PDA

View Full Version : Banning an IP Address



magicmystery
05-25-2005, 04:57 AM
I am webmistressing my mother's site. According to her stats, she has had a lot of activity by an individual that has been sending her hate mail. She knows it is the same person because the email and the stat have the same IP address. Is there some script that she can put on her page to disallow this person from accessing her site, at least from his home computer?

She also puts out a newsletter that she only wants to be exclusive to her subscribers. Is there any help there for her?

Any suggestions, scripts, etc. would be appreciated... Keep it simple though... we are not rocket scientists.

Thanks, Sherry

mwinter
05-25-2005, 11:23 AM
Is there some script that she can put on her page to disallow this person from accessing her site, at least from his home computer?No, but you can configure the server to reject requests from certain IP addresses, or IP ranges. How you do it depends on the server software (it's quite easy with Apache), but it might be necessary for the server administrator to do it.

That said, there's probably a better solution: having this person's service terminated. As you know the IP address, you can query the provider using the WHOIS database of a regional registry like ARIN (http://www.arin.net/) or RIPE (http://www.ripe.net/). These registries maintain IP address ranges, so they know what company controls a particular address. Once you know that, you can contact the company and explain what's going on. The service provider will want evidence of any wrongdoing by one of their customers, so you should keep a hold of server logs and e-mails.

There are two potential problems, though.


This person may, if they're sensible, be using an anonymising proxy server; essentially, requests are sent through a machine that disguises the origin of the transmission making it difficult to track. If this is the case, the WHOIS search won't really turn up anything useful.
Some service providers don't monitor their abuse mailboxes, or may not provide a contact address at all. However, you sometimes find that a provider may have been leased their IP range from a larger company. If the provider doesn't respond, try the provider of the provider, and so on, until you get something. Be sure to wait a few days though, before going over someone's head.



She also puts out a newsletter that she only wants to be exclusive to her subscribers. Is there any help there for her?There are many mailing list services that you can find on the Web. Some will need you to install your own set of scripts. Others will be remotely hosted, and will take care of the details for you. Look around the Web - you're bound to find something.

Good luck,
Mike

magicmystery
05-26-2005, 07:53 AM
Dear Mike, I appreciate your imput. My mother has a double opt in ezine and is considering just naming the issues individually and in no logical manner to prevent unauthorized snooping..... and that's what We'll call it (no one on her opt in list would send them the proper link). The Hate Mailer in question has suggested that "he wished she were dead, act accordingly" and also has a website up that is her major competition. He and his "partner" have crawled around her site too often to be just curious... possibly looking for some indication that she has dragged their name through the mud, with results to the contrary. To be fair, we don't want them to lose their ISP, we just don't feel it is right that they should be plodding around her site with no good intention, running up her bandwidth.... etc.... and she has been banned from the only forum where she could have had equal footing because the administrator there (a friend of Hate Mailer) has suspended her account....

I know that this is more than enough info for you... How again do you get an administrator to disallow an IP?
Is this a request that has to be made to an admin?
I have been on a few sites that have sent me to a page that said that because my IP was from Canada that I was not allowed to view the page. How do these work?

Thanks again for your help.

Sherry

mwinter
05-26-2005, 02:44 PM
To be fair, we don't want them to lose their ISPWell, that's your decision. However, you do have good grounds for it, and I'm sure the service provider that 'Hate Mailer' uses won't stand for that kind of abuse.


How again do you get an administrator to disallow an IP?
Is this a request that has to be made to an admin?Yes. You'll need to contact the customer services or technical support department of the host that you use for your website. I see no reason why they wouldn't help you as it should take very little time and effort to effect the ban, particularly if you just talk in terms of your site, and not the service in general (they might not want to go as far as a server-wide ban).


I have been on a few sites that have sent me to a page that said that because my IP was from Canada that I was not allowed to view the page. How do these work?Most ISPs are regional, so the IP ranges they own can be considered limited to a particular country. It should be quite simple to get a list of all of the ranges that serve Canadians and filter them, just by finding the names of Canadian ISPs and performing WHOIS searches.


Thanks again for your help.You're welcome.

Mike

Twey
12-27-2005, 06:44 PM
If you have the IP of someone who's sending your mother hate mail, the smart thing to do would be to do a reverse DNS lookup on it and inform his/her ISP of the problem. It tends to be against their usage agreement.
As for the subscriber bit, you want to implement a login system. This should be posted under a different thread in the PHP or possibly ASP forums.

BLiZZaRD
12-30-2005, 09:21 AM
may be beating a dead horse here, but abuse like that NEEDS to be solved, like Twey and Mike said above.

In the mean time, if you are truly worried about it you can do the following:

in your root folder (on the server, usually called htdocs or root) make an html page that says "You have been banned from the site" Or something else (depending on how mean you want to appear, LOL) Save this as banned.html in that htdocs folder.

Back out of the htdocs folder, so that you are on the same level as htdocs. (meaning you would have to double click the htdocs(root) folder to see the files inside it.

If you do not have a file named".htaccess" here you need to make one. To make one, open notepad (assuming Windows computer here) save the BLANK page as .htaccess (do NOT forget the period at the front). Once that is done upload it to the server (should be BELOW the htdocs folder here)

Now you will need to edit the .htaccess file. First double check that it is NOT appearing as .htaccess.txt if it is, then rename and just delete the ".txt" portion. After that is done, add this to the .htaccess:



ErrorDocument 403 /banned.html
order deny,allow
deny from 192.22.33.44
deny from abusersite.com


Obviously you would change the "192.22.33.44" to the abuser's IP and "abusersite.com" to his website. IF you do not want to block links FROM his site just delete the whole last line.

You may also like more information on the whole blocking/allowing by .htaccess thing. Just go HERE (http://httpd.apache.org/docs/2.0/howto/auth.html) and check near the bottom of the page.

Good Luck! :cool:

Twey
12-30-2005, 12:22 PM
Whoops... I didn't see Mike's post when I posted the above.
Dratted Lynx.

mwinter
12-30-2005, 03:06 PM
Whoops... I didn't see Mike's post when I posted the above.It also seems that both of you failed to notice that this thread is about five months old. :p

Mike

Twey
12-30-2005, 06:02 PM
Um? I'd swear I clicked the "New Posts" link...
There's only one explanation.
TIMEWARP!!!

cr3ative
12-30-2005, 06:04 PM
Um? I swear I clicked the "New Posts" link...
There's only one explanation.
TIMEWARP!!!
*makes eerie x-files noises*

division1
02-17-2006, 08:10 PM
Hi , but there is ways to use proxy to stay anonymous with Java/Javascript/plug-ins/flash...

1-Method

Install Firewall on your machine and restrict all the connections to the Internet (except for the anonymous proxy server) from a browser. It's also recommended to use port mapping for this free anonymous proxy server and define the browser's proxy as 127.0.0.1 with the local port from port mapping.

2-method

Use socksification in your browser. This will enable relaying all the information your browser or any other software sends and transfers to the proxy server.

3- THE Best Method

You need to set up LAN, local IP addresses (192.168.1.x or alike). A corporate proxy server should forwards ALL requests to a free anonymous proxy server (you need to have skills and rights of a system administrator in order to do that). It's impossible to connect to the Internet bypassing a corporate proxy, as long as external IP address is not assigned to local machines. It's also impossible to scan local machine's settings: even if Java/ActiveX applets detects and gives out your local IP address (192.168.1.x) to the web server, your anonymity will remain unbroken. So, basically, you can rate this option as 100% anonymity.

greetings

Twey
02-17-2006, 08:15 PM
Yes, we know this isn't foolproof, and I'm sure I mentioned it when suggesting this solution.

even if Java/ActiveX applets detects and gives out your local IP address (192.168.1.x) to the web server, your anonymity will remain unbroken.
So, basically, you can rate this option as 100% anonymity.Rubbish. If you give said Java applets or Flash movies permission to access the network, they can trace a route back to the host, thus finding your location.
This still has absolutely nothing to do with Javascript.

This thread is ancient and solved; why did you resurrect it? Again?

division1
02-17-2006, 08:26 PM
I have understood that when i use a LAN behind wingate / proxy they only would find local ip (192.168.1.x) not the real ip because when the local machine's settings is scaned by script , java applets can detect only the local IP address (192.168.1.x) , not the real ip.

i have read it in proxyblind and many people said to me it and some of them use this methods to stay anonymous

greetings

Twey
02-17-2006, 08:30 PM
If you don't believe me, try this:
1) Open up a terminal, command prompt, or whatever your OS likes to call it.
2) Type "tracert google.com" or "traceroute google.com". It will detail all the hosts between yourself and google.com.
3) Imagine that was a Java applet.

Capice?

division1
02-18-2006, 07:11 PM
Thanks Twey for you info i gonna try it and i will tell it to proxyblind members.

division1
03-16-2006, 08:44 AM
Hi , this is my last message for this thread ,A member of proxyblind say that neither Trace-route nor scripts (no java applets ...) don't work if you use (or hack) a remote deskopt , websites detect only the ip from the remote deskopt because you are surfing from the remote deskopt and not from your original deskopt.



But probably expert "hackers" "crackers" , "programmers" have several methods to stay anonymous with java/javascript enabled ,i don't know how but probably they can do it. (but it shall be a little complicated)

pd:buying an internet card and your IP will be changed when you go to the Internet? use a WI-FI? i don't know.

Greetings to all

division1
03-16-2006, 08:45 AM
About firewalls or sockscap , traceroutes and scripts work, its clear.

Twey
03-16-2006, 05:32 PM
A member of proxyblind say that neither Trace-route nor scripts (no java applets ...) don't work if you use (or hack) a remote deskopt , websites detect only the ip from the remote deskopt because you are surfing from the remote deskopt and not from your original deskopt.This is true.
pd:buying an internet card and your IP will be changed when you go to the Internet? use a WI-FI? i don't know.No, the IP address will stay the same; IP addresses identify connections, not devices. The MAC address will change; this is a physical address associated with the network card.
But probably expert "hackers" "crackers" , "programmers" have several methods to stay anonymous with java/javascript enabled ,i don't know how but probably they can do it.There are a few, the simplest of which is just to set your Java security settings precisely. Javascript isn't a problem here; it doesn't have the capabilities or permission to do anything as complicated as trace a route. To use a public wifi connection would still allow the applet to find your connection details; however, it wouldn't matter, as that connection wouldn't exist for very long.

This doesn't actually matter all that much, anyway, as your IP address is hardly classified information; it shouldn't really be crackable anyway. Keep your OS up-to-date, make sure you're not running any insecure services, and make sure you haven't been infected with anything nasty, and you should be safe.