[SOLVED] ip ban , changing ips

[Distant_storm]

Hey im looking to ban some Ips, But I know effectivly just banning 192.168.1.1. or whatever will not work that well.

Does anyone know what changes within an Ip address so I can effectivly ban the same person but not accidently ban any other users by breaking up the ip address and using a range for some items.

 

for example

 

192

168

1 - 68

1 - 68

 

or something ?

 

any ideas?

[PHP_PhREEEk]

You need to Google and study IP formats. There are 4 octets, XX.XX.XX.XX

 

Starting from the right side, you can start locking out ranges by omitting that octet.

 

So banning 188.24.150.

will effectively ban 188.24.150.0 through 188.24.150.255

 

Banning 188.24. will cut a decidedly larger range... etc... read up on it.

 

PhREEEk

[therealwesfoster]

The SQL statement for that would be something like this:

 

mysql_query("SELECT * FROM your_ip_table WHERE ip LIKE '192.168.1.%'");

or

mysql_query("SELECT * FROM your_ip_table WHERE ip LIKE '192.168.%'");

 

The % stands for anything

[revraz]

There is no answer for this.  Depending on the ISP, the IP can change just on the last octet or the whole IP can change.

 

All depends on what ranges the ISP owns.

 

Hey im looking to ban some Ips, But I know effectivly just banning 192.168.1.1. or whatever will not work that well.

Does anyone know what changes within an Ip address so I can effectivly ban the same person but not accidently ban any other users by breaking up the ip address and using a range for some items.

 

for example

 

192

168

1 - 68

1 - 68

 

or something ?

 

any ideas?

[PHP_PhREEEk]

Leaving out the last octet will usually nail them.. as to what revraz stated, AOL is notorious for sharing IP's for individual page calls! It's rediculous... so if you ban one AOL user (and I mean using all 4 octets), you have banned probably 50 people, 49 of them who are innocent of anything. If you were to ban an AOL IP and leave off the last octet, you'd wipe out hundreds of users.

 

PhREEEk

[PFMaBiSmAd]

I'll get a little more basic. Banning IP addresses only causes the person, who you want to keep off your site, to go get another IP address or go through a different web proxy.

 

What you can and should do with IP addresses is log them with the time of the access and then notify the ISP or web host that the IP address belongs to.

 

If the ISP/host acts responsibly, they will investigate and match up the IP and time you give them with their access records and cancel the account of the abuser.

 

Because banning IP addresses only has short term effectiveness, specifically what type of problem are you having? Someone here can probably give you a long term solution that will solve it.

[Distant_storm]

I am not having any current problems but im always tight on security and have always found ip banning a little redundant as I see when i log on my site who visits my own ip address changes in pretty much all octlets apart from the first one.

 

In my basic electronics I know that ip address represent network and such things but if its changing all the time there is really no reason on banning it is their?

[revraz]

Not really, very few people have static IPs, and the people that cause trouble, they know how to change their IP to get around the IP Ban.

 

When I worked for IGN, the only way we could really ban someone was with a hardware ban, but I won't get into that method.

[Distant_storm]

Sorry not totaly on subject but im a little rusty when it comes to this. but when people refer to accessing the site through a proxy does that mean going to another server and using that server to get to the site ?

[revraz]

Yeah, more or less.  It routes the traffic, but can also be used to spoof their IP.

[Distant_storm]

So to summerise the best thing to do it ban any uses causing havock and log all their details to take further actions, but effectivly banning by ip is usless.

[revraz]

First, find out what problems you are anticipating.  Do you think you'll get human spammers or bots?  If bots, you can implement some sort of verification routine that most bots cant handle.  If human, then its difficult until they actually do something wrong.  Ban their account, then they have to open a new one with a new email address.  Eventually they get tired and go away.