Ban script

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
evilman
Forum Newbie
Posts: 7
Joined: Mon Oct 10, 2005 12:18 am

Ban script

Post by evilman »

Ok, i got two things,

1. How can i convert the bellow script so that i can use wild Cards to ban IP Address. Also possibly be able to ban ISP domains, like rr.net Where it resolves the DNS and if it has rr.net in it, it also denies them.

<?
$fp = fopen("BannedIPs.txt", "r");

$banned = fread($fp, 1024*1024);

fclose($fp);

$ips = explode("\n", $banned);

if(in_array($REMOTE_ADDR, $ips)) {

die("Your IP Address $REMOTE_ADDR is banned from this website.");

}
?>

2. Anther thing is, how can i implant this script to load on a PHPbb forum? I tried loading it in the forums, but all it does is Deny everyone, like it does not even look up the bans in the list.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

try

Code: Select all

$ips = file('banned.txt');
if(in_array($_SERVER['REMOTE_ADDR'], $ips)) {
   die("Your IP Address ".$_SERVER['REMOTE_ADDR']." is banned from this website."); 
}
User's may easily mask and fake their Ips however...
evilman
Forum Newbie
Posts: 7
Joined: Mon Oct 10, 2005 12:18 am

Post by evilman »

With that, the script did not work at all for me.
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

What about:

Code: Select all

<?php
if (strpos($_SERVER['REMOTE_ADDR'], file_get_contents('banfile.txt'))) {
  die("You're banned, naff off!");
}
?>
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Jenk wrote:What about:

Code: Select all

<?php
if (strpos($_SERVER['REMOTE_ADDR'], file_get_contents('banfile.txt'))) {
  die("You're banned, naff off!");
}
?>
false positives are very possible with this solution. Example: 192.168.1.1 gets banned. Someone comes in with 192.168.1.12, they'd get the banned message.

Code: Select all

function ip2bin($ip) {
  return implode('',array_map('chr',array_map('intval',explode('.',trim($ip)))));
}

function maskIpCompare($mask,$ip) {
  $ip = ip2bin($ip);
  $mask = str_replace('\\0','.',preg_quote(ip2bin(str_replace('*','0',trim('192.*.*.*'))),'#'));
  return (bool)preg_match("#^{$mask}$#s",$ip);
}
that's untested but will do basic wildcard matching..

usage is

Code: Select all

if(maskIpCompare('192.168.*.*','192.168.1.12')) {
  // matched
} else {
  // didn't match
}
I seem to remember a Code Snippet that does wildcarding as well..... ;)
evilman
Forum Newbie
Posts: 7
Joined: Mon Oct 10, 2005 12:18 am

Post by evilman »

So what would eb the full code to handel it all? You kinda confused me. What i got is that all ips are dumped into a Database, BannedIPS.txt and it reads from that.
User avatar
bokehman
Forum Regular
Posts: 509
Joined: Wed May 11, 2005 2:33 am
Location: Alicante (Spain)

Post by bokehman »

Jenk wrote:

Code: Select all

die("You're banned, naff off!");
Don't bother sending that! Why tell them they are banned. Just send a 404.

Code: Select all

if(in_array($_SERVER['REMOTE_ADDR'], file('banned.txt'))) send_404();

function send_404()
{
	header('HTTP/1.x 404 Not Found');
	print '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">'."\n".
	'<html><head>'."\n".
	'<title>404 Not Found</title>'."\n".
	'</head><body>'."\n".
	'<h1>Not Found</h1>'."\n".
	'<p>The requested URL '.
	str_replace(strstr($_SERVER['REQUEST_URI'], '?'), '', $_SERVER['REQUEST_URI']).
	' was not found on this server.</p>'."\n".
	'</body></html>'."\n";
	exit;
}
evilman
Forum Newbie
Posts: 7
Joined: Mon Oct 10, 2005 12:18 am

Post by evilman »

Good Idea. But i still wodner about the wild Cards
Grim...
DevNet Resident
Posts: 1445
Joined: Tue May 18, 2004 5:32 am
Location: London, UK

Post by Grim... »

On a forum I built I had 'Stealth Ban' - the user could still post and do everything else normally, but no-one else was aware of it (except for other banned people).

I like the 404 error, though.
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

bokehman wrote:
Jenk wrote:

Code: Select all

die("You're banned, naff off!");
Don't bother sending that! Why tell them they are banned. Just send a 404.

Code: Select all

if(in_array($_SERVER['REMOTE_ADDR'], file('banned.txt'))) send_404();

function send_404()
{
	header('HTTP/1.x 404 Not Found');
	print '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">'."\n".
	'<html><head>'."\n".
	'<title>404 Not Found</title>'."\n".
	'</head><body>'."\n".
	'<h1>Not Found</h1>'."\n".
	'<p>The requested URL '.
	str_replace(strstr($_SERVER['REQUEST_URI'], '?'), '', $_SERVER['REQUEST_URI']).
	' was not found on this server.</p>'."\n".
	'</body></html>'."\n";
	exit;
}
Because typing "die("You are banned, naff off!"); is quicker than that :P
Grim...
DevNet Resident
Posts: 1445
Joined: Tue May 18, 2004 5:32 am
Location: London, UK

Post by Grim... »

Yes, but if they know they are banned they'll promptly find a way around an IP ban.

IP bans are utterly, utterly useless at protecting from anyone other than a complete n00b.
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

It won't take much more than common sense, a friend, and AIM/MSN/ICQ to work out they are banned anyway...
Post Reply