ip block list

Discussion in 'General Support' started by flintnapa, Nov 9, 2020.

  1. flintnapa

    flintnapa New Member

    Joined:
    Jul 17, 2009
    Messages:
    19
    Likes Received:
    1
    If you have a WeBid auction site you've probably noticed that it attracts bot fake registrations and spam relentlessly. I'm starting to weed out the fake IPs used which you can add to Users>>IP Addresses.

    Here's is my list so far:

    Code:
    108.161.134.78
    94.247.16.29
    84.17.55.103
    45.175.176.222
    180.245.44.54
    154.16.36.220
    154.16.10.198
    205.185.223.142
    170.83.176.83
    2.58.12.74
    46.246.122.162
    89.36.224.9
    23.229.111.174
    108.161.128.7
    37.152.182.65
    103.48.25.195
    23.94.154.239
    201.71.225.18
    178.216.50.212
    23.236.223.17
    167.114.136.27
    195.248.242.117
    23.94.4.247
    178.32.87.248
    108.161.134.8
    109.162.242.221
    207.244.117.223
    196.247.163.243
    198.46.226.99
    107.174.148.84
    41.180.82.62
    5.183.92.140
    178.175.132.66
    45.152.199.155
    104.227.121.7
    23.80.149.208
    23.94.75.167
    101.109.132.162
    168.90.196.203
    86.105.183.141
    101.51.9.196
    177.133.74.101
    23.250.44.251
    209.99.136.12
    64.44.48.66
    23.95.237.215
    196.196.148.9
    23.94.75.251
    198.23.172.153
    192.162.193.243
    176.56.107.132
    175.141.171.247
    45.137.40.240
    107.172.99.8
    45.32.83.205
    67.218.5.41
    104.144.180.219
    110.232.249.203
    110.232.249.203
    23.236.210.155
    209.107.210.102
    101.51.59.132
    23.236.223.19
    170.177.253.32
    185.77.248.5
    109.162.248.86
    23.236.223.19
    170.177.253.34
    23.236.232.196
    91.230.154.221
    23.236.223.204
    107.173.230.252
    178.150.47.62
    107.152.239.187
    109.162.243.25
    45.147.198.233
    23.94.75.230
    173.245.203.21
    198.23.174.137
    185.147.213.85
    23.254.12.226
    5.180.220.148
    183.197.56.174
    192.198.127.19
    196.245.244.239
    37.44.88.83
    23.254.47.87
    192.3.214.13
    125.24.11.168
    192.227.180.108
    118.173.172.93
    2.58.12.73
    138.128.4.31
    176.99.174.213
    176.99.174.213
    178.48.68.61
    23.236.232.81
    183.197.56.73
    193.56.252.250
    192.3.214.13
    96.8.122.172
    23.254.17.83
    192.198.127.27
    23.229.35.55
    216.151.183.100
    107.172.148.131
    23.229.8.131
    45.72.67.92
    103.221.235.20
    185.250.39.161
    2.58.12.37
    192.186.153.232
    107.172.148.139
    23.229.73.93
    192.241.65.35
    45.152.199.59
    198.23.238.15
    64.145.76.86
    138.128.34.207
    216.151.180.177
    23.229.35.32
    107.173.230.225
    23.229.35.239
    192.210.185.97
    209.107.210.119
    5.180.220.28
    62.122.213.164
    205.185.223.73
    45.10.232.33
    104.144.22.183
    218.250.157.35
    192.227.137.250
    107.152.239.46
    23.229.75.27
    107.152.47.41
    192.227.180.103
    191.102.148.105
    23.236.229.233
    138.128.84.170
    104.144.103.125
    192.210.185.98
    23.229.57.151
    23.236.148.14
    107.173.50.211
    206.41.175.107
    192.227.152.136
    23.236.152.222
    94.158.152.248
    191.101.250.244
    5.20.91.12
    45.133.171.227
    93.115.0.63
    192.210.230.137
    119.82.252.122
    186.200.68.34
    45.72.61.120
    45.9.122.206
    191.102.130.194
    45.136.228.18
    5.39.5.14
    109.245.214.49
    183.197.56.233
    101.51.59.15
    207.180.193.142
    148.101.27.141
    110.139.121.209
    121.66.198.76
    27.147.217.194
    196.240.58.127
    77.242.29.25
    14.207.22.141
    125.24.111.168
    194.88.143.31
    192.3.214.6
    23.94.87.249


    Be grateful if you can add yours below. Cheers. OK so you might say what's the point since those doing the bot attacks will just find other proxy IPs to use? Good point, however, these are targeted towards WeBid so that makes them more specific then general DNSBL lists.
     
  2. flintnapa

    flintnapa New Member

    Joined:
    Jul 17, 2009
    Messages:
    19
    Likes Received:
    1
    Well folks,

    I've been silently collecting all the spam iPs for a while now. You can see my complete list here:

    It's in raw form at the moment but will tidy it up going forwards. As I ban them they will appear on this list:

    https://carbootradio.com/ipblock/
     
  3. flintnapa

    flintnapa New Member

    Joined:
    Jul 17, 2009
    Messages:
    19
    Likes Received:
    1
  4. flintnapa

    flintnapa New Member

    Joined:
    Jul 17, 2009
    Messages:
    19
    Likes Received:
    1
    You can remove duplicate IPs by running the following Execute SQL command in PhpMyAdmin or in WebMin, etc. Back up you database first before running the below:

    Code:
    DELETE t1 FROM webid_usersips t1 INNER JOIN webid_usersips t2  WHERE      t1.id < t2.id AND      t1.ip = t2.ip;
     
  5. flintnapa

    flintnapa New Member

    Joined:
    Jul 17, 2009
    Messages:
    19
    Likes Received:
    1
    If your IP block list is getting to big you can reverse or limit the number of shown IPs that appear:

    Go to the admin folder and find the file banips.php. Locate this code:
    PHP:
    $query "SELECT * FROM " $DBPrefix "usersips WHERE user = 'NOUSER' ";
    Change it to reverse the order so that the recent IPs appear first:
    PHP:
    $query "SELECT * FROM " $DBPrefix "usersips WHERE user = 'NOUSER' ORDER BY `id` DESC";
    If you want to limit only to recent IP entries you can instead replace it with:

    PHP:
    $query "SELECT * FROM " $DBPrefix "usersips WHERE user = 'NOUSER' ORDER BY `id` DESC LIMIT 25";
    The number 25 can be replaced by any number that you want listed. In this case, it's just 25 entries.
     
  6. flintnapa

    flintnapa New Member

    Joined:
    Jul 17, 2009
    Messages:
    19
    Likes Received:
    1
    You have a list consisting of banned IPs and want to add them to your IP Block list.

    (1) If the list is short then you can just manually add each entry in the Admin area: Go to Users>>IP Addresses

    (2) If the list is long then you need to access the MySQL table structure in PHPMyAdmin.

    The table structure looks like this assuming you kept the webid_ prefix (if not, change it) :
    Code:
    --
    -- Table structure for table `webid_usersips`
    --
    
    CREATE TABLE IF NOT EXISTS `webid_usersips` (
      `id` int(11) NOT NULL,
      `user` int(11) DEFAULT NULL,
      `ip` varchar(15) DEFAULT NULL,
      `type` enum('first','after') NOT NULL DEFAULT 'first',
      `action` enum('accept','deny') NOT NULL DEFAULT 'accept'
    ) ENGINE=InnoDB AUTO_INCREMENT=18 DEFAULT CHARSET=latin1;
    
    
    The insertion will look something like this:

    Code:
    
    INSERT INTO `webid_usersips` (`id`, `user`, `ip`, `type`, `action`) VALUES
    (19, 0, '186.178.115.48', '', 'deny'),
    (20, 0, '107.172.150.81', ', 'deny'),
    (21, 0, '106.8.221.143', '', 'deny'),
    (22, 0, '183.197.56.81', '', 'deny'),
    (23, 0, '64.188.205.138', '', 'deny'),
    (24, 0, '172.245.46.114', '', 'deny'),
    (25, 0, '84.78.225.50', '', 'deny'),
    (26, 0, '176.222.46.223', ', 'deny'),
    (28, 0, '194.28.181.89', '', 'deny'),
    (29, 0, '188.254.159.164', '', 'deny');
    
    The first thing you need to do is find what your last Id number is. For example, if the last Id number is 18 you can insert the above list into webid_usersips.

