How to Block Users From My Site

Forum Moderators: phranque

Message Too Old, No Replies

How to Block Users From My Site

Xstnva

8:36 pm on Mar 8, 2006 (gmt 0)

Here's the deal. I attended an SES Conference and a speaker said that it is possible to redirect a certain user from your site, so when then try to visit my site, they would get redirected to their own site. Anyone know where this script would be or how to do it?

kaled

12:32 am on Mar 9, 2006 (gmt 0)

First, you must identify the user. Most easily this can be done by IP address, but that can be masked using a proxy server. In other words, it is doable, but it's probably a waste of time.

Kaled.

msr986

12:53 am on Mar 9, 2006 (gmt 0)

You really can't rely on an IP address to identify a particular user. If the user is on dial-up for instance, they will get a different IP address every time they connect. All IP addresses used in this manner get recycled; getting assigned to different users.

joaquin112

2:08 am on Mar 9, 2006 (gmt 0)

your best bet is probably to use cookies, though it is a waste of time.

physics

4:37 am on Mar 9, 2006 (gmt 0)

I'm not sure why kaled and joaquin112 assume you are wasting your time here.
If someone is abusing your site and you can identify their IP in your logs then yes there are ways to redirect them to another site, on Apache you can use mod_rewrite.
You should read up on mod_rewrite and .htaccess but here is something to try:
Make a file called .htaccess in your web directory. In it put:


RewriteEngine on
RewriteCond %{REMOTE_ADDR} ^000\.000\.000\.000$ [OR]
RewriteCond %{REMOTE_ADDR} ^000\.000\.000\.003$
RewriteRule ^.*$ http://www.example.com/ [R=301,L]

Where 000.000.000.000 and 000.000.000.003 are the offending IP addresses. This will send them to example.com.
Maybe they meant this is a waste of time because the offending user will just get a new ip address but that depends on how savvy the user is and whether or not they're paying attention.
Always check your rewrites. Test your site after trying this, if it goes down just move the .htaccess file to backup.htaccess or something and debug...

kaled

11:45 am on Mar 9, 2006 (gmt 0)

If the abuser is tech-savvy, whatever block you put in place can be circumvented - that's why I said it's probably a waste of time.

You might consider redirecting to a warning page saying something like. "Abuse detected. If this continues, it will be reported to your ISP." (Include a form to report seeing this message in error.)

Kaled.

physics

10:31 pm on Mar 9, 2006 (gmt 0)


 If the abuser is tech-savvy, whatever block you put in place can be circumvented

Yes but it can still be very satisfying to slow them down ;)

Also if you're tricky enough you can do more advanced things with the technique above (like automating the banning process with a perl script or something like that).

By the way, why do you want to ban this user? The best solution will depend on exactly why. For example, if they're hitting your site too hard from many different IPs you might try mod_throttle for Apache.