Some info about IP bans requested

Started by Ninja ZX-10RR, June 10, 2014, 07:15:35 PM

Previous topic - Next topic

Ninja ZX-10RR

I have seen some topics in which Arantor (I'm sure you will read this as well so.. ;) ) was saying that IP bans can lead smf to work very much slower than normal and that's ok but my questions are 2, mainly:

  • How many bans can I use without slowing the system down? And does it depend also on how many users are online?
  • Can I ban an IP that has not yet created an account? I see a damn bot trying to register for days and I know it uses a static IP (91.236.75.85), I want it to get the *EHM* off my forum.

Thanks in advance as always  :)
Quote from: BeastMode topic=525177.msg3720020#msg3720020
It's so powerful that on this post and even in the two PMs you sent me,you still answered my question very quickly and you're apologizing for the delay. You're the #1 support I've probably ever encountered man, so much respect for that. Thank you, and get better soon.

I'll keep this in my siggy for a while just to remind me that someone appreciated what I did while others didn't.

♥ Jess ♥

STOP EDITING MY PROFILE

Arantor

Technically any ban in the system will slow it down. Far better not to use IP bans in SMF but do it at the webserver level if possible, e.g. in .htaccess files.

An IP ban in SMF or the webserver will prevent accesses even by non-registered users.

Ninja ZX-10RR

Thanks for your reply as always.

Hmm googling a bit I found some stuff about but as if this is a very important feature and I never used it I will ask twice to be really sure.

So if I just add this Order Deny,Allow
Deny from 91.236.75.85
Allow from all
will it work? But is there a dedicated place in which I should place that thing in .htaccess file?
Quote from: BeastMode topic=525177.msg3720020#msg3720020
It's so powerful that on this post and even in the two PMs you sent me,you still answered my question very quickly and you're apologizing for the delay. You're the #1 support I've probably ever encountered man, so much respect for that. Thank you, and get better soon.

I'll keep this in my siggy for a while just to remind me that someone appreciated what I did while others didn't.

♥ Jess ♥

STOP EDITING MY PROFILE

a10

Use 91.236.75. to get more ip's used by that spammer. Or even 91.236. as most in that range are ua, ru, pl etc.

My current:

<Files 403.shtml>
order allow,deny
allow from all
</Files>
deny from 31.41.
deny from 37.58.100.
deny from 46.118.
deny from 46.119.
deny from 192.99.
2.0.19, php 8.0.23, MariaDB 10.5.15. Mods: Contact Page, Like Posts, Responsive Curve, Search Focus Dropdown, Add Join Date to Post.

Ninja ZX-10RR

What does that files 403 stuff mean? I really don't know how to set this file and googling didn't help much as people are posting very much complicated custom stuff I don't need. I only need to ban that IP and nothing else... Also that 37.58.100.etc was harrassing me as well.
Quote from: BeastMode topic=525177.msg3720020#msg3720020
It's so powerful that on this post and even in the two PMs you sent me,you still answered my question very quickly and you're apologizing for the delay. You're the #1 support I've probably ever encountered man, so much respect for that. Thank you, and get better soon.

I'll keep this in my siggy for a while just to remind me that someone appreciated what I did while others didn't.

♥ Jess ♥

STOP EDITING MY PROFILE

a10

"the line <Files 403.shtml> indicates the page denied users are directed too. (403 - Forbidden)"

37.58.100. is one of the ahrefs pest bots. See http://blocklistpro.com/content-scrapers/ahrefsbot-seo-spybots.html

2.0.19, php 8.0.23, MariaDB 10.5.15. Mods: Contact Page, Like Posts, Responsive Curve, Search Focus Dropdown, Add Join Date to Post.

Ninja ZX-10RR

Thanks for the useful info :) hmm then I add like <Files 403.shtml>
order allow,deny
allow from all
</Files>
deny from 91.236.75.(85)
without the parenthesis and with or without the 85 to include more IP as I wish like you said. Now.. Where to place it in the file itself?
Quote from: BeastMode topic=525177.msg3720020#msg3720020
It's so powerful that on this post and even in the two PMs you sent me,you still answered my question very quickly and you're apologizing for the delay. You're the #1 support I've probably ever encountered man, so much respect for that. Thank you, and get better soon.

I'll keep this in my siggy for a while just to remind me that someone appreciated what I did while others didn't.

♥ Jess ♥

STOP EDITING MY PROFILE

a10

Setup I posted above works fine here.

91.236.75.  = block 91.236.75.0-255
91.  = block everything starting with 91.

To test, use a proxy, example www.anonymouse.org, find it's ip and enter it in htaccess, and see if you get blocked (and get the 403 page) when trying to access your forum using the proxy.

Remember, any tiny error and nothing works anymore, so always check that the site acts normally after editing htaccess.
2.0.19, php 8.0.23, MariaDB 10.5.15. Mods: Contact Page, Like Posts, Responsive Curve, Search Focus Dropdown, Add Join Date to Post.

Ninja ZX-10RR

Well thank you man :D I'll set it up the way I said or even your way if all those IP ranges are spambots? Are they manual bans or all spam crap? If the last one I'll just copy-paste yours ;)
Quote from: BeastMode topic=525177.msg3720020#msg3720020
It's so powerful that on this post and even in the two PMs you sent me,you still answered my question very quickly and you're apologizing for the delay. You're the #1 support I've probably ever encountered man, so much respect for that. Thank you, and get better soon.

I'll keep this in my siggy for a while just to remind me that someone appreciated what I did while others didn't.

♥ Jess ♥

STOP EDITING MY PROFILE

Lou69

Here are a few links for you. They will help you to understand blocking by CIDR and looking up addresses. I usually block by CIDR ( range ) as that is usually a quick way to stop a block of spammers. You can also use it for countries.

http://jodies.de/ipcalc

http://www.ipaddresslocation.org/ipaddress.shtml

http://www.ip2location.com/demo.aspx

Ninja ZX-10RR

Thank you as well :D and thank you twice as I had forgotten to mark as solved ;)
Quote from: BeastMode topic=525177.msg3720020#msg3720020
It's so powerful that on this post and even in the two PMs you sent me,you still answered my question very quickly and you're apologizing for the delay. You're the #1 support I've probably ever encountered man, so much respect for that. Thank you, and get better soon.

I'll keep this in my siggy for a while just to remind me that someone appreciated what I did while others didn't.

♥ Jess ♥

STOP EDITING MY PROFILE

a10

QuoteAre they manual bans or all spam crap?
37.58.100. is ahrefs, the others overactive spam. Used to put much more into htaccess, but got into trouble, the host somehow issuing false 403's, had to scale down.

About 192.99.  take a look at todays Top IP addresses on http://www.stopforumspam.com/
OVH is specializing in giving refuge to rats.

2.0.19, php 8.0.23, MariaDB 10.5.15. Mods: Contact Page, Like Posts, Responsive Curve, Search Focus Dropdown, Add Join Date to Post.

Ninja ZX-10RR

Roger that thank you very much I guess I'll do like you said, yeah I know that stopforumspam site ;) I have been tracking many of those from there :)
Quote from: BeastMode topic=525177.msg3720020#msg3720020
It's so powerful that on this post and even in the two PMs you sent me,you still answered my question very quickly and you're apologizing for the delay. You're the #1 support I've probably ever encountered man, so much respect for that. Thank you, and get better soon.

I'll keep this in my siggy for a while just to remind me that someone appreciated what I did while others didn't.

♥ Jess ♥

STOP EDITING MY PROFILE

Antechinus

Quote from: Arantor on June 10, 2014, 07:18:02 PM
Technically any ban in the system will slow it down. Far better not to use IP bans in SMF but do it at the webserver level if possible, e.g. in .htaccess files.

An IP ban in SMF or the webserver will prevent accesses even by non-registered users.

The other good thing about doing it in .htaccess (apart from performance) is that the banned suckers wont fill your admin error log up all the time either, because they never get as far as the forum. Makes a big difference when Baidu or some other idiots are trying to hammer you.

Ninja ZX-10RR

Never thought about it but yes because SMF forum doesn't get affected so.. Then 2 times better :D thank you as well then!
Quote from: BeastMode topic=525177.msg3720020#msg3720020
It's so powerful that on this post and even in the two PMs you sent me,you still answered my question very quickly and you're apologizing for the delay. You're the #1 support I've probably ever encountered man, so much respect for that. Thank you, and get better soon.

I'll keep this in my siggy for a while just to remind me that someone appreciated what I did while others didn't.

♥ Jess ♥

STOP EDITING MY PROFILE

Ninja ZX-10RR

Tried a10's code but doesn't work to me. Removed topic solved and asking one more time WHERE to put that damn code because I am like freaking out on this, also it's a VERY bad evening.
Quote from: BeastMode topic=525177.msg3720020#msg3720020
It's so powerful that on this post and even in the two PMs you sent me,you still answered my question very quickly and you're apologizing for the delay. You're the #1 support I've probably ever encountered man, so much respect for that. Thank you, and get better soon.

I'll keep this in my siggy for a while just to remind me that someone appreciated what I did while others didn't.

♥ Jess ♥

STOP EDITING MY PROFILE

Lou69

All I ever did was put the deny at the end of the .htaccess file.

deny from 91.236.75/24
deny from xxx.xx.xx.xx

In the above fashion.

Or like this .....

#######################################################################################
#Block bad IP
#######################################################################################
order allow,deny
deny from  24.91.97.152 114.130.28.154 91.207.7.182 91.207.4.14
allow from all

Either should work for you.

Ninja ZX-10RR

Thanks for your reply, I tried to put this exact code in there at the end:

#Block bad IP
#######################################################################################
order allow,deny
deny from  24.91.97.152 114.130.28.154 91.207.7.182 91.207.4.14 37.58.100. 46.118. 46.119 192.99. 31.41.
allow from all


I'll let you know if this works ;)
Quote from: BeastMode topic=525177.msg3720020#msg3720020
It's so powerful that on this post and even in the two PMs you sent me,you still answered my question very quickly and you're apologizing for the delay. You're the #1 support I've probably ever encountered man, so much respect for that. Thank you, and get better soon.

I'll keep this in my siggy for a while just to remind me that someone appreciated what I did while others didn't.

♥ Jess ♥

STOP EDITING MY PROFILE

Kindred

Hmmmm...I always use a single ip deny per line myself
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Arantor

Doesn't make any appreciable difference AFAIK.

Advertisement: