banned IP address still posting

[iainfisher]

Every so often I have someone banned who is still able to post.

A while ago I did a full ban on an IP address, and the ban has not expired.  Someone with the same IP address posts successfully as a guest.  I try and ban again and I get the message "This ban trigger (**.***.**.***) already exists in ****." (stars added by me).  The original ban was created months ago, before the post, and the error message shows the ban is in effect.

How does this happen?  It has happened a few times with difference IP addresses and different bans.

I am running version 2.0.2 with the Stop Spammer mod.

Doing a search I found others (adrianbj etc) had the same problem but didn't get an answer:
http://www.simplemachines.org/community/index.php?topic=429310.msg3014009;topicseen#msg3014009
http://www.simplemachines.org/community/index.php?topic=429310.msg3014767#msg3014767

Any help gratefully received.

Iain
PS have a good 2012

[iainfisher]

Can anyone help?  Some banned ip addesses can still post even though there is a full ban in place.  This happens a couple of times a wek with different ip addresses which are banned.

[iainfisher]

Is my query too difficult, or am I doing something wrong?  Some support would be welcome.

Yesterday someone posted as a guest, but their IP address was banned on 24 Dec.  I have checked the ban, it hasn't expired, it is for the same IP address and it is a full ban.  There have been 9 hits from this address.

Any help very welcome.  If you need more info please let me know.

Iain

[Shambles]

Hi

If a registered member is banned [via IP address only] can he too continue to post, or is it just unassociated/guest IP addresses that "get through"?

If you're not sure, I'll register at your site and leave a message linking to this post. You can ban that account (IP only) and we can take it from there.

(PS, I'm just an SMF user like yourself; my coding skills are at the device driver/assembler level but I'm sure we can get to the bottom of your problem).

[iainfisher]

Hi,

I've not had banned members coming back, and most IP addesses that are banned don't come back (some make hundreds of attempts).  You are welcome to try and I will ban you

www.iainfisher.com/dis

I have also undeleted the last spam message who managed to post despite a ban on the IP address (it is in the General section) so you can see that.

Thanks for the help

Iain

[Shambles]

You'll need to approve my registration Iain 

[iainfisher]

Done it

[krash661]

I also have the same problem,I just delete the account of that I.P with the ban in effect.And still have the issue whether the account is deleted or not.

[pols1337]

You may want to try adding the package "httpBL" ... I just installed the latest version yesterday, and it's amazing.  It also has excellent documentation on creating a honeypot and installing the package. 

Before, I was forced to manually approve members since so many spam accounts were being created.  Now, I can let users create their own accounts without worrying.   I also had the same problem of a spam user, who was clearly banned (and it said so next to their IP in their Profile ... BANNED), but he was still making posts in one of my boards. 

[Shambles]

We'll have to wait and see what Iain has done as it now seems to be working ok on his forum.

[iainfisher]

After I banned you (and you managed to post) I haven't changed anything.  I've included two scans of the original ban (and you managed to post after this) and I just tried banning you again and it says you are already banned.

The scans are here




and here





(the scans are easier to read here http://iainfisher.com/dis/index.php?topic=18820.0 )
Iain

[Shambles]

So it seems to be a time-related thing.

I found this bit of code (function) in \Sources\Security.php

Code Select Expand

// Do banning related stuff.  (ie. disallow access....)
function is_not_banned($forceCheck = false)
{
global $txt, $modSettings, $context, $user_info;
global $sourcedir, $cookiename, $user_settings, $smcFunc;

// You cannot be banned if you are an admin - doesn't help if you log out.
if ($user_info['is_admin'])
return;

// Only check the ban every so often. (to reduce load.)
if ($forceCheck || !isset($_SESSION['ban']) || empty($modSettings['banLastUpdated']) || ($_SESSION['ban']['last_checked'] < $modSettings['banLastUpdated'])
            || $_SESSION['ban']['id_member'] != $user_info['id'] || $_SESSION['ban']['ip'] != $user_info['ip'] || $_SESSION['ban']['ip2'] != $user_info['ip2']
            || (isset($user_info['email'], $_SESSION['ban']['email']) && $_SESSION['ban']['email'] != $user_info['email']))


Maybe a more enlightened member could comment on the time element of the conditional that follows  "// Only check the ban every so often. (to reduce load.)"

[Aleksi "Lex" Kilpinen]

Hi, I'm just going through old topics that are not yet marked solved.
Is thisr issue solved or do you still require assistance with this?