Simple Machines Community Forum

I have seen some topics in which Arantor (I'm sure you will read this as well so.. ;) ) was saying that IP bans can lead smf to work very much slower than normal and that's ok but my questions are 2, mainly:

• How many bans can I use without slowing the system down? And does it depend also on how many users are online?
• Can I ban an IP that has not yet created an account? I see a damn bot trying to register for days and I know it uses a static IP (91.236.75.85), I want it to get the *EHM* off my forum.

Thanks in advance as always  :)

Technically any ban in the system will slow it down. Far better not to use IP bans in SMF but do it at the webserver level if possible, e.g. in .htaccess files.

An IP ban in SMF or the webserver will prevent accesses even by non-registered users.

Thanks for your reply as always.

Hmm googling a bit I found some stuff about but as if this is a very important feature and I never used it I will ask twice to be really sure.

So if I just add this Order Deny,Allow
Deny from 91.236.75.85
Allow from all will it work? But is there a dedicated place in which I should place that thing in .htaccess file?

Use 91.236.75. to get more ip's used by that spammer. Or even 91.236. as most in that range are ua, ru, pl etc.

My current:

<Files 403.shtml>
order allow,deny
allow from all
</Files>
deny from 31.41.
deny from 37.58.100.
deny from 46.118.
deny from 46.119.
deny from 192.99.

What does that files 403 stuff mean? I really don't know how to set this file and googling didn't help much as people are posting very much complicated custom stuff I don't need. I only need to ban that IP and nothing else... Also that 37.58.100.etc was harrassing me as well.

"the line <Files 403.shtml> indicates the page denied users are directed too. (403 - Forbidden)"

37.58.100. is one of the ahrefs pest bots. See http://blocklistpro.com/content-scrapers/ahrefsbot-seo-spybots.html

Thanks for the useful info :) hmm then I add like <Files 403.shtml>
order allow,deny
allow from all
</Files>
deny from 91.236.75.(85) without the parenthesis and with or without the 85 to include more IP as I wish like you said. Now.. Where to place it in the file itself?

Setup I posted above works fine here.

91.236.75.  = block 91.236.75.0-255
91.  = block everything starting with 91.

To test, use a proxy, example www.anonymouse.org, find it's ip and enter it in htaccess, and see if you get blocked (and get the 403 page) when trying to access your forum using the proxy.

Remember, any tiny error and nothing works anymore, so always check that the site acts normally after editing htaccess.

Well thank you man :D I'll set it up the way I said or even your way if all those IP ranges are spambots? Are they manual bans or all spam crap? If the last one I'll just copy-paste yours ;)

Here are a few links for you. They will help you to understand blocking by CIDR and looking up addresses. I usually block by CIDR ( range ) as that is usually a quick way to stop a block of spammers. You can also use it for countries.

http://jodies.de/ipcalc (http://jodies.de/ipcalc)

http://www.ipaddresslocation.org/ipaddress.shtml (http://www.ipaddresslocation.org/ipaddress.shtml)

http://www.ip2location.com/demo.aspx (http://www.ip2location.com/demo.aspx)

Thank you as well :D and thank you twice as I had forgotten to mark as solved ;)

QuoteAre they manual bans or all spam crap?

37.58.100. is ahrefs, the others overactive spam. Used to put much more into htaccess, but got into trouble, the host somehow issuing false 403's, had to scale down.

About 192.99.  take a look at todays Top IP addresses on http://www.stopforumspam.com/
OVH is specializing in giving refuge to rats.

Roger that thank you very much I guess I'll do like you said, yeah I know that stopforumspam site ;) I have been tracking many of those from there :)

Quote from: Arantor on June 10, 2014, 07:18:02 PM
Technically any ban in the system will slow it down. Far better not to use IP bans in SMF but do it at the webserver level if possible, e.g. in .htaccess files.

An IP ban in SMF or the webserver will prevent accesses even by non-registered users.

The other good thing about doing it in .htaccess (apart from performance) is that the banned suckers wont fill your admin error log up all the time either, because they never get as far as the forum. Makes a big difference when Baidu or some other idiots are trying to hammer you.

Never thought about it but yes because SMF forum doesn't get affected so.. Then 2 times better :D thank you as well then!

Tried a10's code but doesn't work to me. Removed topic solved and asking one more time WHERE to put that damn code because I am like freaking out on this, also it's a VERY bad evening.

All I ever did was put the deny at the end of the .htaccess file.

deny from 91.236.75/24
deny from xxx.xx.xx.xx

In the above fashion.

Or like this .....

#######################################################################################
#Block bad IP
#######################################################################################
order allow,deny
deny from  24.91.97.152 114.130.28.154 91.207.7.182 91.207.4.14
allow from all

Either should work for you.

Thanks for your reply, I tried to put this exact code in there at the end:

#Block bad IP
#######################################################################################
order allow,deny
deny from  24.91.97.152 114.130.28.154 91.207.7.182 91.207.4.14 37.58.100. 46.118. 46.119 192.99. 31.41.
allow from all

I'll let you know if this works ;)

Hmmmm...I always use a single ip deny per line myself

Doesn't make any appreciable difference AFAIK.

Probably not, in terms of action... But in terms of being able to quickly scan the list of bans, one per line is easier to parse in my head

Thanks for your replies as always :)

Yeah I know it *shouldn't* make any difference but I was really freaking out because it wasn't working the other way so I totally copied and pasted it, I guess I will parse it in a better way for sure but after I checked that it works.

I mark this as solved again as I haven't seen anymore of those spambots attempting to register, I'll bump if I notice any other issue with this ;) thank to everybody for your kind assistance :D

Did NOT work. Guys I am beginning to get desperate atm!!! Where the heck am I wrong? An IP that was in a banned range just connected so it didn't work completely. I banned 37.58.100 but 37.58.100.149 managed to connect! Can I post the whole ht access file or I risk something in security?

*marks it as not solved, again  :'( *

How are you banning by range? In .htaccess I think it should be something like 37.58.100/255

Take a look at this site as it will help generate htaccess code- http://www.toshop.com/htaccess-generator.cfm

Quote from: a10 on June 10, 2014, 08:54:02 PM
Setup I posted above works fine here.

91.236.75.  = block 91.236.75.0-255
91.  = block everything starting with 91.

To test, use a proxy, example www.anonymouse.org, find it's ip and enter it in htaccess, and see if you get blocked (and get the 403 page) when trying to access your forum using the proxy.

Remember, any tiny error and nothing works anymore, so always check that the site acts normally after editing htaccess.

He said that.

Quote from: a10 on June 10, 2014, 08:54:02 PM
91.236.75.  = block 91.236.75.0-255
91.  = block everything starting with 91.

QuoteI banned 37.58.100 but 37.58.100.149

was that 37.58.100 or 37.58.100. (forgetting the last . )? And is the htaccess placed in root.

A (very effective) way to test that htaccess is working and recognized, try introducing an error, example:   defy from 37.58.100.
This will produce a 500 Internal Server Error (of course, fix it immeditely after the test).

Just added 91.213.93. here (some witless bot from Kazakhstan using the 91.213.93.* range, hammering my site with 1000's hits an hour), stopped instantly.

OK ... just how are you see that this banned IP has connected? What log?

Now, I have never banned an IP by simply doing 123.123.123. , I have always done a 123.123.123/24 or what ever value I wanted for a CIDR ban. Maybe not adding the /24 will work but I have not seen it done before.

As mentioned before, where are you putting the .htaccess file? It must reside in the webspace, in other words the SMF directory.

Take a look at this script, it works great at blocking and protecting a site. It will create an .htaccess file for you and you can then enter the banned IPs.

http://www.crawltrack.net/crawlprotect/download.php

deny from 123. = electrocute 123.*.*.*
deny from 123.123. = liquidate 123.123.*.*
deny from 123.123.123. = guillotine 123.123.123.*
deny from 123.123.123.123 = lynch 123.123.123.123

See 'Banning An IP Address' > http://blamcast.net/articles/block-bots-hotlinking-ban-ip-htaccess

Hmmm .... apparently I have been liquidating and guillotining quite a bit.   ;D

Thanks for the link.

was just expressing my deeper feelings about bots and spammers  :D

I tried hard and it seems to me that my ht access is set up like that but didn't work the last time... I don't know why it didn't work last time but I tried the defy thing and hell it works like a charm I tried a "supposed to be banned" IP address and it gave me error 500 so yeah it worked I believe.

Thanks for your replies, once more I will mark this as solved, hopefully forever xD but I will test it much more if I have further problems I will bump again :P

*yelling at the monitor*

Didn't work, AGAIN. I have a guest from 37.58.100.68 and I have banned the "37.58.100." so it didn't work. WTF?

This is my bloody htaccess file

##
# @version $Id: htaccess.txt 21101 2011-04-07 15:47:33Z dextercowley $
# @package Joomla
# @copyright Copyright (C) 2005 - 2011 Open Source Matters. All rights reserved.
# @license GNU General Public License version 2 or later; see LICENSE.txt
##

##
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE!
#
# The line just below this section: 'Options +FollowSymLinks' may cause problems
# with some server configurations.  It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file.  If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your sef url's.  If they work,
# it has been set by your server administrator and you do not need it set here.
##

## Can be commented out if causes errors, see notes above.
Options +FollowSymLinks

## Mod_rewrite in use.

RewriteEngine On

## Begin - Rewrite rules to block out some common exploits.
# If you experience problems on your site block out the operations listed below
# This attempts to block the most common type of exploit `attempts` to Joomla!
#
# Block out any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block out any script that includes a <script> tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root homepage
RewriteRule .* index.php [F]
#
#Set the timezone
SetEnv TZ Europe/Rome
## End - Rewrite rules to block out some common exploits.

## Begin - Custom redirects
#
# If you need to redirect some pages, or set a canonical non-www to
# www redirect (or vice versa), place that code here. Ensure those
# redirects use the correct RewriteRule syntax and the [R=301,L] flags.
#
## End - Custom redirects

##
# Uncomment following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root).
##

# /* modifica */
RewriteBase /
# /* fine */

## Begin - Joomla! core SEF Section.
#
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the request is for something within the component folder,
# or for the site root, or for an extensionless URL, or the
# requested URL ends with one of the listed extensions
RewriteCond %{REQUEST_URI} /component/|(/[^.]*|\.(php|html?|feed|pdf|vcf|raw))$ [NC]
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule .* index.php [L]
#
## End - Joomla! core SEF Section.

# /* modifica */
# # av:php5-engine
AddHandler av-php5 .php
# /* fine */

#Block bad IP
#######################################################################################
order allow,deny
deny from  24.91.97.152 114.130.28.154 91.207.7.182 91.207.4.14 37.58.100. 46.118. 46.119. 192.99. 31.41. 5.255.253.164 213.87.123.232 37.58.100.149 184.173.183.170 184.173.183.171
allow from all

^-- have you tried entering each IP on a separate line in the file?


deny from ip1
deny from ip2
--


I have tried that before but 2 things..
1) it wasn't working anyway
2)Arantor said that it should be the same...

Well im gonna try that AGAIN then >.< thanks for your suggestion..

Tried again and it works but half. It works if I manually ban EACH IP but it doesn't work if I try to ban an IP range such as 37.58.100. (and all the relative ones, so I had to ban them one by one) how to fix this? Thanks in advance for all your replies ;)

Banning subdomains under an IP block should work just fine - I'm surprised it isn't working for you.

However, try a subdomain block using CIDR

Eg,


deny from 37.58.100.0/24
deny from 46.118.0.0/16
deny from 46.119.0,0/16
deny from 192.99.0.0/16
deny from 31.41.0.0/16


Don't IP addresses end with 255 as highest number? Why 24 or 16 then? Sorry if I don't know this :(

Quote from: Shambles
However, try a subdomain block using CIDR

http://www.webopedia.com/TERM/C/CIDR.html

Indeed sorry about that I had not very much time to reply and couldn't google the whole explanation. However it "SEEMS" to work, once more, again, hopefully *again* last time.

I tried defy with a banned IP and it was giving me a 500 error so it SEEMS that it worked... It's now like this.

##
# @version $Id: htaccess.txt 21101 2011-04-07 15:47:33Z dextercowley $
# @package Joomla
# @copyright Copyright (C) 2005 - 2011 Open Source Matters. All rights reserved.
# @license GNU General Public License version 2 or later; see LICENSE.txt
##

##
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE!
#
# The line just below this section: 'Options +FollowSymLinks' may cause problems
# with some server configurations.  It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file.  If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your sef url's.  If they work,
# it has been set by your server administrator and you do not need it set here.
##

## Can be commented out if causes errors, see notes above.
Options +FollowSymLinks

## Mod_rewrite in use.

RewriteEngine On

## Begin - Rewrite rules to block out some common exploits.
# If you experience problems on your site block out the operations listed below
# This attempts to block the most common type of exploit `attempts` to Joomla!
#
# Block out any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block out any script that includes a <script> tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root homepage
RewriteRule .* index.php [F]
#
#Set the timezone
SetEnv TZ Europe/Rome
## End - Rewrite rules to block out some common exploits.

## Begin - Custom redirects
#
# If you need to redirect some pages, or set a canonical non-www to
# www redirect (or vice versa), place that code here. Ensure those
# redirects use the correct RewriteRule syntax and the [R=301,L] flags.
#
## End - Custom redirects

##
# Uncomment following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root).
##

# /* modifica */
RewriteBase /
# /* fine */

## Begin - Joomla! core SEF Section.
#
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the request is for something within the component folder,
# or for the site root, or for an extensionless URL, or the
# requested URL ends with one of the listed extensions
RewriteCond %{REQUEST_URI} /component/|(/[^.]*|\.(php|html?|feed|pdf|vcf|raw))$ [NC]
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule .* index.php [L]
#
## End - Joomla! core SEF Section.

# /* modifica */
# # av:php5-engine
AddHandler av-php5 .php
# /* fine */

#Block bad IP
#######################################################################################
order allow,deny
deny from  24.91.97.152
deny from  114.130.28.154
deny from  91.207.7.182
deny from  91.207.4.14
deny from  37.58.100.0/16
deny from  46.118. 46.119
deny from  192.99. 31.41
deny from  5.255.253.164
deny from  213.87.123.232
deny from  184.173.183.0/16
allow from all

Good.

Be aware that 37.58.100.0/16 will actually prohibit the range 37.58.*.* and not just 37.58.100.*

Ditto 184.173.183.0/16 will apply the prohibition to 184.173.*.*

Not good then, how could I ban only the 37.58.100.*.* range with that method?  :'(

37.58.100.0/24

As attached
47879 polygons in 3D
Total time: around 3 minutes (most of them for managing the screenshot ;) )

Lol.

Yeah, those S curves needs lotsa polys.

Yeah indeed they are pretty heavy xD the weapons I make are faraway lower in polys, it's kinda funny  :laugh:

Oh by the way I'll mark this as solved once more xD (I think it's the 3rd time or something like that lol)

I swear to god i am not trolling but this IP 37.58.100.167 managed to connect and it shouldn't have been possible as I have set deny from 37.58.100.0/24, so didn't really work even as it seemed to... It sounds damn crazy as if I try to defy from that IP it fails to connect but I did have this IP connected D: I attached a screenshot so you see that I'm not trolling you because it would seem so but really isn't  :'( :-X

*marks again as not solved and tries to kill his ht access file making it suffering painfully*

My htaccess again:
##
# @version $Id: htaccess.txt 21101 2011-04-07 15:47:33Z dextercowley $
# @package Joomla
# @copyright Copyright (C) 2005 - 2011 Open Source Matters. All rights reserved.
# @license GNU General Public License version 2 or later; see LICENSE.txt
##

##
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE!
#
# The line just below this section: 'Options +FollowSymLinks' may cause problems
# with some server configurations.  It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file.  If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your sef url's.  If they work,
# it has been set by your server administrator and you do not need it set here.
##

## Can be commented out if causes errors, see notes above.
Options +FollowSymLinks

## Mod_rewrite in use.

RewriteEngine On

## Begin - Rewrite rules to block out some common exploits.
# If you experience problems on your site block out the operations listed below
# This attempts to block the most common type of exploit `attempts` to Joomla!
#
# Block out any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block out any script that includes a <script> tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root homepage
RewriteRule .* index.php [F]
#
#Set the timezone
SetEnv TZ Europe/Rome
## End - Rewrite rules to block out some common exploits.

## Begin - Custom redirects
#
# If you need to redirect some pages, or set a canonical non-www to
# www redirect (or vice versa), place that code here. Ensure those
# redirects use the correct RewriteRule syntax and the [R=301,L] flags.
#
## End - Custom redirects

##
# Uncomment following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root).
##

# /* modifica */
RewriteBase /
# /* fine */

## Begin - Joomla! core SEF Section.
#
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the request is for something within the component folder,
# or for the site root, or for an extensionless URL, or the
# requested URL ends with one of the listed extensions
RewriteCond %{REQUEST_URI} /component/|(/[^.]*|\.(php|html?|feed|pdf|vcf|raw))$ [NC]
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule .* index.php [L]
#
## End - Joomla! core SEF Section.

# /* modifica */
# # av:php5-engine
AddHandler av-php5 .php
# /* fine */

#Block bad IP
#######################################################################################
order allow,deny
deny from  24.91.97.152
deny from  114.130.28.154
deny from  91.207.7.182
deny from  91.207.4.14
deny from  37.58.100.0/24
deny from  46.118. 46.119
deny from  192.99. 31.41
deny from  5.255.253.164
deny from  213.87.123.232
deny from  184.173.183.0/24
allow from all

Marking as solved again, and this is the last time, for reference --> http://www.simplemachines.org/community/index.php?topic=523925.0 many thanks to Lou69, Arantor, CoreISP, Shambles, Antechinus, Kindred and a10. :D

Useful links regarding the question:
http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order
http://httpd.apache.org/docs/current/mod/mod_access_compat.html#allow

Just a note about deny's, took htaccess away for a day (14.06) to check the bot activity, see attachment.

Thanks Flavio93Zena for bringing this up. I am starting to ban countries that are hammering our forum. Cant really tell what they are doing since our site is private but they are landing on the registration page by the hundreds.

SMF, is running IP bans in SMF on a dedicated power edge 1750, 2.4ghz, 2 Dual xeon cpu's, 4gig ram with 1 forum and 1 ftp cause a slow down?

I am running IIS, putting the banned CIDR in ->IIS ->SMF Website ->Directory Security ->IP address and Domain name restrictions suffice?

yes. Using the SMF ban system in that way will indeed have performance consequences

No problem I suggest you to read this guide it explains everything in details ;)

Still no one has moved it to tips and tricks but it's still good --> http://www.simplemachines.org/community/index.php?topic=524146.0

Well pooh, I am running SMF on M$ Server. Since .htaccess is Apache, I will see how M$ IIS "IP address and Domain name restrictions" in Directory Security works and remove IP bans from SMF Forum. I have apache on Server but I am running experimental SugarCRM on it.

I thought about putting CDIR block in my smoothwall but damn-it, linux not strong suite, need GUI!  :-[

Thanks for replies!

Well you're welcome I hope you can sort it out somehow. I know that htaccess stuff but I can't tell you how to find a workaround for that... Maybe posting a topic in here (http://www.simplemachines.org/community/index.php?board=60.0) would be more helpful ;)