Karakas Online

23.5. How to ban IP addresses

So you have been hacked and your IP Tracking module (Section 8.3.6) shows you it was an attack from a few IP addresses? Perhaps your site is continuing to be the aim of notorious cracking attempts from those IP addresses and you now want to ban them? That's something you can accomplish easily in two ways, a hard-coded approach and a more elaborate one.

The hard-coded approach (suitable only for just a few IP addresses, unless you want to clutter the code with unwanted IPs) requires you to place this 4-liner:

$ip = getenv("REMOTE_ADDR");
if ($ip != "66.666.66.6" AND $ip != "55.555.55.5") {
return 0;
}

in two places:

  1. after after the global line of the is_amdin() function in mainfile.php and

  2. at the begining of the admin.php file.

Change the "66.666.66.6" and "55.555.55.5" to the IP addresses you want to block and you are done! See How to block an IP address in PHP-Nuke.

The more elaborate approach is to create a text file, call it banned.txt, containing all the IP addresses you want to ban, one address per line. Upload banned.txt in the PHP-Nuke root directory on your web server (this is the same directory where also config.php is located). Then include the following code in the includes/my_header.php file (the custom HTML header file of PHP-Nuke, see Chapter 15):

if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
    $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
elseif (isset($_SERVER['HTTP_VIA'])) {
    $ip = $_SERVER['HTTP_VIA'];
}
elseif (isset($_SERVER['REMOTE_ADDR'])) {
    $ip = $_SERVER['REMOTE_ADDR'];
}
else {
    $ip = "Banned";
}
$banned = file("banned.txt", "r+");
$nbanned = count($banned);
function ban($ip, $banned, $nbanned){
    for ($i = 0 ; $i < $nbanned ; $i++) {
        
        // Use this if you want to use IP patterns with regular expressions:
        // if (eregi($ip, $banned[$i])) {
        // We have to strip the end-of-line characters, to test for equality: 
        if ($ip ==  rtrim($banned[$i])) {
            echo "You have been banned from this portal, if you feel this is in error ";
            echo "please send email to you@yoursite.com ";
            die();
        }
    }
}
ban($ip, $banned, $nbanned);

If you are having problems with PHP not recognizing the line endings when reading files with the PHP file() function (see the code above), either on or created by a Macintosh computer, you might want to enable the auto_detect_line_endings run-time configuration option (which, however, is available only starting PHP v. 4.3.0).

If you would like to ban whole ranges of IP addresses, you can play with the PHP eregi() function and use

if (eregi($ip, $banned[$i])) {

instead of

if ($ip ==  rtrim($banned[$i])) {

You then use patterns of IP addresses, i.e. regular expressions (see Section 25.3, Regular Expression Functions (POSIX Extended)), instead of constant IPs in banned.txt. See also How to ban IPs real fast.

Tip How to ban IPs using the web server
 

Of course, you can achieve the same results by putting deny directives in the server configuration file, or .htaccess file (Section 25.4):

deny from xxx.xxx.xxx.xxx

See the Protector Module (Section 8.3.7) for a PHP-Nuke module for IP banning.

Last updated Sun Aug 7 21:14:12 CEST 2005 Permalink: http://www.karakas-online.de/EN-Book/ban-ip-addresses.html All contents © 2004 Chris Karakas, Claudio Erba