My website is a personal website (php/mysql) that I created to share photos of my son with few friends and relatives. I recently added a comment page that one can write comments without a username and a password. I don't intend to put password protection anytime soon. In the beginning, I would get someone putting advertisement links and I solved that with :


<?php
$errors = array();
$required_fields = array('nick_name', 'comment');
foreach($required_fields as $fieldname)
{
if (
!isset($_POST[$fieldname])
|| empty($_POST[$fieldname])
|| strpos($_POST[$fieldname],"?>")
|| strpos($_POST[$fieldname],"://")
|| strpos($_POST[$fieldname],"script>")
)
{
$errors[] = $fieldname;
}
}

if (!empty($errors)) {
redirect_to("comments.php");
}
?>
That took care of some spammers using href=http://xxxxxxxx but now I'm getting this guy who posts random things such as:

"The visitor of the museum of Apron in the Brent, Bibb County occasionally broke Mixing bowl of 23 century before Christ, after which he had to sell his house to pay off with the Allied Group"

When I googled that sentence, I saw another website got spammed by the same guy just minutes after I got spammed.
I'm looking to maybe block ip-addresses (from cpanel I guess, and not familiar with this procedure ) but would that be effective? Don't people have dynamic ip addresses?

Depends some ppl use dynamic IP others use a static IP you could ban an IP but if their IP is dynamic then they could disconnect from their ISP and reconnect with a new IP.

if its an automated spam then using a captcha may help reduce the spam

I'm not much of a coder, but one of the most effective methods I've implemented which stops spammers is by having my forum setup so if someone who is trying to register clicks the submit button sooner than 10 seconds after the page loads it will give them an error. Since most of the spam comes from bots which submit info instantly this blocks a good part of them. Of course this is assuming you've got a captcha already...I guess that's the first step.

A separate idea....if it's truly only for your family and you're not really interested whether others see it or not you could block common ip ranges from a bunch of countries. I've seen many lists floating around...It's generally not the best idea for business, but if it's for personal...maybe a easy solution which requires little work.

Thanks guys. I don't have captcha so I opted for php ip block method:


<?php
$deny = array("78.47.100.185", "125.82.224.183", "61.19.235.206" , "79.135.167.26" , "60.191.246.25" , " 123.237.150.92" , "195.225.178.39" , "61.143.237.186", "193.167.80.3");
if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) {
header("location: http://www.google.com/");
exit();
} ?>

Now I just have to periodically catch the ip addresses and block them. While researching, I was surprised to see so many countries have visited my site. I have no relatives outside of US.:) I wonder if there is a easier way to block everyone but some specific countries. It seems ip addresses used by different countries change and I also heard that it can slow down the server.

********
I had the same code in my comment.php and create_comment.php page with my ip address in the array to test and it did successfully blocked me from that page and redirected me to google. However, when I took my ip address off the both pages, it still redirected me to google when I clicked submit. I was able to get into the comments.php page but somehow, create_comments.php page is still redirecting me to google. Strange. Any ideas?
Thanks again.

It might be easier to maintain using the IP Deny Manager in cpanel, plus you can use wildcards which will make it very easy to block certain isps / countries / ranges. For example...123.*.*.* etc etc, from my experience most spammers have dynamic IPs, but if you block the whole range of the ISP you have a much better chance of blocking the bot/spammer.

Thanks GFX. I guess, my way controls each page but cpanel way can block the whole site. I do have another question though.... If someone from Germany for example has ip address 78.47.100.185 is viewing my site, can I assume ip addresses starting with 78.xx.xx.xx all originate from Germany?

In that case, that's a good assumption:

http://whois.domaintools.com/78.47.100.185

But it's often not that simple, particularly in places like Europe, where an ISP may be providing service to people from multiple countries. You also find users coming in through proxy servers, so someone from somewhere in Africa might show up with an IP address in Italy. All very confusing....

It goes by the carrier, for example I have some servers in Chicago using Internap and every IP I get starts in the 70's. It's not so much location, but the carrier as far as I know and each carrier has IP addresses assigned to them by the internic which is the group that deals with ip addresses (http://www.internic.net/) - I know I know...very pretty site right? heh

I would just start with 78.47.xx.xx and see how it goes, also you can hunt for some lists of bad ips, I'm sure there's huge lists people have compiled and you could just grab a few of them and add them in cpanel. Early is right, people could be using a proxy and if they're doing something illegal they would be smart to try to hide their IP. If you keep banning bad ranges though it shouldn't matters if they're behind a proxy.

