|
|
|
This tiny article was born after one incident for my web site, which was hacked by a turkey group, so I can't access/read my web site, so I did some coding to redirect the page when the particular IP was detected by PHP code, ok let’s start with general hacking information...
Dealing with hack attempts, evil web bots, and worms has been an ongoing headache.
Most of these problems come from dynamic IP addresses, so simply blocking the offender is only a temporary solution, and we may use to Examining logs and putting blocks in place is time consuming. Remembering to remove blocks on dynamic IP addresses is also a problem.
So we can block particular IP/ranges, even the proxy IP through the following simple code
|
<?php
$ip_proxy=$_SERVER ["HTTP_X_FORWARDED_FOR"];
?> | |
The above line refers the predefined variable in PHP $_SERVER is an array containing information such as headers, paths, and script locations. The entries in this array are created by the web server.
The $_SERVER ['HTTP_X_FORWARDED_FOR'] header giving the IP address of the connection that it proxies, so we use to separate the IP and it's proxy address by using explode function., also we can get the IP address by using $_SERVER['REMOTE_ADDR'] but which is not worth full in web site hosted by sub domain.
I hope you all know about the explode function that is Split a string by string
| <?php
$tnt=explode (',',$ip_proxy);
$ip=explode ('.',$tnt[0]);
$proxy=explode ('.',$tnt[1]);
?> | |
next thing is we should block all of the IP addresses which are in the text file, so we should enter the IP addresses which are to be blocked. here I have specified some turkey IP address in the text file which doesn’t have the full structure of the IP address format, I took onlythree digits. You can change the code for checking full format of IP address!.
| <?php
$filename="input.txt";//text file
$lines = array (); //set as array
$file = fopen ($filename, "r"); //Open the file for reading only
while (! feof ($file)) { //read file line by line into a new array element
$lines [] = fgets ($file, 4096); //Gets line from file pointer
}
$x = count ($lines);
for ($y = 0; $y < $x; $y++) {
if((trim($lines[$y])==$ip[0])||(trim($lines[$y])==$proxy[1]))//check the IP/proxy address
{ echo 'Banned';//if IP match the listed IP means ,you can redirect/do some function here .
}
else { echo 'welcome'; }
}
I hope above simple code is useful and learn something about IP blocking, Happy Blocking!!
"
?> | |
|
|
| A damaged image generator (class) for validating text.
CAPTCHA - Completely Automated Public Turing test to tell Computers and Humans Apart
Categories : PHP, PHP Classes, Security, GD image library, Security | | | Simple Password example
Categories : PHP, Authentication, Security, HTTP | | | Encoding data using PGP via PHP's proc_* functions
Categories : Cryptography, Security, Email, PHP, PGP | | | send_mail function to defeat Header Injection Hacking/Spamming
Categories : PHP, Email, Form Processing, Security | | | Passgen: Automatically generate mixed case alpha numeric passwords
Categories : PHP, Security | | | $REMOTE_HOST does not return a value.
Categories : PHP, Global Variables, HTTP | | | Function that does language negotiation based on the Accept-Language header, a cookie or host name
Categories : HTTP, PHP, Cookies | | | Remote File Size
Categories : PHP, Filesystem, HTTP, Sockets | | | Creates a CAPTCHA image in PHP, which displays 5 numbers stored in a session.
Categories : PHP, GD image library, Form Processing, Security | | | Generating and Matching Secure and Strong Password Hash
Categories : PHP, PHP Classes, Cryptography, Security | | | IPTables Bandwidth statics
Categories : PHP, Security, Network | | | Script to check values being submitted by POST or GET method from a form. This script may help diagnose what variables are being supplied by a browser to other php scripts.
Categories : HTML, Variables, Debugging, PHP, HTTP | | | Dollar Serial Number Validator
Categories : PHP, Security, Algorithms | | | valid link!
Categories : HTTP, URLs, PHP | | | The following snippet gives complete info about all submitted
HTTP_POST_VARS and HTTP_GET_VARS
Categories : Variables, HTTP, PHP | |
|
|
