I added a new feature today, building on the access violation system that i previously built into the application.
now, for every 10 access violations per unique ip address, an ip is banned. access violation history is recorded on a per instance basis, and the count feature of mysql is used to sort the count of each violation per ip address.
access_denied.phprequire_once("models/config.php");
$account = $loggedInUser->display_username;
$uagent = mysql_real_escape_string(getuseragent()); //get user agent
$ip = mysql_real_escape_string(getIP()); //get user ip
if(isUserLoggedIn) {
if ($account != null) {
$account = mysql_real_escape_string($loggedInUser->display_username);
}
else {
$account = mysql_real_escape_string("Guest/Not Logged In");
}
}
$date = mysql_real_escape_string(gettime());
$sql = @mysql_query("INSERT INTO access_violations (username, ip, user_agent, time) VALUES ('$account', '$ip', '$uagent', '$date');");
$getcountip = mysql_query("SELECT ip,COUNT(*) as count FROM access_violations GROUP BY ip ORDER BY count DESC;");
while($row = mysql_fetch_assoc($getcountip)) {
if($row['count'] > 10) {
$factors = $row['ip'];
$sql2 = mysql_query("SELECT ip FROM bantables_ip WHERE ip = '$factors';");
$number_of_rows = mysql_num_rows($sql2);
if ($number_of_rows > 0) {
/*--Do nothing--*/
}else {
$date2 = mysql_real_escape_string(gettime());
$ip_address = mysql_real_escape_string($row['ip']);
$sqlxz = mysql_query("INSERT INTO bantables_ip (ip, date) VALUES ( '$ip_address', '$date2');");
}
}
}
echo "";
echo '';
?>
when an ip address has more than 10 violations, the application checks the database table if a record exists in the bantable for the ip. if it does, nothing is done. if it does not exist, the ip is added.
a function, isIPbanned(), checks to see if a visitor is in the ban table. if he is, he is greeted with a message that his ip address is banned. if he is not banned, he is greeted with the normal index page.
function isIPbanned()function isIPbanned() {
$ipvars = mysql_real_escape_string(getIP());
$sqlxyzr = mysql_query("SELECT * FROM bantables_ip WHERE `ip`='$ipvars'");
if (mysql_num_rows($sqlxyzr) > 0) {
return true;
}else{
return false;
}
}
?>
that sounds great r3wt, but what about forged ip address in http headers? great question.
functiong getIP()--this makes it difficult to cloak or forge the ip address.
function getIP()
{
foreach (array(
'HTTP_CLIENT_IP',
'HTTP_X_FORWARDED_FOR',
'HTTP_X_FORWARDED',
'HTTP_X_CLUSTER_CLIENT_IP',
'HTTP_FORWARDED_FOR',
'HTTP_FORWARDED',
'REMOTE_ADDR'
) as $key) {
if (array_key_exists($key, $_SERVER) === true) {
foreach (array_map('trim', explode(',', $_SERVER[$key])) as $ip) {
if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) !== false) {
return $ip;
}
}
}
}
}
?>
