SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    SitePoint Enthusiast
    Join Date
    May 2011
    Posts
    43
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    How do I block certain IP addresses from accessing my site

    Hello everyone

    I am not sure if this is the correct place to ask this question; but since it involves PHP I felt that I should try. I have 3 questions

    1. What is the best way to block a region/country from accessing a site?
    2. Is it possible to create a ‘fake IP address’ so that it fools a website into thinking the user is accessing the site from a different country?
    3. Where can I get the list of IP addresses from?


    I have built a travellers members sites (a guide to travelling around the world); the problem is that I have fake travellers registering on the site and then targeting legitimate members with fake scams.

    i am now spending a substantial amount of my time searching out these fake members and deleting them from the site. I have noticed that all the fake travellers come from a certain african country ( I will not mention the name but i suspect that everybody knows which country I am talking about).
    Accordingly, rather than waste my valuable time on ‘search and delete’ operations, why not simply block the entire country or region from, where the scammer are accessing the site,

    Question One

    What is the best and most cost effective way to block a region or country.

    I realise that it’s possible to use .htaccess to block regions/countries; but I have also read that this solution is very consuming on your systems and also slows your systems down. Is there a PHP/Mysql solution that will not be a drain on my systems and will also not slow down my site.
    I was thinking of using the following function to block user from registering on the site.

    It works by simply checking whether the IP address of a 'proposed new member' is a blocked IP address :
    PHP Code:
    //first obtain the IP address of user 
    $value  =    mysqli_real_escape_string ($dbc$_SERVER['REMOTE_ADDR']);
                
                    

    //Next; check if it’s a banned or blocked IP address
        
        
            // If   a banned IP address is submitted 
            // the system will simply return an empty string-and since the system requires an IP //address for registration-  the user is simply prevented from registering.

    function   banned_IPaddresses($value) {
        
              
    $banned_IP = array('91.228.1.85' );
            
        foreach (
    $banned_IP as $v) {
                if (
    stripos($value$v) !== false) return '';
            }
                
        } 


    Question Two

    I am using the code below to track the IP address of users to my site. The problem is that I am now engaged in a ‘cat and mouse game’ with this scam gang; they know that the ONLY WAY that I have been able to catch them thus far is by their IP addresses (i.e. they claim on their profile that they live in one country but the IP address clearly shows that they are actually accesses the site from another country).

    I am therefore extremely concerned that they will soon find a way to fool my systems into thinking that they are indeed accessing the site from the stated country.

    My question therefore is this; is it possible to do this or can I reply upon the code below to give me an accurate reading of where a user is accessing my system from.
    If not, is there a better system/function for tracking IP addresses ?

    PHP Code:

    $IP 
    =    mysqli_real_escape_string ($dbc$_SERVER['REMOTE_ADDR']);
                
                    
                        
    $SSID htmlentities(SID);
                        
    // If IP address exists
                        // Get country (and City) via  api.hostip.info
                    
    if (!empty($IP)) {
                        
    $country=file_get_contents('http://api.hostip.info/get_html.php?ip='.$IP);

                        
    // Reformat the data returned (Keep only country and country abbr.
                                      
    list ($_country) = explode ("\n"$country);
                                      
    $_country str_replace("Country: """$_country);
                                      
                                    } 

    Question Three
    Does anybody know where I can find the codes for IP addresses from; i.e the country and region codes ?

    Thank you very much for your help everyone.

    Warm regards

    Andreea

  2. #2
    SitePoint Enthusiast aufshebung's Avatar
    Join Date
    May 2012
    Location
    Santa Fe, NM
    Posts
    22
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    There are some types of proxy servers that do not identify themselves as such, nor do they make the original IP address available. So that's just one example of a situation where you wouldn't be able to rely on IP address :/

    Also, for what it's worth (and particularly for a travelling website), automatically banning an entire country because of a few scammers seems a little harsh.