    The Id is important because it comprises the indexes such as:

    Code:
    --
    -- Indexes for table `webid_usersips`
    --
    ALTER TABLE `webid_usersips`
      ADD PRIMARY KEY (`id`);
    
    
    Id is set to auto increment with each entry. In this case, after insertion of the above list it would be set to 30

    Code:
    ALTER TABLE `webid_usersips`
      MODIFY `id` int(11) NOT NULL AUTO_INCREMENT,AUTO_INCREMENT=30;
    
    
    So, in PhpMyAdmin you find what your last Id number is, say, 18. Then using a txt editor you build up a list such as:

    Code:
    INSERT INTO `webid_usersips` (`id`, `user`, `ip`, `type`, `action`) VALUES
    (19, 0, '186.178.115.48', '', 'deny'),
    (20, 0, '107.172.150.81', ', 'deny'),
    (21, 0, '106.8.221.143', '', 'deny'),
    (22, 0, '183.197.56.81', '', 'deny'),
    (23, 0, '64.188.205.138', '', 'deny'),
    (24, 0, '172.245.46.114', '', 'deny'),
    (25, 0, '84.78.225.50', '', 'deny'),
    (26, 0, '176.222.46.223', ', 'deny'),
    (28, 0, '194.28.181.89', '', 'deny'),
    (29, 0, '188.254.159.164', '', 'deny');
    
    Make sure the the list ends with ";" after the closing bracket ")" like so, ");" Save the file as a whatevername.sql

    Then in, say, PhpMyAdmin you go to your database name. Go to the database table webid_usersips. Then at the top navigation menu click on Import. Then you click the Browse.. button locate the sql file you created on your hard drive and click Go. The above list would be inserted.

    There is other ways to do it. Perhaps, some one else can elaborate.....
     
  7. flintnapa

    flintnapa New Member

    Joined:
    Jul 17, 2009
    Messages:
    19
    Likes Received:
    1
  8. david62311

    david62311 Well-Known Member

    Joined:
    Aug 29, 2013
    Messages:
    2,165
    Likes Received:
    251
    @flintnapa Blocking IPs is useless. VPN users can change their IP. Bots can rapidly change their IP and most of the IPs that are recorded are fake. Blocking IPs is very old school and it used to work a very long time ago. Computers and servers are getting too fast and bots can rapidly change their IP until they find one that is not blacklisted. They know what ips are blacklisted and will avoid using them.

    The best way to block bots is via .htacess file using codes to block user-agents. Browsers get updated all of the time and automatically and without our knowledge. I block browser user-agents for firefox and chrome all the way up to the last 10 browser version.

    Here's just a piece of my code and everyone here is welcome to use it on their .htaccess file.

    Code:
    # BLOCK USER AGENTS
    RewriteEngine on
    
    RewriteCond %{HTTP_USER_AGENT} China [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Chrome/1 [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Chrome/2 [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Chrome/3 [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Chrome/4 [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Chrome/5 [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Chrome/6 [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Chrome/7 [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Firefox/1 [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Firefox/2 [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Firefox/3 [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Firefox/4 [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Firefox/5 [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Firefox/6 [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Firefox/62 [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Firefox/3\. [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Firefox/4\. [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Firefox/5\. [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Firefox/6\. [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Firefox/7\. [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Firefox/8\. [NC]
    RewriteRule !^robots\.txt$ - [F]
     
  9. david62311

    david62311 Well-Known Member

    Joined:
    Aug 29, 2013
    Messages:
    2,165
    Likes Received:
    251
    Over the years, I have collected IPs automatically banned after they hit my wp-login.php trap page and other pages that I had hid on my Webid site that had no link to them. My list has grown to over 8700 IPs banned. This is why I say it's useless to ban IPs. There is no blacklist that can keep up with the speed of bot networks these days.
     
  10. Nootkan

    Nootkan New Member

    Joined:
    Sep 7, 2018
    Messages:
    29
    Likes Received:
    0
    I found a standalone plugin that works to stop bots from trying to register on my auction site. Until I installed it I was getting 20-30 per day. After installing it I haven't had one bot try to register for over 10 days now.

    The name of the plugin is "stopbadbots" and there is a version for wordpress and a standalone version for scripts like webid.

    I found it after looking for a wordpress plugin and it did such a great job with my wp sites that I decided to give it a try for my regular html/css/php/js sites.

    I paid the $24 annual fee for unlimited domains (which is a heck of a deal in my opinion) for the premium version and than paid $35 for them to install it. They provide updates for free with the installation and even fixed all my php warnings and errors that occurred due to my server configuration.

    I have to say that I haven't had bot issues for a while so it is working.

    The developer states he updates the database for wp regularly (which I confirm) due to the amount of bot traffic on wp sites and will update the database for the standalone version as needed.

    I thought I would share this with all of you as some of you gave up on this great project because of the bot issues.

    Just google stopbadbots to find the website and give it a try.
     

Share This Page