News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

[TIP/TRICK] Having Problems With Banned Members?

Started by jblazeofek, March 27, 2009, 07:51:10 PM

Previous topic - Next topic

JBlaze

I know that there are alot of you out there who are having trouble with banned members/spambots that still try to visit your site and create LOTS of error logs. It gets annoying, I know.

This simple Tip will help get rid of that... :P

What this will do is modify your .htaccess file, adding a banned IP address to that. This way, when a banned member/spambot tries to reach your site, instead of getting the login screen, they will get a "403 - Forbidden" Error. (What Is A "403 - Forbidden" Error?)

Well, here it is :P

.htaccess
Code (ban single IP) Select
order deny,allow
deny from xx.xx.xx.xxx
allow from all


Code (ban multiple IPs) Select
order deny,allow
deny from xx.xx.xx.xxx
deny from xx.xx.xx.xxx
deny from xx.xx.xx.xxx
deny from xx.xx.xx.xxx
allow from all

Change "xx.xx.xx.xxx" to the IP address you want to ban

Any questions, feel free to ask! :P

EDIT: I will try to make a script/MOD that can modify the .htaccess from the Admin panel. If anyone out there would like to help me, I would be grateful :P
Jason Clemons
Former Team Member 2009 - 2012

JBlaze

Jason Clemons
Former Team Member 2009 - 2012

Marcus Forsberg


JBlaze

Jason Clemons
Former Team Member 2009 - 2012

Marcus Forsberg


JBlaze

Pretty please with sugar on top, may you move this to Tip and Tricks? ;D
Jason Clemons
Former Team Member 2009 - 2012

JBlaze

By the way Nas, is there any way I can use php to modify the htaccess file?

I want to turn this into a MOD with admin panel options. I just need to know how to modify htaccess. I can do the rest :P :P
Jason Clemons
Former Team Member 2009 - 2012

Marcus Forsberg

Not sure if it works on htaccess, but have a look at this:
http://www.php.net/manual/en/ref.filesystem.php

Open the file, write to it, close.

JBlaze

Thanks bro. I'll get to work right now. Hopefully have it submitted by tomorrow :P :P
Jason Clemons
Former Team Member 2009 - 2012

C4G-TK

Great info here. 

It makes me wonder if it is possible to make your own "403 - Forbidden Error" page that people will see as well or is it strictly server side? 

I'm figuring that since it denies passageway to your own site, you wouldn't be able to make one yourself though since the person's IP is banned from browsing.  Maybe I just answered my own question there.  LOL  But, thought I'd ask!

-img removed-

aishaweb

Is this a mod yet?

Got a beta to test? Please attach it if so.

JBlaze

Quote from: C4G-TK on March 30, 2009, 11:54:59 AM
Great info here. 

It makes me wonder if it is possible to make your own "403 - Forbidden Error" page that people will see as well or is it strictly server side? 

I'm figuring that since it denies passageway to your own site, you wouldn't be able to make one yourself though since the person's IP is banned from browsing.  Maybe I just answered my own question there.  LOL  But, thought I'd ask!

Create file 403.shtml (or ask your host if they provide error handling)
Add custom HTML



Quote from: aishaweb on March 30, 2009, 12:07:22 PM
Still working on it as we speak. A beta will be release soon. :P
Is this a mod yet?

Got a beta to test? Please attach it if so.
Jason Clemons
Former Team Member 2009 - 2012

Dinolin

ermm..... this help me a lot :)
nice info and tips .... :)

cflforum

Quote from: aishaweb on March 30, 2009, 12:07:22 PM
Is this a mod yet?

Got a beta to test? Please attach it if so.

There is no reason why this wouldnt work on an internal system intranet, is there?

While the site is to be intranet based, I'm of no illusions that somebody wouldnt think it funny to have crowing rights over how "insecure" or "setup on the cheap" is!

If this iproject is successfull, we should be able to grab maybe 20k of their budget :D ( cackles with glee)

JBlaze

I see no reason why it shouldn't work on an intranet system.
Jason Clemons
Former Team Member 2009 - 2012

Autumn13

#15
Sorry to sound like such a noob here, but would someone be so kind enough as to tell the lady how to do this step by step? I'd really appreciate it!


ETA: nevermind, got it. Thanks again!!!!! It's a BIG help!

TLBSupport

Great tip, however just to add little bit of sugar :D
For those who's hosts give them CPanel access you can also access the.htaccess file by updating entries in the IP Ban control in the Security control panel area, if you have it.
Advantages for this is that, from my understanding it will alter all the .htaccess files on your site, or sites. Will shut up now in case im wrong :D im used to that
Respect to all

JBlaze

Quote from: TLBSupport on May 06, 2009, 03:46:34 AM
Great tip, however just to add little bit of sugar :D
For those who's hosts give them CPanel access you can also access the.htaccess file by updating entries in the IP Ban control in the Security control panel area, if you have it.
Advantages for this is that, from my understanding it will alter all the .htaccess files on your site, or sites. Will shut up now in case im wrong :D im used to that
Respect to all

As long as you enter it in the root .htaccess, it applies for the whole forum as every action is executed through index.php.
Jason Clemons
Former Team Member 2009 - 2012

Mayhem30

The problem with this is that it could put a lot of load on the apache server. If you have a busy forum, everyone who attempts to view your site will be checked against that list in the .htaccess file.

If you have access to ssh, you could do this instead :

iptables -A INPUT -s xxx.xxx.xxx.xxx -j DROP

Keep in mind that if your server is rebooted, the ban will no longer be in place. If you want the ban to stick even after a reboot, you must do this :

service iptables save
service iptables restart


Use at your own risk  :D

H

It is important to note that Mayhem's suggestion requires not just SSH access but also root access :). The second code segment will also only work under Redhat and similar distros. Others (Debian, ubuntu etc) will require a different way of saving firewall rules
-H
Former Support Team Lead
                              I recommend:
Namecheap (domains)
Fastmail (e-mail)
Linode (VPS)
                             

Advertisement: