Jump to content


Photo

Help! Temporarily Banning ip adresses


  • Please log in to reply
8 replies to this topic

#1 Ains

Ains
  • New Members
  • Pip
  • Newbie
  • 3 posts

Posted 25 September 2006 - 03:27 PM

Im kinda new to the art of PHP coding but im wondering how its possible to temporarily ban a ip from a site...

The Problem:
I have a site to post jobs but sometimes i get spams as theres no time limit, inbetween adding jobs and it does get annoying when i have to remove them for the mySQL database, So... i want a way to maybe stop them from adding a job for five minutes before they can do it again.

If somone could come out with a script or snippet so i can get the idea, i would be very greatful

#2 steveclondon

steveclondon
  • Members
  • PipPipPip
  • Advanced Member
  • 161 posts

Posted 25 September 2006 - 04:43 PM

Is this general spam or can you press the post button more than once and it enter multple posts into the database. There are a number of easier ways to stop this from happening rather than use a time method which is a bit more involved. Also consider having a user login before they can reply to these as that will eliminate all the spam in the first place unless it is a user that is doing it.

#3 SharkBait

SharkBait
  • Members
  • PipPipPip
  • Advanced Member
  • 845 posts
  • LocationMetro Vancouver, BC

Posted 25 September 2006 - 04:52 PM

I have a script that would check the IP of the previous post and the IP of the person posting and datestamped.

If the date stamp was less than 10mins apart i would not allow them to post again.  Though it seems the people spamming my little site were a bit more patient and would wait out the 10mins.  I was thinking about increasing the 10mins to 24hrs (though this was for a guestbook).

You could also add a 'captcha' type image to stop bots from posting.

#4 Ains

Ains
  • New Members
  • Pip
  • Newbie
  • 3 posts

Posted 25 September 2006 - 04:54 PM

Its people adding the job more than once (Accidently or deliberatly) :|

About image verfication, People who deliberatly do it dont care about typign numbers

EDIT: is there any way i can have that script

#5 Ains

Ains
  • New Members
  • Pip
  • Newbie
  • 3 posts

Posted 26 September 2006 - 03:33 PM

bump

#6 Ninjakreborn

Ninjakreborn
  • Members
  • PipPipPip
  • Information Technology Specialist
  • 3,922 posts
  • Age:33

Posted 26 September 2006 - 04:00 PM

You wouldn't have that problem if you did proper validation on submitting, you are adding unnecessary complexity to the program, when you can build in the feature, with just 3-4 lines of code, instead of throwing in another whole module.  Test for the job, here for a sample

$selectjob = "SELECT * FROM jobs WHERE;";  // on the were part use something that distinguishes the jobs, like the title and description, or something you know would be a double post.
$query = mysql_query($selectjob);
if ($row = mysql_fetch_array($query)) {
echo "This job was already entered into the database, you are attempting to double post it.<br />";
}
you could also add a feature like craigslist has, they use search to test title and description on entry, and don't let any posts that are too similar like.

the search would be based on something, say description adn title.

$title = mysql_real_escape_string($_POST['title']);
$description = mysql_real_escape_string($_POST['description']);
$search = "SELECT * FROM jobs WHERE title LIKE '%$title' OR description LIKE '%$description';";
$query = mysql_query($query);
if ($row = mysql_fetch_array($query)) {
echo "Your posting was already put in the database, please only post once.<br />";
}

THe chances for the posting to have somethign similar already are next to impossible, craigslist using something almost the same.

------

Business Website: http://www.infotechnologist.biz

Personal Website: http://www.joyelpuryear.com

Blog Site: http://www.realmofwriting.com
Services: Web development, application development, mobile development, and custom development. All services listed on my website.


#7 SharkBait

SharkBait
  • Members
  • PipPipPip
  • Advanced Member
  • 845 posts
  • LocationMetro Vancouver, BC

Posted 26 September 2006 - 04:22 PM

Pretty much what I have for checking the previous entry entered by a particular IP is this:

<?php
if(isset($_POST['submit'])) {
   $errMsg = "";                // Used for keeping track of errors

   // Time 10 mins ago
   $tenMinsAgo = date("Y-m-d h:is:", strototime("-10 minutes");

   // Get last entry from a particular IP
   $strqry = "SELECT * FRMO guestbook WHERE remote_ip = '{$_SERVER['REMOTE_ADDR']}' ORDER BY ID DESC LIMIT 1";
   $query = mysql_query($strqry);

   if($result = mysql_fetch_array($query, MYSQL_ASSOC)) {
      if($result['date_entered'] > $tenMinsAgo) {
        $errMsg .="<li>You must wait at least 10 minutes between posts.</li>\n";
      }
    }
    .
    . 
    .
    if($errMsg == "") {
       // No Errors Found -> Insert into database
    }
    if($errMsg != "") {
       // Errors were found display $errMsg to user
    }
}
?>

Notice that I tack on any error messages to $errMsg.  If I find that the SQL Query returns a value and the value is less than 10mins make sure I don't leave the $errMsg empty so that it will not get added to the Database.

I'm thinking of increasing the 10mins to 24hrs.  I then will have to BAN particular IPs.  You can keep the Banned IPs in a seperate table to query to see it the REMOTE_ADDR matches on in the ban list.



#8 steveclondon

steveclondon
  • Members
  • PipPipPip
  • Advanced Member
  • 161 posts

Posted 26 September 2006 - 04:53 PM

As this is users also add some javascript to disable the submit button once pressed. You still should do all the server side as well it just helps a little and if the site is running slow the user feels like something is happening

#9 shoombooltala

shoombooltala
  • Members
  • PipPip
  • Member
  • 11 posts

Posted 26 September 2006 - 05:13 PM

in the database where you store the user's information add a field called last_posting.

now everytime they post a job, update that field with the current time.  and then in the page where you process the posting, get the value from that field, check to see if it's more than 5 minutes and if it is then proceed with the posting. if not then display a message telling them to STOP SPAMMING and wait 5 minutes LOL




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users