  3. #3
    SitePoint Member
    Join Date
    May 2012
    Posts
    21
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I would recommend you to use iptables firewall tool on your server to block certain IP addresses. In this way, they will be blocked on connection level instead of the web server level.

    Another alternative solution might be blocking on .htaccess

    Terry.

  4. #4
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    6 Thread(s)
    Hi,

    I'm with terry_79. You should use your firewall (if it supports iptables) or iptable chaining tool to block certain IP addresses. This is far more reliable way of filtering individual and even rage of addresses; although this is as you said 'a cat and mouse game'.

    Most of the IP addresses you will block come from compromised system. In most cases hacker/spammers don't use the same IP for very long and they know it will be blocked.

    Still hardware firewall IP blocking is a low-cost, effective way to block I.P.s. You can put together a pretty good firewall like PFSense on even a slightly older desktop machine. You only need more robust hardware if you run VPN's on them, but if it was used for blocking I.P.s then an older system may be fine. It also has Intrusion Detection (using SNORT) and their are Inline Antivirus plugins that you can have (again your hardware may need to be a little more robust).

    Regards,
    Steve
    ictus==""

  5. #5
    SitePoint Addict kduv's Avatar
    Join Date
    May 2012
    Location
    Maui, HI
    Posts
    211
    Mentioned
    5 Post(s)
    Tagged
    0 Thread(s)
    You can also check out free software firewalls, like Config Server Firewall. They can achieve the same result without the need of additional hardware. If you find that most of your issues are coming from certain regions/countries, you can block by IP range instead of individual IPs. IE: 192.168.*.* or whatever. Most regions/countries will use a specific range.

    As said above, blocking by IP isn't 100% as people can change their IPs or use various proxy services... but it can help reduce the problem some.

    Just like with security, there is no fool-proof approach. The best you can do is make it as inconvenient as possible for the spammer and hope they don't want to put in the effort to get around your measures.

  6. #6
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    6 Thread(s)
    Quote Originally Posted by kduv View Post
    You can also check out free software firewalls, like Config Server Firewall. They can achieve the same result without the need of additional hardware. If you find that most of your issues are coming from certain regions/countries, you can block by IP range instead of individual IPs. IE: 192.168.*.* or whatever. Most regions/countries will use a specific range.

    As said above, blocking by IP isn't 100% as people can change their IPs or use various proxy services... but it can help reduce the problem some.

    Just like with security, there is no fool-proof approach. The best you can do is make it as inconvenient as possible for the spammer and hope they don't want to put in the effort to get around your measures.
    The problem with software firewalls is that the machines they run on can get compromised more easily with viruses, malware, adware because of inconsistent patching, user behaviour and vulnerabilities in desktop OSes. The linux based firewalls, like the one I suggested, have a far more secure and streamlined kernel that is less vulnerabile. They come with excellent 'hands-off' updates, and they have far greater controls to filter. The dedicated hardware also offloads the performance hit that you may have (depending on your traffic) on a local machine running a software firewall; they are better at allowing a site to have good performance with multiple connections.

    Steve
    ictus==""

  7. #7
    SitePoint Addict kduv's Avatar
    Join Date
    May 2012
    Location
    Maui, HI
    Posts
    211
    Mentioned
    5 Post(s)
    Tagged
    0 Thread(s)
    I agree whole heartedly. Software firewalls also don't do a very good job at protecting against DOS attacks. Unfortunately though, not everyone has the resources or know-how to install/setup their own hardware firewall. In cases like that, a software firewall can be "the next best thing".

  8. #8
    SitePoint Member
    Join Date
    May 2012
    Posts
    21
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes, software firewalls are not good at preventing from DOS attacks but it's a good (and cheap start). What I would do is to use iptables + Apache's access log (piped to a PHP script). With the help of apache's access log (piped to a php script), I can notice IP addresses causing too many requests and dynamically setup iptables config to block those ip addresses for x hours/days/weeks. I already use this method on my server and prevented many bot accesses from Russia, India based IP addresses


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •