jkm4201 Posted August 10, 2007 Share Posted August 10, 2007 Website Information: Powered by vBadvanced CMPS 3.0 RC1 Forums: vBulletin 3.6.7 PL1 Problem: Recently we had to ban a few users, these users however continue to plague us with repeated account recreations and destructive/abusive posting on our boards. I've researched a few different ways in which we could take care of the situation including creating the .htaccess file and putting in a partial or full IP/dns denial of service variable, but I really don't want to go to that extreme if I can help it. My first thought on this would be to find someone who could write up code that had the following functionality: Upon submitting registration on the website do the following: - Check flat file <path/banned.txt - If results of check for banned.txt return true, check path/allowed.txt - If allowed, continue registration, else redirect to blocked.php Is this even possible or are there any other ways to handle the situation that we find ourselves in at this point? I'm running out of options and the last option on my list is to ban a complete service area of the offending member's ISP(s). Quote Link to comment https://forums.phpfreaks.com/topic/64243-solved-website-forums-being-attacked/ Share on other sites More sharing options...
MadTechie Posted August 10, 2007 Share Posted August 10, 2007 vBulletin can ban the IP's so no code is needed ! Quote Link to comment https://forums.phpfreaks.com/topic/64243-solved-website-forums-being-attacked/#findComment-320263 Share on other sites More sharing options...
jkm4201 Posted August 10, 2007 Author Share Posted August 10, 2007 i'm assuming you are probably referring to using the .htaccess method I had mentioned earlier. I'm aware of that method but then again, it doesn't necessarily help me much. The user in question is using a dynamic IP address and is able to get around the standard IP ban. This is what has prompted me to look into alternative methods of dealing with him. I've probably IP banned 30 of his accounts so far in the last 4 days, and while I don't want to block his whole area off from our website, I'm running out of options. Quote Link to comment https://forums.phpfreaks.com/topic/64243-solved-website-forums-being-attacked/#findComment-320264 Share on other sites More sharing options...
MadTechie Posted August 10, 2007 Share Posted August 10, 2007 you can use the .htaccess method but in the admin center of vBulletin their an option to ban via IP, this is the same as writting a flatfile and storing the IP their.. as for his IP, does he also have unlimited emails (yes i know you can setup hotmail etc) but if your forum requires the users to activate their membership via email and you just keep banning the email's and IP's he should get bored and move on, as for the posts you can filter the message, i had a problem where a member was posting links to his own forum.. over and over.. while he got banned for spamming his post was in vain as the filter changed his link from http://www.hisforum.com to http://#spam#.com.. the fact is you don't really know its him until he starts to post.. keep carm and don't respone just filter delete and ban.. nothing more he get bored.. also as a side note he could just use a proxy to get past the IP lockout Quote Link to comment https://forums.phpfreaks.com/topic/64243-solved-website-forums-being-attacked/#findComment-320271 Share on other sites More sharing options...
jkm4201 Posted August 10, 2007 Author Share Posted August 10, 2007 Against my better judgement, the owner of the boards wanted registration to be a seamless venture, thus he made it so when you create your account your automatically registered. Honestly though, the email would just be another step this malicious attacker would care less about, he has been attacking us for almost 2 weeks now. There are ways in which you could essentially filter out dynamic users in this situation, you can partial ban by their localization IP address, for example, if you had a user from 123.123.123.mi.comcast.net you could simply ban mi.comcast.net and it would ban him and anyone else from that area of service from connecting. The idea however is to put up a filtration wall that the users must get through before they are allowed to register on the website forums. Ideally, we'd want to do something like: // Written by Jeremy M. 8/10/07 (Riodan@comcast.net) // Purpose: // Check to see if a username is allowed to register then do so. // Else, check to see if the address is in the banned array and send banned message. <?php $banned[0] = "IP Address 1"; $banned[1] = "IP Address 2"; $banned[2] = "IP Address 3"; $banned[3] = "IP Address 4"; $Accepted[0] = "Username 1"; $Accepted[1] = "Username 2"; $Accepted[2] = "Username 3"; $Accepted[3] = "Username 4"; if (in_array($_SERVER['USERNAME'], $Accepted)) // Continue on with the registration process. (not sure what goes here yet) else if (in_array($_SERVER['REMOTE_ADDR'], $banned)) { echo "You have been banned from this website."; echo "If you believe you have received this in error contact us."; echo "admin@blah.net"; } ?> This code is concept only, I'm a dabbler and may have messed things up in it, but it should atleast illustrate what I'm seeking to accomplish. Instead of echoing the warnings, we could even go so far as to redirect them to a url with that message, either way would work fine. I just need a way to stop the user from getting into the site unless we specifically allow him/her to register with a predesignated registration name. Quote Link to comment https://forums.phpfreaks.com/topic/64243-solved-website-forums-being-attacked/#findComment-320289 Share on other sites More sharing options...
MadTechie Posted August 10, 2007 Share Posted August 10, 2007 Well personall your he adding to that list forever.. but whats wrong with that script ? Quote Link to comment https://forums.phpfreaks.com/topic/64243-solved-website-forums-being-attacked/#findComment-320293 Share on other sites More sharing options...
jkm4201 Posted August 10, 2007 Author Share Posted August 10, 2007 Well personall your he adding to that list forever.. but whats wrong with that script ? I'm not sure that would be the case tho, because I can do a partial ban of his IP address, ie instead of the whole numeric address, I can simply find his provider information at the end of his IP address: 123.123.123.mi.comcast.net And add that to the banned array, thus banning the entire Michigan Comcast service area. Then I would simply need to have users wishing to register on our website from that area contact me via email first with the username they wish to use so I could add it to the $Accepted array. As for the script itself, I don't know what the code is for validating and processing the registration atm, but other than that, does the code look pretty sound? // Written by Jeremy M. 8/10/07 (Riodan@comcast.net) // Purpose: // Check to see if a username is allowed to register then do so. // Else, check to see if the address is in the banned array and send banned message. <?php $banned[0] = "IP Address 1"; $banned[1] = "IP Address 2"; $banned[2] = "IP Address 3"; $banned[3] = "IP Address 4"; $Accepted[0] = "Username 1"; $Accepted[1] = "Username 2"; $Accepted[2] = "Username 3"; $Accepted[3] = "Username 4"; if (in_array($_SERVER['USERNAME'], $Accepted)) // Continue on with the registration process. (not sure what goes here yet) else if (in_array($_SERVER['REMOTE_ADDR'], $banned)) { echo "You have been banned from this website."; echo "If you believe you have received this in error contact us."; echo "admin@blah.net"; } else // Continue on with the registration process. (Not sure what goes here yet.) ?> Quote Link to comment https://forums.phpfreaks.com/topic/64243-solved-website-forums-being-attacked/#findComment-320311 Share on other sites More sharing options...
MadTechie Posted August 10, 2007 Share Posted August 10, 2007 Well personall your he adding to that list forever.. but whats wrong with that script ? I'm not sure that would be the case tho, because I can do a partial ban of his IP address, ie instead of the whole numeric address, I can simply find his provider information at the end of his IP address: well.... also as a side note he could just use a proxy to get past the IP lockout while you could ban the proxies as well it will go on for a long time.. (if you lucky, they don't know how to connect to a proxy server or have software to do it for them) the code is okay.. it doesn't need to be too complex but i have delt with these types of people before and i think your need to rethink the auto-activation part. i would probably code it like this <?php $banned[0] = "IP Address 1"; $banned[1] = "IP Address 2"; $banned[2] = "IP Address 3"; $banned[3] = "IP Address 4"; $Accepted[0] = "Username 1"; $Accepted[1] = "Username 2"; $Accepted[2] = "Username 3"; $Accepted[3] = "Username 4"; $ban = false; $ban = in_array($_SERVER['USERNAME'], $Accepted); $ban = (in_array($_SERVER['REMOTE_ADDR'], $banned))?true:$ban; if ($ban) { echo "You have been banned from this website."; echo "If you believe you have received this in error contact us."; echo "admin@blah.net"; } ?> edit: oops on the code (forgot to remove some lol) Quote Link to comment https://forums.phpfreaks.com/topic/64243-solved-website-forums-being-attacked/#findComment-320318 Share on other sites More sharing options...
jkm4201 Posted August 10, 2007 Author Share Posted August 10, 2007 Hmmm.. that looks like it may work, I'll talk to the site owner about reimplementing the mail registration as well as an added annoyance to deter users from being malicious. I appreciate the help on this, I'm not overly good with php, mostly spend my time plugging away in C/C++, Java and Perl heh. Anyhow thanks Quote Link to comment https://forums.phpfreaks.com/topic/64243-solved-website-forums-being-attacked/#findComment-320323 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.