Skip to content

Instantly share code, notes, and snippets.

@stypr
Created February 11, 2015 03:27
Show Gist options
  • Save stypr/1bbed682337cdd64e101 to your computer and use it in GitHub Desktop.
Save stypr/1bbed682337cdd64e101 to your computer and use it in GitHub Desktop.
IP ban and check for fake IPs
<?php
/* This won't work on Tor services */
function checkSecurity(){
$list = "ban.txt";
$deny = array();
$fo = fopen($list, "r");
$str = fread($fo, filesize($list));
fclose($fo);
$str = str_replace(",","_",$str);
$ary = explode("_",$str);
for($i=0; $i < count($ary); $i++)
{
$deny[] = $ary[$i];
}
if(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])){
$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
foreach($deny as $ip) {
if(eregi($ip,$_SERVER['REMOTE_ADDR'])) {
die("## your ip banned!");
}
}
if(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])){
banIP($_SERVER['HTTP_X_FORWARDED_FOR'],0);
}
}
function banIP($ip,$mode){
$list = "ban.txt";
if($_SERVER['HTTP_X_FORWARDED_FOR']) $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
$ip = explode(".",$ip);
$ip = $ip[0].".".$ip[1].".".$ip[2].".*"; // block the C-class
$fo = fopen($list, "a");
fwrite($fo, $ip. ",");
fclose($fo);
die("## hacking detected :)");
}
// detect
checkSecurity();
//banIP($_SERVER['REMOTE_ADDR']); - trigger to ban the IP
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment