IP Banning issues
Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=12385
Printed Date: 12 April 2026 at 4:03am
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com
Topic: IP Banning issues
Posted By: jonahex2099
Subject: IP Banning issues
Date Posted: 31 October 2004 at 12:26pm
|
I have banned an IP in my list yet the individual behind this IP address has not only came back *3* times, (with different email addresses) but been allowed to post AFTER creating the accounts under the same IP. Is there something I'm doing wrong or does this functionality not really work? ------------- My Forums: http://www.drumrock.com/forum - http://www.drumrock.com/forum |
Replies:
Posted By: WebWiz-Bruce
Date Posted: 01 November 2004 at 4:04am
|
It does work, but banning by IP address isn't 100% reliable as things
like IP masking, proxy servers, etc. can hide the real IP address of a
user. Also make sure the IP addresses is entered exactly, placing spaces, *, or other characters in the address may prevent it working correctly. A (*) can be placed at the end, if not using the full IP address for a wild card eg:- 111.111.111.111 could be done as:- 111.111.111.* This would then ban all users in the range:- 111.111.111.0 through to 111.111.111.255 ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: jonahex2099
Date Posted: 09 November 2004 at 11:23am
|
Thanks boRg! The odd thing is that I have explicity defined a single users IP address, twice now (two different users) and they've simply come back in with different email address and successfully created new accounts AND posted, with the blocked IP address showing in the post!!! I caught them because I keep a list of banned IP's taped to the monitor by the web server and by their posting methodolgy. [:)] I've since went a step further and blocked them at the firewall and IIS level which has the side effect of keeping them off the main site as well. (In the case of the individuals in question, it's no big loss). Thanks for the reply! ------------- My Forums: http://www.drumrock.com/forum - http://www.drumrock.com/forum |
-boRg- wrote:Posted By: WebWiz-Bruce
Date Posted: 09 November 2004 at 12:29pm
|
Starnge, could be a corrupted file, or a space or some other slight
variation may course the address to somehow not match up when the check
is made.
------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: Ice Man
Date Posted: 06 December 2004 at 10:26pm
| I am using version 7.8 (access version) and have been unsuccessful with the IP banning function of the forum. We've tried just about everything. Email activation is off and just have a few mods, nothing too extensive. |
Posted By: WebWiz-Bruce
Date Posted: 07 December 2004 at 4:09am
|
IP masking is nver going to be 100% acurate as IP masking is very
simple, even just changing to a different proxy server will hide a
users IP.
------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: Ice Man
Date Posted: 17 January 2005 at 1:01am
|
I found the problem. Its in \functions\functions_common.asp
Private Function bannedIP()
'Declare variables
Dim rsIPAddr Dim strCheckIPAddress Dim strUserIPAddress Dim blnIPMatched 'Intilise variable
blnIPMatched = False 'Get the users IP
strUserIPAddress = getIP() 'Intialise the ADO recordset object Set rsIPAddr = Server.CreateObject("ADODB.Recordset") 'Get any banned IP address from the database
'Initalise the strSQL variable with an SQL statement to query the database to count the number of topics in the forums
If strDatabaseType = "SQLServer" Then strSQL = "EXECUTE " & strDbProc & "BannedIPs" Else strSQL = "SELECT " & strDbTable & "BanList.IP FROM " & strDbTable & "BanList
WHERE " & strDbTable & "BanList.IP Is Not Null;"
End If
'Query the database
rsIPAddr.Open strSQL, adoCon 'Loop through the IP address and check 'em out
Do while NOT rsIPAddr.EOF 'Get the IP address to check from the recordset
strCheckIPAddress = rsIPAddr("IP") 'See if we need to check the IP range or just one IP address 'If the last character is a * then this is a wildcard range to be checked If Right(strCheckIPAddress, 1) = "*" Then 'Remove the wildcard charcter form the IP
strCheckIPAddress = Replace(strCheckIPAddress, "*", "", 1, -1, 1) 'Trim the users IP to the same length as the IP range to check
strUserIPAddress = Mid(strUserIPAddress, 1, Len(strCheckIPAddress)) 'See if whats left of the IP matches
If strCheckIPAddress = strUserIPAddress Then blnIPMatched = True 'Else check the IP address metches
Else 'Else check to see if the IP address match If strCheckIPAddress = strUserIPAddress Then blnIPMatched = True End If
'Move to the next record
rsIPAddr.MoveNext Loop 'Clean up
rsIPAddr.Close Set rsIPAddr = Nothing 'Return the function
bannedIP = blnIPMatched End Function Prior to the loop is when the users IP address is obtained. Within the loop, if the users IP is going to be compared to an IP that has an * in it, the users IP (strUserIPAddress) is trimmed to match the length of the banned IP minus the *. In the loop the users IP is not restored to its proper length, so it remains trimmed as it is compared to the rest of the banned IPs.
One solution would be to add the line strUserIPAddress = getIP() after the lines:
'See if whats left of the IP matches
If strCheckIPAddress = strUserIPAddress Then blnIPMatched = True We've tested this out and IP banning is now working excellent for us.
 |
Posted By: paulhg
Date Posted: 21 January 2005 at 7:26pm
|
Excellent, this worked for me! I had this one individual registering
multiple times and posting lots of spam with the same ip address .
Using http://www.arin.net/ - http://www.arin.net/ told me Sprint in Ghana is providing this particular ip address.
Is there anything else we can do with these pathetic individuals?
Any other tools other there? Nothing would make me feel better than a
little revenge...
<-- edit -----> IP Address removed by Moderator <-- edit -----> |
Posted By: sfd19
Date Posted: 22 January 2005 at 9:33am
|
You can also change these lines:
'Trim the users IP to the same length as the IP range to check
strUserIPAddress = Mid(strUserIPAddress, 1, Len(strCheckIPAddress)) 'See if whats left of the IP matches
If strCheckIPAddress = strUserIPAddress Then blnIPMatched = True to:
If strCheckIPAddress = Mid(strUserIPAddress, 1, Len(strCheckIPAddress)) Then blnIPMatched = True
then you do not have to call the getIP() function each time.
Also, changing
Do while NOT rsIPAddr.EOF
to
Do while NOT rsIPAddr.EOF AND blnIPMatched = False
will exit the loop as soon as the IP matches a banned one. ------------- Politics, economy & social issues: http://www.studentsfordemocracy.net - StudentsforDemocracy.net |
Posted By: jonahex2099
Date Posted: 25 January 2005 at 1:35pm
|
I've taken to blocking them at the website level AND at the firewall. Little more work, AND it keeps them from accessing our main site, but at least they're not causing me forum problems anymore. I'll try the fix above tho.... ------------- My Forums: http://www.drumrock.com/forum - http://www.drumrock.com/forum |
Posted By: arthurk
Date Posted: 15 February 2005 at 2:23pm
|
well theres an easier way
make a global.asa file like below in your web root
use the code below
edit Sub Session_OnStart()
put the ip addy(s) in place of the ones shown
redirect him to where you want him to go
remove the rest of the gubbins you dont want or leave it as is :P
|