Edit: I found what I was looking for, here's a list of IPs by country http://www.ipdeny.com/ipblocks/. It's not bad ips it's just all ips. Also it's in the CIDR format which should be no problem. I'm trying to think of a way to make it easier to add the ips since every entry needs "deny from" in front of it...maybe someone else has an idea, nothing is coming to mind at the moment.

Remember you could also do something like the following if you see it as being a better solution.

# deny all except ips indicated here
<Limit GET POST PUT>
order deny,allow
deny from all
allow from 1.1.1.1
allow from .*domain\.com.*
</Limit>

There are databases available that list IP addresses by the country they are currently alocated to.

http://ip-to-country.webhosting.info/node/view/6?XID=c30a32c256d0a046850c9e52671bae8a has a copy available for download that was current at the beginning of this month.

Thanks everyone for your input. For now, I'm using cpanel's latest visitors and awstat to pick out IPs that are only going to my comment page and blocking the ranges that ISP has. Mostly China, India, etc. I think EARLY OUT's suggestion : http://whois.domaintools.com/ gives me enough info to do that. Thanks. Other sites give locations but not the ranges. I noticed many are getting http code 302s which means they were trying to add links which my php code that catches "://" redirects and others are getting 403 which means cpanel is effectively blocking those IPs. I guess bots are only interested in adding links and random wannabe hackers who post random stuff are just doing it for kicks. I just had one originated from the Univ of Washington. He/She should be studying instead of spamming!! Maybe he/she is majoring in computer science. :) There are quite a few that have just the http code 200 and they only access my comments page, which means they are only viewing my comments page.... I wonder if I should change the names of those pages.

This was a very good learning experience.... I do have one more question regarding php coding. I know you can use a wild card for IP address blocks. For example, 111.111.111.* which blocks 111.111.111.0 to .255 but is there a way to block like this: 111.111.111.10 to 111.111.111.30 so that I don't have to add those 21 IP addresses separately in the array?


<?php
$deny = array("78.47.100.*", "125.82.224.183")
if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) {
header("location: http://www.mypage.com/");
exit();
} ?>

as far as I know php can't do wildcards, I've looked for a solution but never found anything. Maybe someone with more php knowledge would know though...

IP deny will help a little but your going to find the most offensive spammers are using anonymous proxies. Even if you block whole ranges, there is so many that eventually your going to start blocking friendlies.

As I learn more about the logs, I'm getting more scared. Everyday I'm blocking about half a dozen. It's a little time consuming but it's rather fun at this point (educational wise) and I'm catching quite a bit. Cpanel ipblock seems to work fine but like most of you have said and I totally agree with you guys/gals on this that it's not an effective solution.
So....Can anyone look at my code (I am a novice and there might be a better way/correct way) and tell me if I'm blocking all the necessary things. i.e. script type things that can really damage my site or even the whole server? I'm blocking php and script (I think???). Or better way to stop those things that might affect my site. I'm using strpos to see if the "xxxx" exists in the comment. It doesn't work if the "xxxx" comes right in the beginning so I had to use "?>" and not <php" Again, any help would be greatly appreciated.


<?php
$errors = array();
$required_fields = array('nick_name', 'comment');
foreach($required_fields as $fieldname)
{
if (
!isset($_POST[$fieldname])
|| empty($_POST[$fieldname])
|| strpos($_POST[$fieldname],"?>")
|| strpos($_POST[$fieldname],"://")
|| strpos($_POST[$fieldname],"script>")
)
{
$errors[] = $fieldname;
}
}

if (!empty($errors)) {
redirect_to("comments.php");
}
?>

I recently added a comment page that one can write comments without a username and a password. I don't intend to put password protection anytime soon.In today's Internet environment, that decision ultimately means that you will be in a constant battle against thousands of hackers world-wide, many of whom are a lot smarter than you (no offense intended) and have a lot more time to devote to the sport of outwitting you than you do to outwitting them.