Is it possible to block IPs that try to enter by using.....

Worker Joined: Oct 18, 2005 Posts: 127 Location: NYC

I would like to block any IP that tries to access my site by entering this url in order to do so:

/modules.php?name=Forums&file=weblog&w=2

Is this possible?

....:::don't know if this question is in the right forum, I never seem to do that correctly Embarassed

and I tried searching first Confused

::::.....

JoAnne ~

Sells PC To Pay For Divorce Joined: Posts: 5661

chances are other will be blocked....
or is that the intention ?

Posted: Sun Jan 14, 2007 10:49 am

hitwalker wrote:

chances are other will be blocked....
or is that the intention ?

Thanks Hitwalker

Yes.... everyone who tries to access directly through that url

....seems to be the way for spammers to inject their lovely advertisements directly into the blogs Mad

I have been manually blocking each one.... but it would be great to automate it Wink

Posted: Sun Jan 14, 2007 10:57 am

i think its hard cause you cant put in any refer,and blocking by rule in sentinel or directly in the htaccess will lead to innocent banned people...
but how come that blog is easy to spam ?

Posted: Sun Jan 14, 2007 11:07 am

hitwalker wrote:

i think its hard cause you cant put in any refer,and blocking by rule in sentinel or directly in the htaccess will lead to innocent banned people...
but how come that blog is easy to spam ?

I have taken the blog down, but I get an average of 5-10 trying to access it directly each day. If they are trying to access the site directly through that url, then I want them blocked. If that IP can't add their spam that way, then they will be back with yet another way to try and spam, so why not block them now before they come up with another way. Confused

Posted: Sun Jan 14, 2007 11:51 am

well no rule will ban them automatically...
and the blog thing....yes now i understand...
there are a few scripts outhere that auto submit on certain scripts,phpbb is one of them ...
you can put a rewrite rule in the htaccess that sends them to japan if needed...
banning is useless cause they use millions of bogus ip's

you can use :

Redirect permanent /modules.php?name=Forums&file=weblog&w=2 http://www.whateversite.com

Posted: Sun Jan 14, 2007 12:16 pm

I like that!!! Very Happy

If you really want them to get banned just changed the redirect to a page that Sentinel will ban them for accessing.

Posted: Sun Jan 14, 2007 3:00 pm

hitwalker wrote:

you can put a rewrite rule in the htaccess that sends them to japan if needed...banning is useless cause they use millions of bogus ip's

you can use :

Redirect permanent /modules.php?name=Forums&file=weblog&w=2 http://www.whateversite.com

..... that is funny as quite a few of the IPs are from Japan, not all of them, but quite a few ..... Laughing

Thanks Hitwalker

Posted: Sun Jan 14, 2007 3:06 pm

well put a nice irritating web address and that will do..
realise they will never notice that cause its automated junk...

registered · Posted: Mon Jan 15, 2007 11:22 pm

JoAnne, just make sure that your normal users don't need that URL "string" to use the tool!

I have done a similar thing with Web Links as they were trying to spam them every chance they got. I happened to notice in the access logs that their referrer was always blank! I also noticed that a normal user would really only be able to reach the link from WiTHIN my site (so it would always have a referer) and the chances of a user bookmarking the exact URL to post into was just too remote a possibility.

Here is what I did:

Code:




RewriteCond %{HTTP_REFERER} ^$


RewriteCond %{QUERY_STRING} ^(.*)name=Web_Links(.*)


RewriteRule ^.*$ http://127.0.0.1 [R=301,L]

However, I had to make the "call" that I would not let anyone bookmark in their browser directly to the Web Links module. I can live with that...

But, keep in mind, this ONLY works if the HTTP_REFERER is blank.

Posted: Fri Jan 19, 2007 7:44 am

Hey montego

No one should need to directly or indirectly access that weblog. Thanks, I will try your suggestion as well Cool

I have been manually blocking any IP that used that url string to try to gain access. One IP I banned 62.141.53.139 on 01/06/07 tried to access it again last night, shouldn't I not see that? How could they try to do it again if they were banned? Confused

JoAnne

Posted: Fri Jan 19, 2007 7:48 am

you have to stop them at server level, that means atleast in the htaccess file.
but to wake you up a bit.....
these are not people but forums and blog spambots...
when they run the script they automatically visit your site again...
they never refresh or renew their info....

Posted: Fri Jan 19, 2007 7:58 am

hitwalker wrote:

you have to stop them at server level, that means atleast in the htaccess file.
but to wake you up a bit.....
these are not people but forums and blog spambots...
when they run the script they automatically visit your site again...
they never refresh or renew their info....

Hey Hitwalker

I knew they were spambots, even though I do need to wake up a bit more ......

I thought by entering them into NukeSentinel, that I was stopping them. By banning an IP in NukeSentinel, what am I banning them from? Am I wasting my time by doing this?

Thanks for your help

Posted: Fri Jan 19, 2007 8:02 am

no your not wasting time but check if the ip's are also written to the htaccess..

Posted: Fri Jan 19, 2007 7:39 pm

hitwalker wrote:

no your not wasting time but check if the ip's are also written to the htaccess..

No.... the IPs that I add to NukeSentinel are not being written to the .htaccess file, should they be or do I have to them to that file manually? Am I doing something wrong?

Thanks

JoAnne

Posted: Fri Jan 19, 2007 7:42 pm

as far as i know of it should....
but check your settings in sentinel...!
that it writes to the htaccess file as well...
otherwise its indeed a bit useless...

Posted: Fri Jan 19, 2007 8:18 pm

hitwalker wrote:

as far as i know of it should....
but check your settings in sentinel...!
that it writes to the htaccess file as well...
otherwise its indeed a bit useless...

My Bad ...... I had a typo in the path to the .htaccess file... DUH!

I fixed it, tested it and it works fine now...

Sorry Embarassed

Thank you so much for your help!

JoAnne

Posted: Fri Jan 19, 2007 8:20 pm

happy banning.... killing me

registered · Worker Joined: Oct 07, 2003 Posts: 211

I know I may be a little late here, but why not just set the Reply permissions in the Blog CP to registered users. You can put the view permissions to Guests and then everyone can see it, but no one can reply (comment) unless they are a registered user.

You will have to watch the shout box though.

Afterthought: If you want to keep guests from accessing the shoutbox, (not displaying the shoutbox causes the page to break), you can open your weblog.php file and comment out line 250 and on the next line add:

Code:

message_die(GENERAL_ERROR, 'Guests are not allowed to post in the shoutbox');

Then guests can view the blog, but when they try to submit something to the shoutbox, they received the error.

Posted: Sat Jan 20, 2007 2:16 am

Hey Dauthus

The ported Blog Mod/Weblogs for PHPNuke has alot of security holes. Naturally, I had started out with above settings of guests viewing and only registered users adding comments, etc. etc. I removed the shout boxes. No matter what I did, there was always a way for the hackers and spammers to find a way to get through.

I have removed the Blogs from my sites until someone ports the Blog Mog/Weblogs to PHPNuke and maintains it with the necessary upgrades for the latest vulnerabilities.

My reason for wanting to ban the IPs that are still trying to enter the Weblogs, even though I have them turned off, is that I feel they are malicious IPs and will not stop at the blogs and that they will continue to find ways to hack or spam in some way or another. I know I can not ever stop them all, but if I can stop just a few... who knows Rolling Eyes

.....:::::with a false sense of security::::......

JoAnne

Posted: Sat Jan 20, 2007 10:15 am

That's ok. I use the blog Mod, and had problems in the beginning with spammers in the shoutbox. Sure, bots will try to access any page they spider, but just because they attempt to visit doesn't mean they get through or they are attempting to hack a site. They are just doing their jobs.

Since I implemented the changes I gave to you, I have been able to use the blog without problems, and keep the bot spamming at bay.

Posted: Sat Jan 20, 2007 10:19 am

Dauthus wrote:

That's ok. I use the blog Mod, and had problems in the beginning with spammers in the shoutbox. Sure, bots will try to access any page they spider, but just because they attempt to visit doesn't mean they get through or they are attempting to hack a site. They are just doing their jobs.

Since I implemented the changes I gave to you, I have been able to use the blog without problems, and keep the bot spamming at bay.

Which version of the Blog Mod are you using and who ported it to PHPNuke?

Thanks

JoAnne

Posted: Sat Jan 20, 2007 10:32 am

As best as I can tell, this one:

Powered by the Blog Mod version 0.2.x by Hyperion
A port for PHP-Nuke by BBtoNukeMods with enhancements from NukeKorea Dev. Network © 2003-2005

Posted: Sat Jan 20, 2007 10:47 am

Dauthus wrote:

As best as I can tell, this one:

Powered by the Blog Mod version 0.2.x by Hyperion
A port for PHP-Nuke by BBtoNukeMods with enhancements from NukeKorea Dev. Network © 2003-2005

That is the one I have. The Blog Mod has been updated a few times since that as some security vulnerabilities had been found by Hyperion. I was going to update it myself, but have not had the time. I really wish Raven would take that project on, I would feel much better with a version from him Wink

JoAnne

Worker Joined: Nov 22, 2004 Posts: 208 Location: Italy

Just my 2 cents:
In sentinel, also add in the string blocker the most used words used by spammers
cialis, viagra, phentermine, levitra etc...
mail.ru cachette.com are a "must" too...
Since I did, i saw spam going down by 80% and love it Smile