This tiny article was born after one incident for my web site, which was hacked by a turkey group, so I can't access /read my web site, so I did some coding to redirect the page when the particular IP was detected by PHP code, ok let’s start with general hacking information...


Dealing with hack attempts, evil web bots, and worms has been an ongoing headache.

Most of these problems come from dynamic IP addresses, so simply blocking the offender is only a temporary solution, and we may use to Examining logs and putting blocks in place is time consuming. Remembering to remove blocks on dynamic IP addresses is also a problem.


So we can block particular IP/ranges, even the proxy IP through the following simple code


By : sujithfem

<?php
$ip_proxy=$_SERVER ["HTTP_X_FORWARDED_FOR"];

?>
The above line refers the predefined variable in PHP $_SERVER is an array containing information such as headers, paths, and script locations. The entries in this array are created by the web server.



The $_SERVER ['HTTP_X_FORWARDED_FOR'] header giving the IP address of the connection that it proxies, so we use to separate the IP and it's proxy address by using explode function., also we can get the IP address by using $_SERVER['REMOTE_ADDR'] but which is not worth full in web site hosted by sub domain.


I hope you all know about explode function that is Split a string by string

<?php

$tnt=explode (',',$ip_proxy);

$ip=explode ('.',$tnt[0]);

$proxy=explode ('.',$tnt[1]);

?>

next thing is we should block all IP address which are in the text file, so we should enter the IP addresses which are to be blocked , here I have specified some turkey IP address in the text file which doesn’t have full structure of IP address format ,only I took three digit ,you can change code for checking full format of IP address !.

<?php

$filename="input.txt";//text file

$lines = array (); //set as array

$file = fopen ($filename, "r"); //Open the file for reading only

while (! feof ($file)) { //read file line by line into a new array element

$lines [] = fgets ($file, 4096); //Gets line from file pointer

}

$x = count ($lines);

for ($y = 0; $y < $x; $y++) {

if((trim($lines[$y])==$ip[0])||(trim($lines[$y])==$proxy[1]))//check the IP/proxy address
{ echo 'Banned';//if IP match the listed IP means ,you can redirect/do some function here .

}

else { echo 'welcome'; }

}

?>

I hope above simple code is useful and learn something about IP blocking, Happy Blocking!!

"


Click to Download File

DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

More Search Code Articles
More By Codewalkers

 

developerWorks - FREE Tools!

NEW! Best practices for software analysis: An introduction to the IBM Rational Software Analyzer application This whitepaper presents the benefits of successfully introducing static analysis into your organization using IBM Rational Software Analyzer. Additionally, it identifies some common pitfalls that can hinder the effective use of static analysis tooling as well as presents 10 simple strategies designed to help you quickly realize the value of static analysis using Rational Software Analyzer. FREE! Go There Now!

NEW! Successful Change and Release Management for .NET Join this webcast to discover the key requirements for successful change and release management. Learn how to extend your .NET environment to improve productivity and collaboration, and address core problems afflicting team development. In this webcast, we’ll review typical challenges faced by customers and how to resolve them with the IBM Rational Change and Release Management solution, including Rational ClearCase, Rational ClearQuest and Rational Build Forge. Replay is available for 9 months. FREE! Go There Now!

NEW! Achieving True Agility -- How process can change the behavior of your tools Achieving true agility is a never-ending effort. We will showcase how you can become agile incrementally, a few practices at the time.Which practices should any agile team strive to adopt? What additional practices should you consider based on your needs to scale? Adopting practices are however made much easier with the right tool support. What about if your tools adapt to your practices? We will take a look at how the Jazz technology can be leveraged to make your process change the behavior of your tools. FREE! Go There Now!

NEW! Download IBM WebSphere Portal V6.1 beta code Download the IBM WebSphere Portal V6.1 beta code and learn more about the rich features and enhancements in IBM WebSphere Portal V6.1. WebSphere Portal provides a composite application or business mashup framework and the advanced tooling needed to build flexible, SOA-based solutions, and scalability to meet the needs of any size organization. FREE! Go There Now!

Role of Integrated Requirements Management in Software Delivery As organizations integrate software into every aspect of business, they are constantly pressured to deliver faster, better, and cheaper results. Unfortunately, a “dis-integrated” software delivery approach reduces returns while increasing costs. This IBM Rational White Paper shows how Integrated Requirements Management aligns organizations around maximizing value and keeping pace with change. FREE! Go There Now!

NEW! IBM Rational AppScan Standard Edition V7.7 Secure your Web applications with IBM Rational AppScan Standard Edition V7.7, previously known as Watchfire AppScan. This Web application security testing tool automates vulnerability assessments and scans and tests for common Web application vulnerabilities. Visit IBM developerWorks to download a free trial of IBM Rational AppScan Standard Edition V7.7. FREE! Go There Now!

NEW! Webcast: Striking the right balance between manual and automated testing Join this webcast to learn how IBM Rational's Functional Testing solution enables you to implement automation your way, at your pace, with your existing staff. In this webcast, you’ll learn how you can eliminate redundancy of manual test scripts, reduce errors, and increase test coverage through test automation. After this presentation you will understand how IBM Rational Functional Testing solution can streamline your manual testing and make test automation easily attainable. FREE! Go There Now!

NEW! Webcast: Extreme transaction processing with WebSphere Extended Deployment In this webcast, you'll get an introduction to the eXtreme Transaction Processing (XTP) features of WebSphere Extended Deployment and the common architectural traits required by XTP applications. See how WebSphere Extended Deployment's ObjectGrid feature provides a state-of-the-art infrastructure for hosting XTP applications. FREE! Go There Now!

NEW! The dirty dozen: preventing common application-level hack attacks As organizations have grown increasingly dependent on online software, the risk of malicious attacks has also become far more serious. Fortunately, well-governed organizations can protect their Web applications by injecting vulnerability assessments and ethical hacks into their software development and delivery processes. This paper describes 12 of the most common hacker attacks and provides basic rules that you can follow to help create more hack-resistant Web applications. FREE! Go There Now!

NEW! Rational Talks to You: Manage RUP-based CMMI initiatives Join this Rational Talks to You teleconference on December 4 at 1:00 pm ET to discuss how Rational Method Composer can help meet your compliance objectives. Get your questions answered! FREE! Go There Now!

All FREE IBM® developerWorks Tools!