Baller Blockin’ with Cookies
May 30, 2006 5:23pm
So, I modified the code from the last post to help defend against IP spoofing, dynamic IPs, and proxies.
New code:
<?php
$badIPs = array(“1.2.3.4″, “2.3.4.5″, “3.4.5.6″); // Bad IP list
foreach($badIPs as $badMonkey) {
if(($_SERVER['REMOTE_ADDR'] == $badMonkey) || ($_COOKIE['badMonkey'])) { // Bad monkey! No website for you!
setcookie(“badMonkey”, ‘blockMe’, time()+2592000, ‘/’);
header(“Location: http://tubgirl.com”); // Send them to this site.
}
}
?>
Now, if your IP is in the block list, it sets a cookie which lasts a month ( the time()+2592000 statement (2592000 = 60sec * 60mins * 24hrs * 30days) ), and then checks for the cookie. This way, if they then re-set their net connection and get a new IP, pop into a proxy or spoof their IP, etc. it will still block them. If after a month, their IP is no longer in the block list, then the cookie is unset and they are allowed back into the site.
Until they clear their cookies and try one of the workarounds, that is.
Baller Blockin’
May 30, 2006 4:43pm
No, this has nothing to do with that amazing cinematic masterpiece by Cash Money, but instead about blocking website access.
A friend of mine just ICQ’d me, asking if there was an easy way to redirect unwanted IPs from reading her blog to a bit more of a visually caustic website (like the now-defunct goatse.cx).
I replied with this:
<?php
$badIPs = array(“1.2.3.4″, “2.3.4.5″, “3.4.5.6″); // List of bad IP addresses.
foreach($badIPs as $badMonkey) {
if($_SERVER['REMOTE_ADDR'] == $badMonkey) { // Bad monkey! No website for you!
header(“Location: http://tubgirl.com”); // Redirect them to this site.
}
}
?>
It’s pretty simple, you just have to make sure that you do the following:
0) Server/site/blog/page/etc. that runs PHP.
1) Pick out a suitable offensive site (Like TubGirl, for example).
2) Open the file that has the <html> and <head> tags. (assuming it’s a .php, .inc, .tpl, etc file)
3) Paste the code before the <html> tag.
4) Replace sample IPs with real ones and replace the site where you want to send them to.
That’s it! You can have an unlimited number of IPs to block. Since this isn’t JavaScript and takes place at the server level, it’s can’t really be circumvented by disabling JavaScript on the browser. The only real way around this is to hop on another IP address/connection, spoof the one you’re on, go through a proxy, use coral cache, or other similar methods. Really when it comes down to it, if someone _really_ wants to read those public entries, they can. This’ll just piss ‘em off. ;)
Now, who actually clicked on the Tubgirl link? Let’s see a show of hands.
