined
Jan 16, 2007
Messages
133
Reaction score
0
Thanks for the useful information FragFrog.
About the .htaccess I din't even try that because is confusing and kinda hard so meh..

FragFrog, mind telling me how to do the cookie bann thing? xD sounds like a great idea.
 
Custom Title Activated
Member
Joined
Aug 8, 2004
Messages
3,892
Reaction score
20
Well, its quite easy, as I said, all you need to do is add a cookie for people who are banned and if the cookie is found add the visiting IP to your banlist.

Writing it out in code is a tad bit more difficult then a simple IP ban with a static list of banned IP's, but if you have a bit of experience with databases it shouldn't be too hard.

If you'd use my database class (see zip attached) and created a MySQL table with the name banlist and a column ba_IP it'd look like this:
PHP:
  /****
    $remote is the IP adres of the user
    $dbase is a new instance of our database class:
  ****/
$remote = $_SERVER['REMOTE_ADDR'];
$dbase  = new myDbase;

  /****
    Search for this IP in the blacklist:
  ****/
$dbase -> select("        COUNT(*)
                  FROM    banlist
                  WHERE   ba_IP = '$_SERVER[REMOTE_ADDR]'");

  /****
    If the IP is found, give the user a cookie and stop the script:
  ****/                    
if($dbase -> affected) {
  setcookie('banned', true, time() + (3600 * 24 * 30), '/');
  die("You are teh suck! Access denied!");
}   

  /****
    If the IP isn't found, but the user does have a banned cookie,
    add his new IP to the blacklist and then stop the script:
  ****/
elseif($_COOKIE['banned']) {
  $dbase -> insert("        banlist
                            (ba_IP)
                    VALUES  ('$remote')");
  die("You are teh suck! Access denied!");                      
}

Ofcourse you can add additional info in the database (like username, time, etc), but this is about the most basic version.

How to get the database class to work is written in the comments by the way :smile:

Alternatively you can do the same thing with a textfile, but I prefer databases :icon6:
 

Attachments

You must be registered for see attachments list
Divine Celestial
Member
Joined
Jul 7, 2004
Messages
853
Reaction score
5
sage

Ofcourse, if someone FIRST clears his cookies, THEN uses a proxy and doesn't login, he'd be able to see the site, but I think less then 1% of your users will be that smart.. :wink:
...or easier, just renew IP after clearing cookies, if you have dynamic IP.

The point being that whatever you do to stop someone from accessing your site, there will always be a way around it (short of stopping *everyone* from accessing your site...)
 
Custom Title Activated
Member
Joined
Aug 8, 2004
Messages
3,892
Reaction score
20
Well, most crappy users come from internet cafe's in the philipines, polen, argentinia, etc. They will have a lot more trouble bypassing security settings and especially IP bans. If you have a registred-user system and keep track of IP's you can very easily ban most proxies etc.

Sure, its not perfect, but the point is not to be perfect, the point is just to have better security then your collegue. Its the same in real life: you can't make your bike unstealable, but you can make it so difficult thiefs will look at the next one. Using my system above in combination with a good user tracking system means you can force people to get a new IP adres and clear their cookies for every few visits to your site. You'd be amazed at how many give up after the first 2, 3 attempts :wink:

Me, personally, I once recieved an email from a internet cafe in the philipines whose IP I blocked after someone tried to hack my Mu server from there, begging me to unban his IP because all his clients wanted to play the server - never had any hacking attempts from that IP afterwards! :icon6:
 
Legendary Battlemage
Joined
Nov 18, 2006
Messages
640
Reaction score
0
does this code even work effectively any more it used to work

Code:
<?php
$realip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ?
$_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
echo 'Haha, you trying to trick me with your proxy? Your <i>real</i> IP is '.$realip;
?>
 
Junior Spellweaver
Joined
Jan 16, 2007
Messages
133
Reaction score
0
I don't think that will work but umm maybe am wrong... lets wait for fragfrog to see what he tells you xD

His 1337^^ lol
 
Custom Title Activated
Member
Joined
Aug 8, 2004
Messages
3,892
Reaction score
20
Why not just read the instead? :wink:

There is no such thing as a super global $_SERVER[''HTTP_X_FORWARDED_FOR'], so I'm guessing it won't work :icon6:
 
Back
Top