View Full Version : Banning an IP Address
05-25-2005, 04:57 AM
I am webmistressing my mother's site. According to her stats, she has had a lot of activity by an individual that has been sending her hate mail. She knows it is the same person because the email and the stat have the same IP address. Is there some script that she can put on her page to disallow this person from accessing her site, at least from his home computer?
She also puts out a newsletter that she only wants to be exclusive to her subscribers. Is there any help there for her?
Any suggestions, scripts, etc. would be appreciated... Keep it simple though... we are not rocket scientists.
05-25-2005, 11:23 AM
Is there some script that she can put on her page to disallow this person from accessing her site, at least from his home computer?No, but you can configure the server to reject requests from certain IP addresses, or IP ranges. How you do it depends on the server software (it's quite easy with Apache), but it might be necessary for the server administrator to do it.
That said, there's probably a better solution: having this person's service terminated. As you know the IP address, you can query the provider using the WHOIS database of a regional registry like ARIN (http://www.arin.net/) or RIPE (http://www.ripe.net/). These registries maintain IP address ranges, so they know what company controls a particular address. Once you know that, you can contact the company and explain what's going on. The service provider will want evidence of any wrongdoing by one of their customers, so you should keep a hold of server logs and e-mails.
There are two potential problems, though.
This person may, if they're sensible, be using an anonymising proxy server; essentially, requests are sent through a machine that disguises the origin of the transmission making it difficult to track. If this is the case, the WHOIS search won't really turn up anything useful.
Some service providers don't monitor their abuse mailboxes, or may not provide a contact address at all. However, you sometimes find that a provider may have been leased their IP range from a larger company. If the provider doesn't respond, try the provider of the provider, and so on, until you get something. Be sure to wait a few days though, before going over someone's head.
She also puts out a newsletter that she only wants to be exclusive to her subscribers. Is there any help there for her?There are many mailing list services that you can find on the Web. Some will need you to install your own set of scripts. Others will be remotely hosted, and will take care of the details for you. Look around the Web - you're bound to find something.
05-26-2005, 07:53 AM
Dear Mike, I appreciate your imput. My mother has a double opt in ezine and is considering just naming the issues individually and in no logical manner to prevent unauthorized snooping..... and that's what We'll call it (no one on her opt in list would send them the proper link). The Hate Mailer in question has suggested that "he wished she were dead, act accordingly" and also has a website up that is her major competition. He and his "partner" have crawled around her site too often to be just curious... possibly looking for some indication that she has dragged their name through the mud, with results to the contrary. To be fair, we don't want them to lose their ISP, we just don't feel it is right that they should be plodding around her site with no good intention, running up her bandwidth.... etc.... and she has been banned from the only forum where she could have had equal footing because the administrator there (a friend of Hate Mailer) has suspended her account....
I know that this is more than enough info for you... How again do you get an administrator to disallow an IP?
Is this a request that has to be made to an admin?
I have been on a few sites that have sent me to a page that said that because my IP was from Canada that I was not allowed to view the page. How do these work?
Thanks again for your help.
05-26-2005, 02:44 PM
To be fair, we don't want them to lose their ISPWell, that's your decision. However, you do have good grounds for it, and I'm sure the service provider that 'Hate Mailer' uses won't stand for that kind of abuse.
How again do you get an administrator to disallow an IP?
Is this a request that has to be made to an admin?Yes. You'll need to contact the customer services or technical support department of the host that you use for your website. I see no reason why they wouldn't help you as it should take very little time and effort to effect the ban, particularly if you just talk in terms of your site, and not the service in general (they might not want to go as far as a server-wide ban).
I have been on a few sites that have sent me to a page that said that because my IP was from Canada that I was not allowed to view the page. How do these work?Most ISPs are regional, so the IP ranges they own can be considered limited to a particular country. It should be quite simple to get a list of all of the ranges that serve Canadians and filter them, just by finding the names of Canadian ISPs and performing WHOIS searches.
Thanks again for your help.You're welcome.
If you have the IP of someone who's sending your mother hate mail, the smart thing to do would be to do a reverse DNS lookup on it and inform his/her ISP of the problem. It tends to be against their usage agreement.
As for the subscriber bit, you want to implement a login system. This should be posted under a different thread in the PHP or possibly ASP forums.
12-30-2005, 09:21 AM
may be beating a dead horse here, but abuse like that NEEDS to be solved, like Twey and Mike said above.
In the mean time, if you are truly worried about it you can do the following:
in your root folder (on the server, usually called htdocs or root) make an html page that says "You have been banned from the site" Or something else (depending on how mean you want to appear, LOL) Save this as banned.html in that htdocs folder.
Back out of the htdocs folder, so that you are on the same level as htdocs. (meaning you would have to double click the htdocs(root) folder to see the files inside it.
If you do not have a file named".htaccess" here you need to make one. To make one, open notepad (assuming Windows computer here) save the BLANK page as .htaccess (do NOT forget the period at the front). Once that is done upload it to the server (should be BELOW the htdocs folder here)
Now you will need to edit the .htaccess file. First double check that it is NOT appearing as .htaccess.txt if it is, then rename and just delete the ".txt" portion. After that is done, add this to the .htaccess:
ErrorDocument 403 /banned.html
deny from 220.127.116.11
deny from abusersite.com
Obviously you would change the "18.104.22.168" to the abuser's IP and "abusersite.com" to his website. IF you do not want to block links FROM his site just delete the whole last line.
You may also like more information on the whole blocking/allowing by .htaccess thing. Just go HERE (http://httpd.apache.org/docs/2.0/howto/auth.html) and check near the bottom of the page.
Good Luck! :cool:
Whoops... I didn't see Mike's post when I posted the above.
12-30-2005, 03:06 PM
Whoops... I didn't see Mike's post when I posted the above.It also seems that both of you failed to notice that this thread is about five months old. :p
Um? I'd swear I clicked the "New Posts" link...
There's only one explanation.
12-30-2005, 06:04 PM
Um? I swear I clicked the "New Posts" link...
There's only one explanation.
*makes eerie x-files noises*
02-17-2006, 08:10 PM
Install Firewall on your machine and restrict all the connections to the Internet (except for the anonymous proxy server) from a browser. It's also recommended to use port mapping for this free anonymous proxy server and define the browser's proxy as 127.0.0.1 with the local port from port mapping.
Use socksification in your browser. This will enable relaying all the information your browser or any other software sends and transfers to the proxy server.
3º- THE Best Method
You need to set up LAN, local IP addresses (192.168.1.x or alike). A corporate proxy server should forwards ALL requests to a free anonymous proxy server (you need to have skills and rights of a system administrator in order to do that). It's impossible to connect to the Internet bypassing a corporate proxy, as long as external IP address is not assigned to local machines. It's also impossible to scan local machine's settings: even if Java/ActiveX applets detects and gives out your local IP address (192.168.1.x) to the web server, your anonymity will remain unbroken. So, basically, you can rate this option as 100% anonymity.
Yes, we know this isn't foolproof, and I'm sure I mentioned it when suggesting this solution.
even if Java/ActiveX applets detects and gives out your local IP address (192.168.1.x) to the web server, your anonymity will remain unbroken.
So, basically, you can rate this option as 100% anonymity.Rubbish. If you give said Java applets or Flash movies permission to access the network, they can trace a route back to the host, thus finding your location.
This thread is ancient and solved; why did you resurrect it? Again?
02-17-2006, 08:26 PM
I have understood that when i use a LAN behind wingate / proxy they only would find local ip (192.168.1.x) not the real ip because when the local machine's settings is scaned by script , java applets can detect only the local IP address (192.168.1.x) , not the real ip.
i have read it in proxyblind and many people said to me it and some of them use this methods to stay anonymous
If you don't believe me, try this:
1) Open up a terminal, command prompt, or whatever your OS likes to call it.
2) Type "tracert google.com" or "traceroute google.com". It will detail all the hosts between yourself and google.com.
3) Imagine that was a Java applet.
02-18-2006, 07:11 PM
Thanks Twey for you info i gonna try it and i will tell it to proxyblind members.
03-16-2006, 08:44 AM
Hi , this is my last message for this thread ,A member of proxyblind say that neither Trace-route nor scripts (no java applets ...) don't work if you use (or hack) a remote deskopt , websites detect only the ip from the remote deskopt because you are surfing from the remote deskopt and not from your original deskopt.
pd:buying an internet card and your IP will be changed when you go to the Internet? use a WI-FI? i don't know.
Greetings to all
03-16-2006, 08:45 AM
About firewalls or sockscap , traceroutes and scripts work, its clear.
A member of proxyblind say that neither Trace-route nor scripts (no java applets ...) don't work if you use (or hack) a remote deskopt , websites detect only the ip from the remote deskopt because you are surfing from the remote deskopt and not from your original deskopt.This is true.
pd:buying an internet card and your IP will be changed when you go to the Internet? use a WI-FI? i don't know.No, the IP address will stay the same; IP addresses identify connections, not devices. The MAC address will change; this is a physical address associated with the network card.
This doesn't actually matter all that much, anyway, as your IP address is hardly classified information; it shouldn't really be crackable anyway. Keep your OS up-to-date, make sure you're not running any insecure services, and make sure you haven't been infected with anything nasty, and you should be safe.
Powered by vBulletin® Version 4.2.1 Copyright © 2014 vBulletin Solutions, Inc. All rights reserved.