Some info about IP bans requested

Kindred · Juni 13, 2014, 09:42:23 NACHMITTAGS

Probably not, in terms of action... But in terms of being able to quickly scan the list of bans, one per line is easier to parse in my head

Ninja ZX-10RR · Juni 13, 2014, 09:46:42 NACHMITTAGS

Thanks for your replies as always

Yeah I know it *shouldn't* make any difference but I was really freaking out because it wasn't working the other way so I totally copied and pasted it, I guess I will parse it in a better way for sure but after I checked that it works.

Ninja ZX-10RR · Juni 14, 2014, 08:26:36 NACHMITTAGS

I mark this as solved again as I haven't seen anymore of those spambots attempting to register, I'll bump if I notice any other issue with this

thank to everybody for your kind assistance

Ninja ZX-10RR · Juni 15, 2014, 03:38:38 VORMITTAG

Did NOT work. Guys I am beginning to get desperate atm!!! Where the heck am I wrong? An IP that was in a banned range just connected so it didn't work completely. I banned 37.58.100 but 37.58.100.149 managed to connect! Can I post the whole ht access file or I risk something in security?

*marks it as not solved, again

*

br360 · Juni 15, 2014, 03:57:41 VORMITTAG

How are you banning by range? In .htaccess I think it should be something like 37.58.100/255

Take a look at this site as it will help generate htaccess code- http://www.toshop.com/htaccess-generator.cfm

Ninja ZX-10RR · Juni 15, 2014, 04:18:40 VORMITTAG

Zitat von: a10 in Juni 10, 2014, 08:54:02 NACHMITTAGS
Setup I posted above works fine here.

91.236.75. = block 91.236.75.0-255
91. = block everything starting with 91.

To test, use a proxy, example www.anonymouse.org, find it's ip and enter it in htaccess, and see if you get blocked (and get the 403 page) when trying to access your forum using the proxy.

Remember, any tiny error and nothing works anymore, so always check that the site acts normally after editing htaccess.

He said that.

Zitat von: a10 in Juni 10, 2014, 08:54:02 NACHMITTAGS
91.236.75. = block 91.236.75.0-255
91. = block everything starting with 91.

a10 · Juni 15, 2014, 07:16:26 VORMITTAG

ZitatI banned 37.58.100 but 37.58.100.149

was that 37.58.100 or 37.58.100. (forgetting the last . )? And is the htaccess placed in root.

A (very effective) way to test that htaccess is working and recognized, try introducing an error, example: defy from 37.58.100.
This will produce a 500 Internal Server Error (of course, fix it immeditely after the test).

Just added 91.213.93. here (some witless bot from Kazakhstan using the 91.213.93.* range, hammering my site with 1000's hits an hour), stopped instantly.

Lou69 · Juni 15, 2014, 08:13:58 VORMITTAG

OK ... just how are you see that this banned IP has connected? What log?

Now, I have never banned an IP by simply doing 123.123.123. , I have always done a 123.123.123/24 or what ever value I wanted for a CIDR ban. Maybe not adding the /24 will work but I have not seen it done before.

As mentioned before, where are you putting the .htaccess file? It must reside in the webspace, in other words the SMF directory.

Take a look at this script, it works great at blocking and protecting a site. It will create an .htaccess file for you and you can then enter the banned IPs.

http://www.crawltrack.net/crawlprotect/download.php

a10 · Juni 15, 2014, 08:58:49 VORMITTAG

deny from 123. = electrocute 123.*.*.*
deny from 123.123. = liquidate 123.123.*.*
deny from 123.123.123. = guillotine 123.123.123.*
deny from 123.123.123.123 = lynch 123.123.123.123

See 'Banning An IP Address' > http://blamcast.net/articles/block-bots-hotlinking-ban-ip-htaccess

Lou69 · Juni 15, 2014, 09:08:45 VORMITTAG

Hmmm .... apparently I have been liquidating and guillotining quite a bit.

Thanks for the link.

a10 · Juni 15, 2014, 09:38:31 VORMITTAG

was just expressing my deeper feelings about bots and spammers

Ninja ZX-10RR · Juni 15, 2014, 11:55:06 VORMITTAG

I tried hard and it seems to me that my ht access is set up like that but didn't work the last time... I don't know why it didn't work last time but I tried the defy thing and hell it works like a charm I tried a "supposed to be banned" IP address and it gave me error 500 so yeah it worked I believe.

Thanks for your replies, once more I will mark this as solved, hopefully forever xD but I will test it much more if I have further problems I will bump again

Ninja ZX-10RR · Juni 15, 2014, 12:57:21 NACHMITTAGS

*yelling at the monitor*

Didn't work, AGAIN. I have a guest from 37.58.100.68 and I have banned the "37.58.100." so it didn't work. WTF?

This is my bloody htaccess file

Code Auswählen


##
# @version		$Id: htaccess.txt 21101 2011-04-07 15:47:33Z dextercowley $
# @package		Joomla
# @copyright	Copyright (C) 2005 - 2011 Open Source Matters. All rights reserved.
# @license		GNU General Public License version 2 or later; see LICENSE.txt
##

##
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE!
#
# The line just below this section: 'Options +FollowSymLinks' may cause problems
# with some server configurations.  It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file.  If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your sef url's.  If they work,
# it has been set by your server administrator and you do not need it set here.
##

## Can be commented out if causes errors, see notes above.
Options +FollowSymLinks

## Mod_rewrite in use.

RewriteEngine On

## Begin - Rewrite rules to block out some common exploits.
# If you experience problems on your site block out the operations listed below
# This attempts to block the most common type of exploit `attempts` to Joomla!
#
# Block out any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block out any script that includes a <script> tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root homepage
RewriteRule .* index.php [F]
#
#Set the timezone
SetEnv TZ Europe/Rome
## End - Rewrite rules to block out some common exploits.

## Begin - Custom redirects
#
# If you need to redirect some pages, or set a canonical non-www to
# www redirect (or vice versa), place that code here. Ensure those
# redirects use the correct RewriteRule syntax and the [R=301,L] flags.
#
## End - Custom redirects

##
# Uncomment following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root).
##

# /* modifica */
RewriteBase /
# /* fine */

## Begin - Joomla! core SEF Section.
#
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the request is for something within the component folder,
# or for the site root, or for an extensionless URL, or the
# requested URL ends with one of the listed extensions
RewriteCond %{REQUEST_URI} /component/|(/[^.]*|\.(php|html?|feed|pdf|vcf|raw))$ [NC]
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule .* index.php [L]
#
## End - Joomla! core SEF Section.

# /* modifica */
# # av:php5-engine
AddHandler av-php5 .php
# /* fine */

#Block bad IP
#######################################################################################
order allow,deny
deny from  24.91.97.152 114.130.28.154 91.207.7.182 91.207.4.14 37.58.100. 46.118. 46.119. 192.99. 31.41. 5.255.253.164 213.87.123.232 37.58.100.149 184.173.183.170 184.173.183.171
allow from all

Shambles · Juni 15, 2014, 01:05:24 NACHMITTAGS

^-- have you tried entering each IP on a separate line in the file?

Code Auswählen


deny from ip1
deny from ip2
--

Ninja ZX-10RR · Juni 15, 2014, 01:23:22 NACHMITTAGS

I have tried that before but 2 things..
1) it wasn't working anyway
2)Arantor said that it should be the same...

Well im gonna try that AGAIN then >.< thanks for your suggestion..

Ninja ZX-10RR · Juni 15, 2014, 02:41:49 NACHMITTAGS

Tried again and it works but half. It works if I manually ban EACH IP but it doesn't work if I try to ban an IP range such as 37.58.100. (and all the relative ones, so I had to ban them one by one) how to fix this? Thanks in advance for all your replies

Shambles · Juni 15, 2014, 02:56:47 NACHMITTAGS

Banning subdomains under an IP block should work just fine - I'm surprised it isn't working for you.

However, try a subdomain block using CIDR

Eg,

Code Auswählen


deny from 37.58.100.0/24
deny from 46.118.0.0/16
deny from 46.119.0,0/16
deny from 192.99.0.0/16
deny from 31.41.0.0/16

Ninja ZX-10RR · Juni 15, 2014, 02:59:16 NACHMITTAGS

Don't IP addresses end with 255 as highest number? Why 24 or 16 then? Sorry if I don't know this

Shambles · Juni 15, 2014, 03:10:58 NACHMITTAGS

Zitat von: Shambles
However, try a subdomain block using CIDR

http://www.webopedia.com/TERM/C/CIDR.html

Ninja ZX-10RR · Juni 15, 2014, 03:54:23 NACHMITTAGS

Indeed sorry about that I had not very much time to reply and couldn't google the whole explanation. However it "SEEMS" to work, once more, again, hopefully *again* last time.

I tried defy with a banned IP and it was giving me a 500 error so it SEEMS that it worked... It's now like this.

Code Auswählen


##
# @version		$Id: htaccess.txt 21101 2011-04-07 15:47:33Z dextercowley $
# @package		Joomla
# @copyright	Copyright (C) 2005 - 2011 Open Source Matters. All rights reserved.
# @license		GNU General Public License version 2 or later; see LICENSE.txt
##

##
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE!
#
# The line just below this section: 'Options +FollowSymLinks' may cause problems
# with some server configurations.  It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file.  If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your sef url's.  If they work,
# it has been set by your server administrator and you do not need it set here.
##

## Can be commented out if causes errors, see notes above.
Options +FollowSymLinks

## Mod_rewrite in use.

RewriteEngine On

## Begin - Rewrite rules to block out some common exploits.
# If you experience problems on your site block out the operations listed below
# This attempts to block the most common type of exploit `attempts` to Joomla!
#
# Block out any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block out any script that includes a <script> tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root homepage
RewriteRule .* index.php [F]
#
#Set the timezone
SetEnv TZ Europe/Rome
## End - Rewrite rules to block out some common exploits.

## Begin - Custom redirects
#
# If you need to redirect some pages, or set a canonical non-www to
# www redirect (or vice versa), place that code here. Ensure those
# redirects use the correct RewriteRule syntax and the [R=301,L] flags.
#
## End - Custom redirects

##
# Uncomment following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root).
##

# /* modifica */
RewriteBase /
# /* fine */

## Begin - Joomla! core SEF Section.
#
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the request is for something within the component folder,
# or for the site root, or for an extensionless URL, or the
# requested URL ends with one of the listed extensions
RewriteCond %{REQUEST_URI} /component/|(/[^.]*|\.(php|html?|feed|pdf|vcf|raw))$ [NC]
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule .* index.php [L]
#
## End - Joomla! core SEF Section.

# /* modifica */
# # av:php5-engine
AddHandler av-php5 .php
# /* fine */

#Block bad IP
#######################################################################################
order allow,deny
deny from  24.91.97.152 
deny from  114.130.28.154 
deny from  91.207.7.182 
deny from  91.207.4.14 
deny from  37.58.100.0/16
deny from  46.118. 46.119 
deny from  192.99. 31.41 
deny from  5.255.253.164 
deny from  213.87.123.232 
deny from  184.173.183.0/16
allow from all

Simple Machines Community Forum

Neuigkeiten:

Some info about IP bans requested

Kindred

Ninja ZX-10RR

Ninja ZX-10RR

Ninja ZX-10RR

br360

Ninja ZX-10RR

a10

Lou69

a10

Lou69

a10

Ninja ZX-10RR

Ninja ZX-10RR

Shambles

Ninja ZX-10RR

Ninja ZX-10RR

Shambles

Ninja ZX-10RR

Shambles

Ninja ZX-10RR