I need an IP Banning script (no mysql) with a UI

DoomyCheese

I'm currently setting up a personal website, and to protect against spamming I want to integrate an IP banning script. I have a contact form which is easily spammed from so I've made sure it includes the IP of the sender incase it's abused. I know a little PHP, but not enough to make what I want.

I have an administration area protected by .htaccess where I would like to keep a simple form for adding/removing IP's to preferably a text file. In the end I want a user on a banned IP address to be redirected here. Even better if I can insert the form into my site template.

Is anyone able to help me with this? Thanks a million in advance 🙂

peytonrm

First off, IPs can change and are not terribly difficult to spoof, so using them to blacklist people is not especially secure.

If you still want to do it though you can get people's ip's using $_SERVER['REMOTE_ADDR'] . You can then use file_put_contents to put ip's in a text file.

DoomyCheese

I understand that it's not foolproof, but it is better than nothing. At the moment I've implemented the following code into my contact page as a temporary fix

<?php
$banned = array("70.248.51.77", "75.156.110.47");
if (in_array($_SERVER['REMOTE_ADDR'], $banned)) {
header( 'Location: banned.html' ) ;
exit;
}
?>

It works well, but I would really like an easier way of adding/removing IP's. A form would be terrific.

Jack_McSlay

banning code:

$f = fopen ('banned.txt','a');
fwrite ($bannedIp."\n",$f);
fclose ($f);

banned ip lookupcode:

$banned = file ('banned.txt');
if (in_array($_SERVER['REMOTE_ADDR']."\n", $banned)) {
   header( 'Location: banned.html' ) ;
   exit;
}

but yes, it's not a very effective way of stopping spammers, it's not very hard to change one self's IP.

you might consider other methods, such as preventing anyone from using the contact more than once every 30 minutes or so.

homer09001

why dont you add a simple text box that the user has to put a specific string, e.g. a captcha or a simple maths equation like 5+3 then check that its correct before executing the rest of the script?

djheru

It would be much easier to make your email form secure.