How can I get rid of IP address of guest list?

Started by jsx, February 25, 2021, 02:07:20 PM

Previous topic - Next topic

jsx

Hi,

Someone registered on the forum with no active activity. He was logged in for a few hours. His activity was unknown. I used this trick to preview his activity. So I decided to ban him. Although he was banned, he was still on the forum (IP). A strange thing, because after the ban, he should leave the forum. Then I decided to delete his account, but his details are still banned. And now that former user is still on the forum every day. I can see his IP which is guest in the user list. I decided to redirect him to another page, but despite this redirect he is still on the forum as a guest. How is it possible? The redirect feature does it in a second, so he shouldn't be visible in the forum as a guest. Is this some kind of bot/script? A normal person would leave the forum after being banned. How can I get rid of this IP address of guest list?

Aleksi "Lex" Kilpinen

As long as they can reach any SMF function, triggering bans included, you'll see them. But they can't access anything.
Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

jsx

I believe that this is not a normal user, but some bot because I have banned a few users and they are not on the forum (their IP) they left the forum after receiving a ban. And this IP is there all the time and all the time it generates errors in the error log. No other banned user generates errors, only this one banned IP generates a lot of errors. And the strange thing is that the modification that can redirect a normal banned user cannot redirect the IP I mentioned.


Kindred

it is an IPv4 address or an IPv6 address?

Because there is no "works for one IP but not for others" option....    Systems either work or don't work based on logic in the code.

What "errors" is it triggering.

The "who's online" list just shows who is connected to the system -- this includes IPs that are banned --   because they are connected and seeing the "you are banned" message...  but the who's online list will show whatever they were trying to access.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

a10

"How can I get rid of this IP address"
Well, stop it from reaching the website > ban in htaccess.
2.0.19, php 8.0.23, MariaDB 10.5.15. Mods: Contact Page, Like Posts, Responsive Curve, Search Focus Dropdown, Add Join Date to Post.

jsx

Quote from: Kindred on February 25, 2021, 03:44:06 PM
it is an IPv4 address or an IPv6 address?

It is an IPv4 address.

Quote from: Kindred on February 25, 2021, 03:44:06 PM
What "errors" is it triggering.

The error log contains more than 3,000 errors:

/index.php?action=shoutbox;sa=get;msg_session=6713886;xml;row=53

/index.php?action=recenttopics;latest=1614269139;xml

I understand these might be normal ban errors, but no other banned user is generating errors like this one ex-user.

Quote from: a10 on February 25, 2021, 04:16:53 PM
"How can I get rid of this IP address"
Well, stop it from reaching the website > ban in htaccess.

How exactly to do this? I have SSL redirection set up in my .htaccess file.

Aleksi "Lex" Kilpinen

Those aren't exactly errors, they are just the urls, and at least one is directly related to a mod. What are the actual error messages?
Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

a10

Quoteip ban "How exactly to do this?"

https://www.google.com/search?q=htaccess+ip+ban
https://www.google.com/search?q=htaccess+ip+ban+range

Examples, single ip & 3 types of range:

Order Allow,Deny
Deny from 44.44.44.44
Deny from 55.55.55.
Deny from 66.66.
Deny from 77.77.77.0/24
Allow from all
2.0.19, php 8.0.23, MariaDB 10.5.15. Mods: Contact Page, Like Posts, Responsive Curve, Search Focus Dropdown, Add Join Date to Post.

jsx

Quote from: Aleksi "Lex" Kilpinen on February 26, 2021, 03:54:53 AM
Those aren't exactly errors, they are just the urls, and at least one is directly related to a mod. What are the actual error messages?

It looks like:

https://i.imgur.com/q95DYsJ.png

Sorry Guest, you have been banned from this forum!
Your ban will not expire.

@a10

Thanks for the explanation.

Aleksi "Lex" Kilpinen

Yeah, those "errors" are simply informing you that your ban works. Nothing to worry about, but admittedly annoying if they keep on piling up.
Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

a10

About ip bans, overdoing nr of entries (have previously enthusisatically tried that route :O) = trouble sooner or later, loss of overview, legit ip's \ members getting blocked etc. Ban only the worst \ long time offenders, remove outdated entries regularly. And htaccess is sensitive for any minuscule errors, like one . missing = site unreacheable.
2.0.19, php 8.0.23, MariaDB 10.5.15. Mods: Contact Page, Like Posts, Responsive Curve, Search Focus Dropdown, Add Join Date to Post.

jsx

Quote from: Aleksi "Lex" Kilpinen on February 26, 2021, 08:23:22 AM
Yeah, those "errors" are simply informing you that your ban works. Nothing to worry about, but admittedly annoying if they keep on piling up.

Thanks for the clarification.

Quote from: a10 on February 26, 2021, 01:16:50 PM
About ip bans, overdoing nr of entries (have previously enthusisatically tried that route :O) = trouble sooner or later, loss of overview, legit ip's \ members getting blocked etc. Ban only the worst \ long time offenders, remove outdated entries regularly. And htaccess is sensitive for any minuscule errors, like one . missing = site unreacheable.

Thanks for the clarification.

Advertisement: