News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

IP ban triggers on other IP's

Started by boardhead, November 20, 2012, 08:54:58 AM

Previous topic - Next topic

boardhead

I am running SMF 2.0.2 and have added a single IP ban for "220.250.58.*"

This seems to work.  However, looking at the ban log other IP's are banned as well:

119.6.72.131 Today at 08:19:16 AM
114.79.129.6 Today at 08:19:06 AM
220.250.58.171 Today at 08:19:02 AM
220.250.58.170 Today at 07:48:52 AM
220.250.58.172 Today at 06:42:23 AM
129.219.36.184 Today at 06:04:12 AM
220.250.58.170 Today at 06:04:10 AM
122.144.3.198 Today at 06:01:54 AM
125.39.66.151 Today at 06:01:32 AM
220.250.58.172 Today at 06:01:07 AM
41.73.2.36 Today at 05:02:02 AM
220.250.58.171 Today at 05:02:00 AM
221.7.215.248 Today at 12:55:29 AM
221.7.215.248 Today at 12:54:34 AM
220.250.58.170 Today at 12:54:32 AM
220.250.58.172 Today at 12:44:37 AM


Why are these other IP's triggering this ban?

TIA for any insight into this.  I don't want to be banning other people.

- Phil

emanuele

Do you have any mod installed? Any anti-spam mod?
Obvious question: are you sure you don't have any other trigger in any other ban?


Take a peek at what I'm doing! ;D




Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

boardhead

#2
I have no mods installed.

No other triggers are set.  This is my first ban and I only entered this single IP.

If it helps, here is one of the log entries:

Guest
119.6.72.131   
Today at 08:19:16 AM
0a772f3101e4d0ec0d30f8e6b1b6f192
Type of error: User
http://u88.n24.queensu.ca/exiftool/forum/index.php?action=registerSorry Guest, you are banned from using this forum!
spam
This ban is not set to expire.


And here is the ban entry:


Banned entity Hits Actions
IP: 220.250.58.* 48 Modify
[Add ban trigger]


Edit: For now I have changed this ban to trigger on the individual IP's 220.250.58.170, 220.250.58.171 and 220.250.58.172.  We'll see how this goes.

emanuele

The ban check is performed on both: $_SERVER['REMOTE_ADDR'] and $_SERVER['BAN_CHECK_IP'] (that can be $_SERVER['REMOTE_ADDR'] or $_SERVER['HTTP_CLIENT_IP'] or something slightly different.

It may be that the user has the second one set to an IP included in the range of banned IPs, wihle the first one (REMOTE_ADDR) set to 119.6.72.131 for example.


Take a peek at what I'm doing! ;D




Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

boardhead

Thanks.  This hidden IP could definitely explain the behaviour that I am seeing.

I'm happy as long as you think that I'm not banning good IP's.

Physically, what is the difference between the REMOTE_ADDR and the HTTP_CLIENT_IP?

- Phil

emanuele

In a sentence: HTTP_CLIENT_IP (and HTTP_X_FORWARDED_FOR, I forgot to mention that ban_check could be that too) is something provided by the "browser", while REMOTE_ADDR by the server.


Take a peek at what I'm doing! ;D




Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

joecool85

I am also running 2.0.2 and was just logging in here to report the same issue, so I figured I would add to this thread.

I have many ban triggers, but at least one isn't working.

I had a ban set to block 189.96-127.*.* and I had a user at 189.5.x.x that wasn't allowed to login unless he used a proxy.  After removing the 189.96-127.*.* ban he was able to get through just fine.  Now, I suppose it is possible that there is the multiple IP thing going on that emanuele mentioned, but I wanted to make sure.

shawnb61

Closing old 2.0 bugs - 2.0 is in security fixes-only at this point.
Address the process rather than the outcome.  Then, the outcome becomes more likely.   - Fripp

Advertisement: