Using 2 DBs for access prohibition

General PHP Help
#1

per the title, would it be a wise move for me to store all the IP addresses I want to allow to access my pages in one database and all the blocked ones in another database? i’m not 100% full on with MYSQL primary top-level versions of the solution so I’m not sure if this is wise or if it is overkill. I’m simply looking to do this:

if (ip address found in block of IPs in database table) {
   block access to the page }
else { allow access to the page }

I would like to restrict access to only IP addresses that show up without server-content headers in them. for instance, I want to block this: jobqueue-listener.jobqueue.netcraft.com-udd4b1482ac3811ebb4359310838d6ab1u-digitalocean-2gb

and I want to allow this: 20.52.17.78, and every other ip address that comes through normally, along with all google-oriented spiders.

what’s the best way to accomplish? thanks for assistance. any is welcome.

#2

I guess another way to put this is…

can I use the function ip2long to allow a list of ip addresses that appear normally? as in, can i specify lowest ip possible to highest ip possible and get rid of ips that have server header content embedded in their identification strings?

#3

There’s no point doing a whitelist and a blacklist; using one negates the need for the other.

Do you want to govern who can access your site? Use a whitelist. Anyone not in the whitelist won’t have access, no need for a blacklist.

Do you want to keep your site open, but block actors as you find them? Use a blacklist. Anyone not on the blacklist will have access, no need for a whitelist.

Regarding blocking users; are you just detecting IP addresses, or hostnames as well?

1 Like
#4

well, i’m pretty sure that this code from PHP…

gethostbyaddr($_SERVER['REMOTE_ADDR']);

…includes ip addresses as well as host names. is that correct? is looks to me like the detection returns server header information too. is that correct? that is the code I am using.

#5

the other thing you should know is that I’m attempting to block automated page renders. this site does not have any log in or anything. there are no “users”, so to speak. just saying…

#6

$_SERVER[‘REMOTE_ADDR’] will sometimes return more than one IP address. It is determined by how the remote server is set up and if there are redirects and other things. Therefore, you have to strip out the first IP before you can send it to gethostbyaddr() function. Also, in the php.net manual there are other ways to use this function call. Not sure if that is what you are asking about. It does attempt to return the host name of the remote ip address fed into it.

#7

ernie,

I have never seen that happen. most of the time, for automated page hits, it returns stuff like this:

92.118.160.57.netsystemsresearch.com

that is the kind of crap I want to block. can you tell me what is going on about the server that causes it to list the ip address AND ‘‘A’’ domain of somekind, even if the domain is not associated with the company that is doing it? thanks

#8

Well, that is simple. The IP you see in that one is a SUB-DOMAIN of the real DOMAIN.
Program wise, you can create a million sub-domains if you own the server and just make up ip’s to name as the domain name. So, in your example, the 92.118.160.57 is just like ernie.ernie. com. Meaning ernie would be a sub-domain of ernie. com… AND, since you can use a simple htaccess rewrite, everything that comes in as SOMETHING.SOMEDOMAIN. com can be rerouted to SOMEDOMAIN. com/somefolder/someApp… So, what you have is NOT a true domain name nor IP address. To get the real ip address, you would have to do a reverse search for netsystemresearch. com and get their real IP address.

This type of addressing is how hackers fake websites into thinking it is a valid IP address when it is not! If your blocking system is up to par, it would just use the last part and remove all the first parts. Only the netsystemsresearch. com is valid. Your blocking system can save domain names along with IP’s. But, of course the domain name can be faked. That is why there is other $_SERVER[] values that might work better.

#9

this is EXACTLY what I’m talking about ernie. real visits seems to come from ip addresses alone, and fake/scammers/criminals/hackers’ addresses seem to come in the form of “ip-address.domain or sub here/.com[or .whatever here]”

see what I mean? I want to block all the illegit stuff. I only want to keep ip addresses that come in the form of IPv4 blocks, separated by periods of course. is that understandable what I want now?

#10

Just check the size of the IP string. Max would be 999.999.999.999. In other words length of 15.
If over that mark it as bad. Like this…
$ip = “9.9.9.9.somehost.domain. com”;
If (strlen($ip)>15) {
echo “bad!”;
} else {
echo “good!”;
}
Simple check, but, might work.

#11

By the way, here is a routine that I have used and that is common in programming sites for getting the real IP of the user. This might help!

function getUserIpAddr(){
if(!empty($_SERVER[‘HTTP_CLIENT_IP’])){
//ip from share internet
$ip = $_SERVER[‘HTTP_CLIENT_IP’];
}elseif(!empty($_SERVER[‘HTTP_X_FORWARDED_FOR’])){
//ip pass from proxy
$ip = $_SERVER[‘HTTP_X_FORWARDED_FOR’];
}else{
$ip = $_SERVER[‘REMOTE_ADDR’];
}
return $ip;
}

echo 'User Real IP - '.getUserIpAddr();

#12

thanks ernie. i will get back to you on this. yes, checking the length is easy, obviously.

Sponsor our Newsletter | Privacy Policy | Terms of Service