IP ban triggers on other IP's

boardhead · November 20, 2012, 08:54:58 AM

I am running SMF 2.0.2 and have added a single IP ban for "220.250.58.*"

This seems to work. However, looking at the ban log other IP's are banned as well:

Code Select

119.6.72.131			Today at 08:19:16 AM	
114.79.129.6			Today at 08:19:06 AM	
220.250.58.171			Today at 08:19:02 AM	
220.250.58.170			Today at 07:48:52 AM	
220.250.58.172			Today at 06:42:23 AM	
129.219.36.184			Today at 06:04:12 AM	
220.250.58.170			Today at 06:04:10 AM	
122.144.3.198			Today at 06:01:54 AM	
125.39.66.151			Today at 06:01:32 AM	
220.250.58.172			Today at 06:01:07 AM	
41.73.2.36			Today at 05:02:02 AM	
220.250.58.171			Today at 05:02:00 AM	
221.7.215.248			Today at 12:55:29 AM	
221.7.215.248			Today at 12:54:34 AM	
220.250.58.170			Today at 12:54:32 AM	
220.250.58.172			Today at 12:44:37 AM

Why are these other IP's triggering this ban?

TIA for any insight into this. I don't want to be banning other people.

- Phil

emanuele · November 20, 2012, 08:57:34 AM

Do you have any mod installed? Any anti-spam mod?
Obvious question: are you sure you don't have any other trigger in any other ban?

boardhead · November 20, 2012, 09:00:55 AM

I have no mods installed.

No other triggers are set. This is my first ban and I only entered this single IP.

If it helps, here is one of the log entries:

Code Select

 Guest
 119.6.72.131   
 	 Today at 08:19:16 AM 
 0a772f3101e4d0ec0d30f8e6b1b6f192 
 Type of error: User
http://u88.n24.queensu.ca/exiftool/forum/index.php?action=registerSorry Guest, you are banned from using this forum!
spam
This ban is not set to expire.

And here is the ban entry:

Code Select


Banned entity	Hits	Actions	
IP: 220.250.58.*	48	Modify	
[Add ban trigger]

Edit: For now I have changed this ban to trigger on the individual IP's 220.250.58.170, 220.250.58.171 and 220.250.58.172. We'll see how this goes.

emanuele · November 20, 2012, 10:08:48 AM

The ban check is performed on both: $_SERVER['REMOTE_ADDR'] and $_SERVER['BAN_CHECK_IP'] (that can be $_SERVER['REMOTE_ADDR'] or $_SERVER['HTTP_CLIENT_IP'] or something slightly different.

It may be that the user has the second one set to an IP included in the range of banned IPs, wihle the first one (REMOTE_ADDR) set to 119.6.72.131 for example.

boardhead · November 20, 2012, 11:20:45 AM

Thanks. This hidden IP could definitely explain the behaviour that I am seeing.

I'm happy as long as you think that I'm not banning good IP's.

Physically, what is the difference between the REMOTE_ADDR and the HTTP_CLIENT_IP?

- Phil

emanuele · November 20, 2012, 04:47:12 PM

In a sentence: HTTP_CLIENT_IP (and HTTP_X_FORWARDED_FOR, I forgot to mention that ban_check could be that too) is something provided by the "browser", while REMOTE_ADDR by the server.

joecool85 · November 21, 2012, 02:30:28 PM

I am also running 2.0.2 and was just logging in here to report the same issue, so I figured I would add to this thread.

I have many ban triggers, but at least one isn't working.

I had a ban set to block 189.96-127.*.* and I had a user at 189.5.x.x that wasn't allowed to login unless he used a proxy. After removing the 189.96-127.*.* ban he was able to get through just fine. Now, I suppose it is possible that there is the multiple IP thing going on that emanuele mentioned, but I wanted to make sure.

shawnb61 · November 25, 2022, 05:32:52 PM

Closing old 2.0 bugs - 2.0 is in security fixes-only at this point.

News:

IP ban triggers on other IP's