Blocking an IP Range - PHP Server Side Scripting forum at WebmasterWorld - WebmasterWorld

Forum Moderators: coopster

Message Too Old, No Replies

Blocking an IP Range

Trying to Prevent One Person from Accessing My Site

galileo5

7:41 pm on Dec 24, 2007 (gmt 0)

10+ Year Member

Good afternoon.

I am trying to block someone from accessing my web-site, but his IP address isn't static. The first two sets of numbers are always the same, but the last two keep changing -- which makes it difficult for me to block him. Is there a command I could enter that would allow me to ban anyone where the first two sets of his IP starts with ooo.oo?

This is the command that I have right now (Please note that the actual IP address has been altered):

<?
$blockip = array("ooo.oo.14.57", "ooo.oo.20.208", "ooo.oo.64.162");
$x = count($blockip);
for ($y = 0; $y < $x; $y++) {
if ($REMOTE_ADDR == $blockip[$y]) {
echo ("<title>404 Not Found</title><h1>404 Not Found</h1><p><i>The requested URL was not found on this server. The admin has been notified.</i></p>");
Exit;}
}
?>

As you can see, I keep adding his IP address to this command, but that is becoming tiresome.

I would greatly appreciate any help.

Thank you, and Happy Holidays!
Daniel

[edited by: eelixduppy at 7:48 pm (utc) on Dec. 24, 2007]
[edit reason] obscured ip [/edit]

lammert

8:27 pm on Dec 24, 2007 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

First some remarks about your code:

if ($REMOTE_ADDR == $blockip[$y])

Normally you shouldn't have direct access to the $REMOTE_ADDR variable, only via the super global $_SERVER['REMOTE_ADDR']. Do you have register globals [php.net] turned on? This is a potential very unsafe setup because hackers can inject variable values in your PHP script via the URL.

Furthermore I would send a more meaningful error message with a proper HTTP error code in the header. Something like:

{ header("HTTP/1.0 403 Forbidden");
die( "<H1>403 Forbidden</h1>Access to this page is not allowed. You should not receive this message, unless you have been trying to access this site unauthorized. we have logged your IP address and all other information necessary to track your attempt." ); }

For your specific situation, you could use the ip2long function. The code would look like (replace ooo.ooo with the IP block you want to deny access)

$start_range = ip2long( "ooo.ooo.0.0" );
$end_range = ip2long( "ooo.ooo.255.255" );
$user_ip = ip2long( $_SERVER['REMOTE_ADDR'] );

if ( $user_ip >= $start_range && $user_ip <= $end_range) { /* here your code */}

PHP_Chimp

9:02 pm on Dec 24, 2007 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

If you dont want to block the whole range of the address and just a few of the IP address blocks then it may speed up your code a little to use in_array [uk2.php.net] as opposed to looping through all of your array values.

Do you have access to .htacess? As if you do then you would be better blocking through this, as this will use less server resources.

Have a good holiday :)

londrum

9:25 pm on Dec 24, 2007 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

here's a little script that can block a load of IPs using an array

$deny=array(

"111.111.111.111",

"222.222.222.*",

"333.333.*.*"

);

if(in_array($_SERVER['REMOTE_ADDR'],$deny)){

header('HTTP/1.1 503 Service Unavailable');

print("<html><head>\n");

print("<title>Error</title>\n");

print("</head><body>\n");

print("<p>This page has been left intentionally blank.</p>\n");

print("</body></html>\n");exit;

galileo5

10:54 pm on Dec 24, 2007 (gmt 0)

10+ Year Member

Thank you, everyone.

I will go with lammert's advice, since it seemed to have worked when I tried blocking myself from my own site.

Thank you, again! You guys are brilliant.