banned ips flaw

[adv]

hello

i have the following question

i have a script that gets the user ip and if the ip is in the 'file' it redirects it to google

 

<?php
$ip=$_SERVER['REMOTE_ADDR'];
$file=file('bad_ips');
foreach($file as $files){
  if(stristr($files, $ip) === FALSE) {
   header('location:index1.php');
  }else {
header('location:http://google.com');
  }	
}
?>

 

in the file the ips are line by line

 

example:

2.2.2.2

4.4.4.4

 

but the problem is this

if the ip `2.2.2.2` enters i wnat to search in the file for just 2.2

if searches only if i put the entire ip in the `file`  2.2.2.2

 

 

 

[scootstah]

So if you ban the IP "2.2.2.2", anyone with "2.2.*.*" is also banned? You realize that by doing this you ban a LOT of people, but the person you banned can easily bypass it.

[Pikachu2000]

Is there a reason you aren't using a database for this?

[adv]

yes thats what i want scootstah

 

Pikachu2000 because i have only a small list

and i want to ban it 2.2.*

how do i do it?

[QuickOldCar]

I don't see the correct logic in your code, it's checking each ip in the list, so only the first one checked ...it will take you to that header location.

 

try this

 

<?php
$ip = $_SERVER['REMOTE_ADDR'];
$explode_ip = explode(".",$ip);
$iprange2 = $explode_ip[0] . "." . $explode_ip[1];
$iprange3 = $iprange2 . "." . $explode_ip[3];

$file=file('bad_ips');// no file extension?

if (in_array($ip, $file) || in_array($iprange2, $file) || in_array($iprange3, $file)) {
   header("location: http://www.google.com/");
} else {
   header('location:index1.php');
}

?>

 

I forgot to add.... just use ranges like 2.2 or 2.2.2 in your list

[QuickOldCar]

changed it a little

 

<?php
$ip = $_SERVER['REMOTE_ADDR'];
$explode_ip = explode(".",$ip);
$iprange2 = $explode_ip[0] . "." . $explode_ip[1];
$iprange3 = $iprange2 . "." . $explode_ip[3];

$data = file('bad_ips.txt');// no file extension?
foreach ($data as $line) {
$banned_ips[] = trim($line);
}

if (in_array($ip, $banned_ips) || in_array($iprange2, $banned_ips) || in_array($iprange3, $banned_ips)) {
   header("location: http://www.google.com/");
} else {
   header('location:index1.php');
}

?>

[Pikachu2000]

I prefer working with IP addresses as numbers rather than strings, so the way I'd handle it would be to use a subnet mask with the IP address. Convert the address and mask with ip2long, and perform a bitwise AND to do the comparison. You could write it into a function to return a boolean TRUE/FALSE to determine whether to redirect or not, if you felt like it.

 

<?php
$ip = '2.2.2.2'; // address currently being checked
$ip = ip2long('2.2.2.2'); // convert to long int
$mask = ip2long('255.255.0.0'); // compare only first two octets of the IP address
$file = file('file.txt', FILE_IGNORE_NEW_LINES);  // read the file into an array
$file = array_map('ip2long', $file);  // convert values from file to long int

// Loop through the values, comparing the values using bitwise AND operation to compare IP address to banned list. If first 2 octets match, the header() redirect is sent.
foreach( $file as $v ) {
//var_dump($v); echo '<br>';
if( ($ip & $mask) === ($v & $mask) ) {
	//echo long2ip($ip) . " Matches " . long2ip($v) . '<br>';  // uncomment to see result
	header('Location: http://www.google.com');
	exit();
}
}

[QuickOldCar]

good point, was trying to keep it simple

 

whichever way that works is good

 

but personally, I think it's better to block them at the front door through htaccess

with a code similar to this

## IP BANNING
<Limit GET POST>
order allow,deny
deny from 42.12.5.34
deny from 193.110.145.185
deny from 212.173.53.
deny from 69.242.
allow from all
</Limit>

 

 

[Pikachu2000]

I don't disagree with you there, as long as that functionality can be shifted out of the application.

[adv]

QuickOldCar  and if i use it like this

 

<Limit GET POST> 
order allow,deny 
deny from 69.
deny from 31.

allow from all
</Limit>

 

does it takes from only the start of the ip

i mean if the ip is 31.144.202.134 does it take it from 31. only

and not if the ip is 61.31.212.134

does it block the second ip beginig in 61.

[QuickOldCar]

you are correct, but that is an awful lot of ip's to block

 

should try to stay with specific ranges that are only causing you problems

something like 31.144.202. or at an extreme do 31.144.