0

Hello
I'm trying to add coding to my site so that someone can visit it, see everything on the site, but get banned so that when they come back they can't see anything anymore. My guess is they have to be banned after visiting.

I tried this code but it doesn't seem to do anything you can still see everything on the page after you're banned. Just adds a message saying you're banned and sends me an email.

<?php
// * Auto IP Ban Script - v1.0 *
// * Author: Inque187 *
// * Date: (c) Oct 5, 2007 *
// * Works with PHP 4.0+ & 5.0+ *
// * DISCLAIMER: Author of this script is not and will not be held liable and or responsibile for any configuration errors, loss of data, interruption of *
// * service, and or any other means of misuse by neglect pertaining to this script that affects any internet account. User of this script takes sole *
// * responsibility for any resulting problems that arise due to usage of this script in part or in whole and shall hold indemnity against the author. *
$ipad = $_SERVER['REMOTE_ADDR']; // Collects the user/visitor IP address.
$ban = "Deny from $ipad\n"; // What will be written to the .htaccess file if IP needs to be banned.
$file = "ips.htaccess"; // Change to -> .htaccess <- once thoroughly tested. Should be placed in the root directory.
$search = file_get_contents($file); // Prepare the .htaccess file by gathering entire contents.
$check = strpos($search, $ipad); // Checks the .htaccess file if the current user IP address string does exist.
// This next part of the script checks to see if the IP is already banned or not.
// If the IP does not already exist; it will write the ban line to the .htaccess file, display the message, and then email you a copy.
// If the IP is already listed in the .htaccess file; the script ends with only a displayed message.
if ($check === FALSE) {
$open = @fopen($file, "a"); // Open the .htaccess file and get ready for writing only.
$write = @fputs($open, $ban); // Write the banned IP line to the .htaccess file. (Example: Deny from 12.34.56.789)
// Email a copy of ban and info to your admin account (or other email address).
// Make sure you change the email address.
@mail('BlOcK_IpS@YoUr_WeB_sItE.cOm','Banned IP '.$_SERVER['REMOTE_ADDR'].'','
Banned IP: '.$_SERVER['REMOTE_ADDR'].'
Request URI: '.$_SERVER['REQUEST_URI'].'
User Agent: '.$_SERVER['HTTP_USER_AGENT']);
// IP address is not banned - so there is a need to write to .htaccess file.
// Display the error message to the user. (You may change to read what you want).
echo '<html><head><title>IP Address '.$ipad.' - Blocked or Banned!</title></head><body bgcolor="#FF000000" text="#FFFFFF" oncontextmenu="return false;"><center><font face="Verdana, Arial"><h1>THANK YOU - DON\'T COME AGAIN!</h1><b>IP Address '.$ipad.' Has Been Blocked or Banned!<br />Contact the web admin if this ban is by mistake.<p />Have a nice day!</b></font></center></body></html>';
// Close the .htaccess file - all done.

Edited by tallon

5
Contributors
12
Replies
61
Views
4 Years
Discussion Span
Last Post by diafol
0

You need to redirect to a non existing page and generate a 404 error for the banned address right after confirming it is a banned ip address

1

I am not sure whether writing banned IP addresses in htaccess file is a good idea. You will need approprite rights to write into it and the file will grow with users visiting your site which might affect performance. Also maintaing the list (i.e removing duplicate entries) in the htaccess file might be a nightmare.

I would store IPs in a database and do a check everytime a visitor comes. If the IP is the database already, show one part of the contents (or redirect as jbeartrav suggested) otherwise show another part.

// check in the database if the IP is banned
if($banned === true) {

    echo 'You are not allowed to visit';
    exit();
}

// if not banned just display the normal contents and write the IP in the database

Mind you, relying on IP to ban people is not very reliable method anyway. IP's can change so you never know whether it is the same person with particular IP.

Edited by broj1

0

It's not important if they come back again with another IP, as long as it bans the new one next visit. I just don't want most of them coming back, that is all.

but how do I add the code to the page with the content in such a way to hide the content when the ip is banned? The code I was trying to use bans the person before the page even loads so it's not working. I want them to see the conent on first visit but not on second. How can I do the redirect on future visit? Seems like it's not a good idea because they can still see the content by stopping the loading process but I guess it's better than nothing.

Edited by tallon

0

You can use header() function to redirect to some other page. Do it on the beginning of the script and before you output any html.

if($banned === true) {
    // redirect to a banned.php page
    header('location:banned.php');
    exit();
}

Banned visitors will immediately get redirected to the banned.php page without seiing any other contents.

Edited by broj1

0

I figured out the code I posted above, the code is in a separate file from the main page and it works off the .htaccess file and it works but it bans me before I see the content on the page!

here's my htaccess file

Options +SymLinksifOwnerMatch

<FilesMatch 403.shtml>
Order Allow,Deny
Allow From All
</FilesMatch>


RewriteEngine On
RewriteRule ^cgi-bin mytrap.php [NC]
RewriteRule ^cgi-bin/(.*)$ mytrap.php [NC]

in the mytrap.php there's a line where content can be entered

// Display the error message to the user. (You may change to read what you want).
    echo '';

in the '' I thought about adding the main page code there but advanced coding won't work in there. How can I get around this?

Tried adding the redirect code to a few places in the code but didn't do anything

Edited by tallon

0

As mentioned, you don't need htaccess for this. Just a search of banned ip addresses in your DB

banned_ip table

banned_id
ip

//ensure connection details are given here before below
$r = mysql_query("SELECT ip FROM banned_ip WHERE ip = '$ip' LIMIT 1");
if(mysql_num_rows($r)) header("Location: banned.php");

I just used mysql_* functions, but you should use mysqli_* or PDO. It should be that simple.
Banning by ip address is a broad brush though :(

0

Start learning quickly, you won't regret it if you want to stay longer in web development world. Start here, it is not that difficult.

0

Why would you want to ban users after they visit anyway...unless your getting paid for each visit by IP address ?
I just dont get it

0

You're asking an unverified member who was last seen a year ago.

0

True, but if you're expecting a response from the OP, you may be waiting a long time.

Edited by diafol

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.