News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

IP ban bug, false positive?

Started by societyofrobots, February 07, 2009, 02:37:37 AM

Previous topic - Next topic

societyofrobots

I have a user complaining about being banned by IP.

Looking in my Forum Error Log, I see this:
QuoteApply Filter: Only show the error messages of this member  Guest       Today at 11:39:29 AM
Apply Filter: Only show the error messages of this IP address 95.24.67.52      Apply Filter: Only show the error messages of this session 23f7e436ce8a0a4a6f23d1d3bca189a9
Apply Filter: Only show the error messages of this URL http://www.myurl.com/forum/index.php
Apply Filter: Only show the errors with the same message
Sorry Guest, you are banned from using this forum!
known spammer IP

However checking both my 'Ban list' and my 'Ban log', nothing is to be seen referring to his IP. I also had him do a trace route, and not a single IP in that route matches any of my IP bans. And nope, not even fits within IP ban ranges.

Apparently someone else reported the same problem years ago:
http://www.simplemachines.org/community/index.php?topic=76480.0

He has a Russian IP, so I could just unblock all my Russian IP addresses, but I'd rather not invite the spammers to return . . .

thoughts?


edit: The user can register with the forum from his work computer no problem, but not his home computer.

societyofrobots

For the non-believers, this is my full IP ban list:
IP: 82.204.219.220     0     Modify     
IP: 209.85.201.114    0    Modify    
IP: 66.220.20.52    0    Modify    
IP: 83.237.190.178    0    Modify    
IP: 194.165.42.*    949    Modify    
IP: 84.228.238.141    0    Modify    
IP: 94.180.193.67    0    Modify    
IP: 92.115.215.96    0    Modify    
IP: 213.79.86.50    19    Modify    
IP: 89.149.253.223    130    Modify    
IP: 64.251.29.31    1    Modify    
IP: 87.118.124.*    116    Modify    
IP: 78.110.175.*    125    Modify    
IP: 92.241.168.*    69    Modify    
IP: 89.232.64-127.*    4    Modify    
IP: 213.148.168-188.*    6    Modify    
IP: 78.26.179.253    0    Modify    
IP: 89.178.*.*    149    Modify    
IP: 94.102.48-63.*    50    Modify    
Email: *@list.ru    0    Modify    
IP: 91.76-78.0-127.*    50    Modify    
IP: 87.118.96-127.*    737    Modify    
IP: 83.237.160-255.*    22    Modify    
IP: 87.248.176-191.*    27    Modify    
IP: 89.149.195.*    71    Modify    
Email: *@searchengineshome.org    0    Modify    
Email: *@komatoz.net    0    Modify    
IP: 91.144.165.26    0    Modify
IP: 194.44.29.*     0     Modify     
IP: 79.143.177.*    5    Modify    
IP: 78.157.128-159.*    49    Modify    
IP: 89.248.162.128-255    13    Modify    
IP: 88.119.247.27    19    Modify    
IP: 212.95.54.*    108    Modify    
IP: 84.19.176-191.*    280    Modify    
IP: 92.112.192-255.*    88    Modify    
IP: 193.109.248-249.*    27    Modify    
IP: 83.138.128.64-127    0    Modify    
IP: 83.138.132.192-255    0    Modify    
IP: 77.108.96.48-55    0    Modify    
IP: 84.243.196.*    21    Modify

metallica48423

If you go to his profile, does it list him as having a ban?
Justin O'Leary
Ex-Project Manager
Ex-Lead Support Specialist

QuoteMicrosoft wants us to "Imagine life without walls"...
I say, "If there are no walls, who needs Windows?"


Useful Links:
Online Manual!
How to Help us Help you
Search
Settings Repair Tool

societyofrobots

Quote from: metallica48423 on February 07, 2009, 03:18:27 AM
If you go to his profile, does it list him as having a ban?
Nope, not listed as having a ban. He is able to use the forum with no problems from his work computer.

Only from his home computer does it say his IP is banned.

societyofrobots

I'm still totally stumped on this . . . he just sent me this email:

QuoteI had about 10 guys in Russia (including one from my ISP) trying and none of them had this issue.

greyknight17

societyofrobots, is this issue resolved now?

If not, are you using any modified .htaccess file that may be blocking his IP address? Are you using any hostname bans on your forum?

societyofrobots

Quote from: greyknight17 on February 27, 2009, 11:44:32 AM
societyofrobots, is this issue resolved now?

If not, are you using any modified .htaccess file that may be blocking his IP address? Are you using any hostname bans on your forum?
Nope, it has not been resolved. I am not using a modified .htaccess file. I deleted all the hostname bans, but still didn't solve anything. A traceroute showed he wasn't using any of those hosts.

lovearat

I had this same issue on my forum with one of my members. Everything I looked at was  in order. I finally contacted my host. They had blocked this member's IP as a known spammer. When in fact they were not a spammer.  I got them to unblock it. Try contacting your host to see if this might be what has happened to your member.
<span style="font-size: 12px; color: red;">Do Not Pm Me For Support. Please use the appropriate board</span>

societyofrobots

Quote from: lovearat on March 21, 2009, 12:37:30 PM
I had this same issue on my forum with one of my members. Everything I looked at was  in order. I finally contacted my host. They had blocked this member's IP as a known spammer. When in fact they were not a spammer.  I got them to unblock it. Try contacting your host to see if this might be what has happened to your member.
Its not my host. The forum returns this error:
"Sorry Guest, you are banned from using this forum!"

JimM

Looking at your OP, the "known spammer IP" appears to be the text that someone put in the Reason field of the ban.  Somehow you have a ban trigger that is working on this member.  Please provide a temporary admin login and password and your forum URL and I will take a look.  You can PM me the specifics.
Jim "JimM" Moore
Former Support Specialist

societyofrobots

Quote from: JimM on March 27, 2009, 09:30:24 PM
Looking at your OP, the "known spammer IP" appears to be the text that someone put in the Reason field of the ban.
Yeap, that's what I put in my ban reason field. Except as mentioned before, his IP, his host, his traceroute, and anything remotely related to him wasn't in any actual ban (as shown above).

QuoteSomehow you have a ban trigger that is working on this member.  Please provide a temporary admin login and password and your forum URL and I will take a look.  You can PM me the specifics.
In exchange for your credit card info =P

You won't see anything now. I ended up deleting the above listed IP bans and suddenly the user wasn't banned any more.

JimM

Just proves my point.  Marked as solved.
Jim "JimM" Moore
Former Support Specialist

societyofrobots

Ehhhh not sure what point that proved . . . well, problem not solved, nor even understood . . . just worked around by disabling IP bans . . .

Tyrsson

AN IP ban is just that. A ban that is triggered by the IP of the user. Many times members will get caught in an IP ban problem if a member has a Dynamic IP which means it changes from time to time. Also, if a spammer has a Dynamic then it seems to reason that they could get around an IP ban if theirs changes from time to time. Ban on IP, username, email. Then if a member that is not a spammer gets caught just remove the IP as a trigger but leave the username and email which will prevent them from logging in with the same username.
PM at your own risk, some I answer, if they are interesting, some I ignore.

george54

Quite late on this one, but it looks to me as though you were banning IP ranges, as well as Russian domains. So, yes, your Russian buddy within that IP range would have been banned, and removing all the IP bans would have 'solved' the problem.

george54

Oh, and thanks for your IP ban list. Yours overlaps mine. Seems we have some constant offenders here.

I run a very local forum. No one here has the time to search IPs and junk up SMF forums. Is it possible to ban by nation? And how can I get a list of nation domain 'extentions' (I mean like *.ru and all)

TIA

societyofrobots

The problem has happened again. This time a user in Germany IP 91.20.255.216.

His IP, nor any IP listed in a traceroute from his IP to my server, is banned. Yet it says he is banned!

JimM

Is SMF reporting that he is banned or your server logs?
Jim "JimM" Moore
Former Support Specialist


JimM

Quote from: Tyrsson on April 07, 2009, 05:30:33 AM
AN IP ban is just that. A ban that is triggered by the IP of the user. Many times members will get caught in an IP ban problem if a member has a Dynamic IP which means it changes from time to time. Also, if a spammer has a Dynamic then it seems to reason that they could get around an IP ban if theirs changes from time to time. Ban on IP, username, email. Then if a member that is not a spammer gets caught just remove the IP as a trigger but leave the username and email which will prevent them from logging in with the same username.

Does this user show a ban in his profile?
Jim "JimM" Moore
Former Support Specialist

Advertisement: