question for master PHP expert

bookbuyer2000

I know how to "wing" this one myself... but I've always been amazed when a PHP master shows me a better way. Here's my question, please.

On my php/mysql query page, a normal query is less than 1000 characters. Anything over that, visitor receives a warning message:

if (isset($input{1001})) {
print 'Sorry, too many characters entered. Please go back and try again.';
exit;
}

Generally, a "good" visitor will adjust their form input length, and try again. HOWEVER, I've found that spammers keep trying... and trying... and trying. The next day, I ban the spammers IP address in my .htaccess file.

Here's my question 🙂

Is there a way for PHP to automatically ban those IP addresses?

Caveat: I'm afraid to have php code automatically modify my .htaccess file. I would be happy to have php add a line of code to the top my page:

$ban_array = (
'333.333.XXX.XXX',
'222.222.XXX.XXX',
'etc.'
);

if(in_array($REMOTE_ADDR,$ban_array)) {
print 'FORBIDDEN';
exit;
}

So, that's my question.

The idea I had was to have PHP "fwrite" the bad IP's to a file, and then have my main PHP page start with an include() file of those bad IPs.... but number one, I don't know the right way to do that, and, number two, I don't know if that's the best way, anyway!

Any help would be GREATLY appreciated.

Thank you!! 🙂

halojoy

This is of course possible.

But you would have to put that code into each page, that you want protect.

Or better
include( 'ban_test.php' );

Another smooth and smart solution is the setting option in php.ini

auto_prepend_file string

Specifies the name of a file that is automatically parsed before the main file. The file is included as if it was called with the require() function, so include_path is used.

The special value 'none' disables auto-prepending. [/QUOTE]

Horizon88

You could also automatically insert spammer IP's into a database or flat-file, then have a cron job run every few minutes to update the .htaccess ban-list from that file, or to have an include that checks the list for bans with PHP. I personally kind of like the idea of the log with cron checks, since you don't want a script the visitors can access actively modifying your .htaccess.