phpBB IP range banning/blocking?

[Genesis]

When I checked my AWstats of my phpBB Forum today (hosted at another Website) I noticed that I'd been "ddosed" by someone. Well not hugely, but their mischief involved about 6000 hits in one day, increasing my bandwidth and disk space by a good size number.

The IP numbers were in the range of 82.80.*.* and 192.114.*. I checked, and it is a known "hacker" using both IP ranges.

http://whatismyipaddress.com/ip/192.114.71.13
Note all of the comments. This is a BAD BAD dude!

I'm not a super expert on the admin side of phpBB, so maybe un4 or Chris who have years of experience may be able to help.

I've gone into my Admin and did a block banning as follows:

82.80.*.*

And

192.114.*.*

My questions are:

1. Did I do the range banning correct, i.e. any IP that starts with 82.80 will be blocked from the Forum?
2. What are the consequences of doing that?
3. I checked and the mischief maker is operating from Israel, or maybe from another country using an IP in Israel.
4. Is there a better way of blocking this guy's scripts?

My security precautions are:

Captcha + security question + maximum number of login attempts allowed are 3

 

[jaran]

here's a little script that can block a load of IPs using an array

$deny=array(
"111.111.111.111",
"222.222.222.*",
"333.333.*.*"
);

if(in_array($_SERVER['REMOTE_ADDR'],$deny)){
header('HTTP/1.1 503 Service Unavailable'); 
echo "<html><head><title>Error</title></head><body><p>Go ahead spammer !.</p></body></html>";
exit;
}

 

[Genesis]

Fantastic, thanks Jaran. I'll use it straight away.

If you check all those comments in the IP Address Lookup link in my OP, quite interesting how some of those who had been targeted by the script had reacted.

I ping flooded, DoS'ed this ip. No more trouble - 2014-10-31
I got some weird crap from 192.114.71.13. I traced it down to Petwah Tikva in Israel. Did an hour PoD attack. - 2014-11-03

 

[jaran]

Yes Genesis. Glad to hear its works for you. The script will be block IP permanently at above but here another a PHP function which can block unwanted requests to reduce your Website-Traffic. It should block God for Spiders, Bots and annoying Clients. The script is including countdown timer who wants to make annoying http request. And please read the guideline how to use it into antiflood.php instead.

1. Make a folder called with name is "requestBlocker" and set the folder to 777 via CHMOD. ( you can change this folder name what as you want with editing antiflood.php script)

2. Usage the function.

@include 'antiflood.php';
if ($t = requestBlocker()) {
        echo 'dont pass here!<br>';
        echo $t[0];
} else {
        echo "go on!";
}

 

[ogah]

you can banning from htaccess

order allow,deny
deny from 82.80.
deny from 192.114.
allow from all

 

[Genesis]

you can banning from htaccess

order allow,deny
deny from 82.80.
deny from 192.114.
allow from all

This is the simplest for me so far. Think I'm going to do this one thanks Ogah. Just a question, shouldn't one include wild cards or are they automatically assumed?

 

[ogah]

just try ban your own IP Genesis and you will see it work or not
or you can use like this format
deny from 192.114.71.0/24

---

here's a little script that can block a load of IPs using an array

$deny=array(
"111.111.111.111",
"222.222.222.*",
"333.333.*.*"
);

if(in_array($_SERVER['REMOTE_ADDR'],$deny)){
header('HTTP/1.1 503 Service Unavailable'); 
echo "<html><head><title>Error</title></head><body><p>Go ahead spammer !.</p></body></html>";
exit;
}

is this possible to filter using in_array() with wild card in array?

 

[jaran]

@ogah,
I think wild card is only can be block with http referer or block via Cross Domain only if your hosting doesnt support htaccess. Until now Im still find the article how about blocking http request via cross domain likes google did.

$ref = $_SERVER['HTTP_REFERER'];
$refData = parse_url($ref);
if($refData == 'your-domain(dot)com'){
echo 'True';
}else{
echo 'False';
}

 

[ogah]

i mean we can not use in_array to passing the filter, because in_array only search match value. so 222.222.222.xxx (xxx is any number) will not match with 222.222.222.*
i make a litle modification of your script

$deny=array(
"111.111.111.111",
"222.222.222.",
"333.333."
);
foreach($deny as $banned) { 
    if(strstr($_SERVER['REMOTE_ADDR'], $banned)) {
            header('HTTP/1.1 503 Service Unavailable'); 
            header('Status: 503 Service Unavailable'); 
            echo "<html><head><title>Service Unavailable</title></head><body>Service Unavailable</body></html>"; 
            exit; 
    } 
}

but with this scrip will banning IPs *.333.333.* and 333.333.*.*

 

[jaran]

@ogah,
Sorry for missunderstanding. Thanks to fix that script.