Advanced IP ban manager

What is it/What does it do?

This is intended as a replacement for the ip bans under vbulletin options. It allows for timed ip bans, cidr ranges and attatching reasons to bans.

It also features registration only ip bans allowing members who may be effected by an ip ban to continue using the forums, but blocking registrations and ip ban exempts so that you can ban a large range of ips and let through a smaller subset of them.

Features

Ip bans
Timed ip bans
Ip ban exempts
Registration only bans
Ban by cidr range

Installation
Backup db.
Upload files from zip.
Import product.
Refresh admincp.

Once Version 0.3 is installed; upload the attached php file into your admin cp to replace the one already there. This file fixes a couple of minor issues for some people.

Changelog

0.3.1
Added a work around for issues of 0.0.0.0 ips being banned on any system where ip2long returned a signed int instead of an unsigned int.
0.3
Fixed bug where ip bans wouldn't block registrations unless set to registration only.
Added file with a list of common spambot ips that can be auto banned.
Changed limit on cidr range from 16 to 4 As i often came across instances where i wanted to ban larger ranges
0.2.1b
Added a bitfield rebuild to installer to fix issues with menu not showing.
0.2b
Fixed bug in instal code.
0.2a
Added admin permissions and exempt bans
0.1a
Initial release.



Notes

This has been tested on 3.7.2 but should work on 3.6.x, 3.7.x and 3.8.x

This mod has not been tested on vbulletin 4; a separate, improved vbulletin 4 version can be found HERE (https://vborg.vbsupport.ru/showthread.php?t=227013)

Access is now controlled by an admincp permission however no control over ip banning is done.

This variable can be used in the config file to prevent banning any ip/range of ips that contain the ips listed in it: $config['SpecialUsers']['unbannableips'] = "127.0.0.1|127.0.0.2";
Ips should be separated by a | symbol. This will not effect any bans that are already in place.

Bans are limited to a cidr range of 4. (This should be more than enough) If you require a ban that covers more than this, it should be set in the database. If there is demand for it, I may make the cidr limit optional/changable in future versions.

Exempts/bans work by taking the tightest cidr range match. eg if you ban 127.0.0.1/16 and add an exempt for 127.0.0.1/24 the exempt will take precedence, however adding another ban against 127.0.0.1/32 would override the exempt.

When uninstalling, the mod will remove the modifications to the admin table, however it is upto you to drop the ipbans table yourself. This has been done in order to preserve the data in that table incase you still want it for something.

I've added a file which was created by a member of my admin team, it contains a large list of ip addresses from which A lot of malignant traffic seems to come from. If you are having trouble with spam bots this list may help in preventing them from registering. To use the file visit the url : <your forum url>/admincp/ipban.spambots.php It will ask you to log in to your cp then display a blank page; this is to be expected as all its doing is inserting into the database. It will add approximately 140 bans; so they've been coded NOT to show up in the ip ban list. This feature is something i plan to expand on with a full interface for viewing, creating, adding and removing ip blocklists, but for now this mechanism is what i've come up with.

Support

As all of my boards have been upgraded to vbulletin 4, I am no longer actively maintaining any of my vb3.x mods. Free support for all of my 3.x mods is being removed from the 31st of March 2010 after this date, I will only be offering paid support for 3.x mods; downloading and usage of the mods will remain free but unsupported.

Please pm me for support of 3.x mods as I will not be checking their threads very often.

Support is now offered as this is a beta release. I'll be checking vborg from time to time but for critical support issues, you are best contacting me on my own forums.

I'm hoping that this version (0.3) is bug free, so this can be considered a release candidate version.

I've uploaded a fixed php file for some people who were having problems with short php tags and other parse errors. This needs to be uploaded to the admin cp. The file will be added into the zip once in the next release.

This mod will be has been upgraded to support vb4 The vbulletin 4 version will be released once the beta goes public.

Extra features in vb4.0 version:

whois ip from admin cp
cidr calculator (shows the ip range that a cidr bans)
test bans (enter an ip to see if its banned or not)


Planned features for future versions:

import/export bans
integration into 'delete posts as spam' => admins with suitable permissions will be able to select a box to ban the posters ip(s) in addition to banning their account(s)

This is extremely interesting. Please add a function to define IPs that can not be banned.

Thats not a bad idea acctually;

Would you think something like that should be in the config file along with the undeletable users stuff? Seems to me the most logical place to put it - that way if you accidentilly ban yourself, you just add your ip to the conf file and all is good again.

I was considering adding some code that just exempt admins/superadmins from being ip banned at all. That would also require stopping ip bans from effecting login.php so that if an ip ban was effecting an admin they could still log in.

The config file sounds the most logical to me, though I do not think many admins would be stupid enough to ban themselves. So if it means a lot more effort, then I would just make it an adminCP option to enter untouchable IP addresses.

I cant think of a reason why excluding login.php from IP bans would be a problem. If anyone can, then please let me know.
Adding code to prevent admins /SA from being IP banned sounds good as well, but note that admins may have multiple accounts. If you can take that into account, then this may be a viable solution.

Well... we /had/ an admin who's in the past been noted for 'accidentilly' deleting users (her excuse was she dropped the keyboard. ) and having a .bash_history file containing meny entries similar to 'el ess'. Also, if you dont understand how cidr ranges work properly it could be fairly easy to set one too large that hits you as well. (part of the reason theres a hard coded limit on how big the cidr range can be)

My only thought about excluding login.php was that if you ip banned someone for trying to brute force login names it woudn't stop them, on the other hand, vb is quite resistant against that anyway with the strikes system and its something you should probably be adding firewall rules to prevent instead of vbulletin ip bans.

If an admin has two accounts, they could just go in and add an exempt from ipbans ( once coded) for their own ip. An alternative was something i was thinking about a while ago - exempting ip bans by user group, which could be done as a setting or as an option (probably the better way)

EDIT: bleh, wont work. Login.php dosn't provide a login form, so another page would have to be provided to do that. I have made it so that admins can now login ( by going to the admincp and logging in from there) and since ip bans arn't verified in the admin cp, they can remove the ban preventing their access.

Unbannable ips is in; still need to test it, but i'm pretty sure the code is sound.

----------------------

Next step is to decide how best to implement exempts; I had two ideas
1) apply bans in decreasing order of cidr range. This would allow, for example you to set a ban against a range of /16 blocking off a troublesome group of spammers. however you could then exempt a group of /24 that are acctually nice people then you could ban an couple of /32 ips that were not quite as nice as you thought they were.

This is much more flexable, but complex.

2) Exempts overide bans.

eg if an exempt is set your ip will be allowed in no matter what.

so the way you saying do a database backup first does this actually work? have you tested it? if you ip ban sum1 they shouldnt be able to access the site correct? lol

Dude, you are amazing, I have been looking for something like this for ever. No other forum boards have anything like this. Awesome!


The config file sounds the most logical to me, though I do not think many admins would be stupid enough to ban themselves. So if it means a lot more effort, then I would just make it an adminCP option to enter untouchable IP addresses.

I cant think of a reason why excluding login.php from IP bans would be a problem. If anyone can, then please let me know.
Adding code to prevent admins /SA from being IP banned sounds good as well, but note that admins may have multiple accounts. If you can take that into account, then this may be a viable solution.

The original IP Ban manager didn't even have that. It would be nice to have, but I've lived before without it.

so the way you saying do a database backup first does this actually work? have you tested it? if you ip ban sum1 they shouldnt be able to access the site correct? lol

I have tested it, and it is running on my own boards. However its not feature complete and hasn't been tested anywhere other than my own board. I suggest not using this on live sites as it may have unforseen issues.

Dude, you are amazing, I have been looking for something like this for ever. No other forum boards have anything like this. Awesome!

It came about for two reasons. 1st, i was banning a bunch of bots using the new delete as spam controls, i felt it was a shame that it didn't include something to automatically ban by ip and by email address as well as just ban.

2nd, i want all my admins to be able to ip ban, but giving them access to canadminsettings seemed somewhat over kill for this task.

well ppl please leave feedback on it i need to know if i should install it cuz i dont wana screw up my site lol

How about a hostname option? IE: If the ip resolves to have anything with "proxy" in it they will get a banned message.

@pspmaster93
Agreed, i want some feedback so i can improve it and fix any bugs.

however, VB allows you to run a personal dev board (protected by .htaccess) for testing things. This is what i'm encouraging people to install onto. use the same settings + mods that you have on your main site and see if there are any conflicts/bugs.

Hostname banning would be a good addition i think, but i want to get some stability testing on the current stuff done first.

I'm working on a 0.2a release, which adds admin permissioins and the unbannable ip address feature. I'm also going to add the exempts feature to it.

How about a hostname option? IE: If the ip resolves to have anything with "proxy" in it they will get a banned message.

That would be a very good feature

Update released: is now considered to be a beta.

sorry its been so long, i've had some internet issues as well as other projects i've been working on.

I get this: "MySQL Error : Unknown column 'ipbansperms' in 'field list'" :(

me to ...when saved admin permissions ...

some help?

Database error in vBulletin 3.7.2:
Invalid SQL:
UPDATE vb_administrator SET
### Bitfield: vb_administrator.adminpermissions ###
adminpermissions = IF(adminpermissions & 4, adminpermissions, adminpermissions + 4),
adminpermissions = IF(adminpermissions & 8, adminpermissions, adminpermissions + 8),
adminpermissions = IF(adminpermissions & 16, adminpermissions, adminpermissions + 16),
adminpermissions = IF(adminpermissions & 32, adminpermissions, adminpermissions + 32),
adminpermissions = IF(adminpermissions & 64, adminpermissions, adminpermissions + 64),
adminpermissions = IF(adminpermissions & 128, adminpermissions, adminpermissions + 128),
adminpermissions = IF(adminpermissions & 256, adminpermissions, adminpermissions + 256),
adminpermissions = IF(adminpermissions & 512, adminpermissions, adminpermissions + 512),
adminpermissions = IF(adminpermissions & 1024, adminpermissions, adminpermissions + 1024),
adminpermissions = IF(adminpermissions & 2048, adminpermissions, adminpermissions + 2048),
adminpermissions = IF(adminpermissions & 4096, adminpermissions, adminpermissions + 4096),
adminpermissions = IF(adminpermissions & 8192, adminpermissions, adminpermissions + 8192),
adminpermissions = IF(adminpermissions & 16384, adminpermissions, adminpermissions + 16384),
adminpermissions = IF(adminpermissions & 65536, adminpermissions, adminpermissions + 65536),
adminpermissions = IF(adminpermissions & 131072, adminpermissions, adminpermissions + 131072),
adminpermissions = IF(adminpermissions & 262144, adminpermissions, adminpermissions + 262144),
### Bitfield: vb_administrator.ms_custom_admin_perms ###
ms_custom_admin_perms = IF(ms_custom_admin_perms & 1, ms_custom_admin_perms, ms_custom_admin_perms + 1),
blogpermissions = 3,
ipbansperms = 0,
cssprefs = '',
dismissednews = ''
WHERE userid = 1;
MySQL Error : Unknown column 'ipbansperms' in 'field list'
Error Number : 1054
Request Date : Saturday, August 16th 2008 @ 01:48:51 PM
Error Date : Saturday, August 16th 2008 @ 01:48:51 PM
Script : http://libar-libar.com/vb/libar/admincp/adminpermissions.php?do=update
Referrer : http://libar-libar.com/vb/libar/admincp/adminpermissions.php?do=edit&u=1
IP Address :
Username : Admin

Umm... any1 gonna help us?

i've been away for the weekend.

That was an issue i was having while testing, however i was sure i'd fixed it.

i should have a fixed product file in an hour or two.

Edit: fixed the problem... a missing ; :s

Import new product file allowing overwrite to fix.

hello

i can not see anything in my cp ...no ip bans (where to found this in admin cp ?.... just updated ...and database errors is fixed - thanks


reg

macc

It should add a new menu item; did you upload all the extra files?

cool

yes i upload files from package ... see anything extra there but nothing in my admin cp ...no extra menu item...


reg

macc

Is your account the superadmin account? If not, make sure your account has the extra admin permission assigned to it to allow for ip banning.

Also, refresh the menu frame of the admin cp.

If you still can't see it, rebuild the bitfields. and refresh the menu again.

yes my account is superadmin ..i put permissions and can not see ...uploaded files again ...no resuls ...



reg


macc

Ok, I found the problem... at some point i managed to loose a file from the archive. (the file that defines the menu...) New archive with missing file included now attached.

have updated but no results ...

reg

macc

I've added some code to the installer which should fix the issue you are having.

Incidentally, is anyone else having issues with the menu not showing? (it should appear under the users menu)

So the CIDR (never heard of it before) of 32 means that if you enter an IP to ban it will ban all the IPs in the 0-31,32-63 etc range that the IP falls in? Or what?
What if I want to ban just the single IP as per the original vB IP banning system? Cos that's all that I will ever need to do.

thanks ...now works

regards

macc

This will come in very useful, installed. :)

So the CIDR (never heard of it before) of 32 means that if you enter an IP to ban it will ban all the IPs in the 0-31,32-63 etc range that the IP falls in? Or what?
What if I want to ban just the single IP as per the original vB IP banning system? Cos that's all that I will ever need to do.

easiest way to explain the cidr range is thus:

imagine the ip address as a big binary number. each of the . seperated parts equates to 8 bits so an ip address as a number would look like this:

00000000 . 00000000 . 00000000 . 00000000

32 binary bits in total. The cidr range is specifying how meny of those bits must match before the ip is considered banned.

specifying a cidr range of 32 means that ALL 32 bits must match and is thus the same as banning a single ip.

The real power comes in when you want to ban larger ranges for people who have dynamic ip addresses. a cidr range of 24, for example matches only the most significant 24 bits of the ip so for the following ip, if all the 0's match it wouldn't matter what the x was set to

00000000.00000000.00000000.xxxxxxxx

this is equivilant to banning an ip with only three segments to it.

Currently the cidr is hard coded at 16, mostly because i didn't want admins on my own forums accidentilly banning the entire board cause they didnt know what it did. This will probably become an option at some point in the future (eg setting the max allowed cidr range)

There is a note saying to leave the cidr at 32 if you dont know what it does :p

Edit: just to clearly answer your question, If you just want to ban a single ip address, leave the cidr set to 32.

so if i want to ban a user with the 127.0.0.1 (dynamic) i might set the cidr to 8? so ALL the 127.0.0.xxx (or xxx.0.0.1, 127.x.0.1, 127.0.x.1) are banned?

i think this is a very useful tool ... but i don't understand how it works ... :S

so if i want to ban a user with the 127.0.0.1 (dynamic) i might set the cidr to 8? so ALL the 127.0.0.xxx (or xxx.0.0.1, 127.x.0.1, 127.0.x.1) are banned?


setting it to 8 would be all of 127.x.x.x To ban 127.0.0.x you need to set it as 24 (32-8)

This wikipedia article explains Cidr ranges in a lot of detail. For a basic idea, take a look at the table about half way down the page: http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing

Can you include the ability to ban ip ranges?
And for me it doesen´t work. Everytime it bans ip 0.0.0.0

it does ban ip ranges, thats what the cidr is for.

/me thinks this needs some admin help popups... expect them when i release an update.

mathew: what are teh other settings for your ip ban? what vb version are you using?

I ve tried to Ban IP 203.160.1.43 but every try it bans IP 0.0.0.0 ??? Dont know why ??? Pls Help Carnage Thank you so much

sounds good. marked for installation.

so this is ok for 3.7.3?

i've not tested on 3.7.3 however there shouldn't be any problems.

@angeldevil, what vb version are you using? What other values are you adding the the form?

im using Vbb 3.7.2
IP Address 203.160.1.43 ( or 203.160.1.48 same thing happen )
CIDR Range (if you are unsure what this does, leave it as 32) 32
Registrations only? NO
Exempt IP? (not yet implemented) NO

Thank you for ur help Carnage

Just uploaded to use it on 3.7.3. It doesnt seem ti be working as all i see script language when i pull up the admin panel.. any ideas?

sevo: can you post the 'script language' it comes up with.

angeldevil: can you try with a different cidr; say 31 ?

TY Carnage i can ban that IP while change CIDR to 31

So if ive understood this correct if i use the CIDR range /24 to ban IP: 9.10.166.9/24 that will ban the [256 ips] from 9.10.166.0 through to 9.10.166.255.

Btw thats a Example IP :)

I can't get this to work either. I ban a single ip address using this mod and the same address is used just minutes after.....Hmmmmm.

I'm using (vBulletin 3.7.2 Patch Level 2)

I've added some code to the installer which should fix the issue you are having.

Incidentally, is anyone else having issues with the menu not showing? (it should appear under the users menu)

I have just installed on 2 forums and nothing shows in the menu of either

thanks will test this ;)

i wonder... the banning of a single ip address works perfectly fine on my forums. I'm thinking it may be an issue in the under lying programs - php and mysql.

Can the people having problems with banning single ips (via pm if you wish) tell me what version of php and mysql you are using and if its 64 or 32 bit.

For now, ban using a cidr of 31.

Requests:

Add more than one IP at a time (I have a lot of spam bots
Some sort of comment system so we can organize our IP bans (Something like have categories like Spam Bot IPs and stuff)

Why when I enter some IP addresses it works, then when I enter certain other ones it comes up as 0.0.0.0 ( I tried CIDR 32 and 31 )?

That is the only glitch I see.....oh would be nice to have multiple fields to enter multiple IP addresses as well as having the script loop back tot he add IP page rather than the main page of admin.

Requests

* Enter more than one IP address
* Ability to update current entries
* Fix error of 0.0.0.0 showing up when IP address entered
* Loop either to entry screen of list of banned IP addresses after submit is hit

just waiting the full version :Peace:

Definately can?t wait for this to be final. Any ETA on when that will be ? ;)
Thanks for this Mod, I am sure its great once its final.

Wolfseye

is this working for vB 3.8.0 ?

Could I please have an example on how to use this ? I know how to ban IP Ranges in PLESK etc. so there its simple. For an example below I would like to know what to enter. I hope you can help me with that so I understand it correctly.

That is the IP range that I would like to Ban.

IP: 94.0.0.0 - 94.15.255.255

Now the CIDR would be:

CIDR: 94.0.0.0/12

So what would I would have to enter exactly in the IP Ban options of this Mod ? Thank you in advance. ;)

Wolfseye

Request:

- interfaces it with the IP-to-Country http://ip-to-country.webhosting.info/downloads/ip-to-country.csv.zip

Hm, the registration thing doesnt seem to be working. No matter what I put under that field it bans the IP for everything, not just registration.

jesus: what vb version are you using?

kfiasche81: what integration would you like? All that is is a list of what ips come from what country...

tlwwolfseye: ban for 94.0.0.0 cidr set to 12 however the code (for safety reasons) is set to block ip bans over too large a range; so you will need to edit ipbans.php and change the 16 on lines 85 and 87 to 12.

caltek: what ips caused errors, which ones worked?

I don't seem to be able to find the option on where to access the mod.

Where would it be?

Ok, got that resolved, but am now getting the following error:

input->clean_array_gpc('r', array( 'userid' => TYPE_INT )); log_admin_action(); print_cp_header("IP ban manager"); if (empty($_REQUEST['do'])) { $_REQUEST['do'] = 'list'; } if($_REQUEST['do'] == 'list') { //list print_table_start(); print_table_header("IP Bans", 8); print_cells_row(array("IP","Cidr","Banned by","Registration","exempt","Expires","Reason","Delete")); $q = $db->query("SELECT " . TABLE_PREFIX . "ipban.*," . TABLE_PREFIX . "user.username FROM " . TABLE_PREFIX . "ipban, " . TABLE_PREFIX . "user WHERE " . TABLE_PREFIX . "ipban.setby = " . TABLE_PREFIX . "user.userid AND (expires > unix_timestamp() OR expires = 0)"); while ($row = mysql_fetch_array($q)) { $data = array(); $data[] = long2ip($row['ip']); $data[] = "/" . $row['cidr']; $data[] = $row['username']; $data[] = ($row['registration']) ? 'Yes':'No'; $data[] = ($row['exempt']) ? 'Yes':'No'; $data[] = date("U",$row['expires']); $data[] = $row['reason']; $data[] = "[Delete]"; print_cells_row($data); //echo long2ip($row['ip']) . " \n"; } print_table_footer(); } if($_REQUEST['do'] == 'doadd') { //add $vbulletin->input->clean_array_gpc('p', array( 'ip' => TYPE_STR, 'period' => TYPE_STR, 'reason' => TYPE_NOHTML, 'cidr' => TYPE_INT, 'exempt' => TYPE_BOOL, 'registration' => TYPE_BOOL )); // check that the number of days is valid if ($vbulletin->GPC['period'] != 'PERMANENT' AND !preg_match('#^(D|M|Y)_[1-9][0-9]?$#', $vbulletin->GPC['period'])) { print_stop_message('invalid_ban_period_specified') ; } // if we've got this far all the incoming data is good if ($vbulletin->GPC['period'] == 'PERMANENT') { // make this ban permanent $liftdate = 0; } else { // get the unixtime for when this ban will be lifted $liftdate = convert_date_to_timestamp($vbulletin->GPC['period']); } //dont let an admin ban too large a range of ips at once if($vbulletin->GPC['cidr'] < 16) { $vbulletin->GPC['cidr'] = 16; } if(strlen($vbulletin->GPC['reason'])<1) { $vbulletin->GPC['reason'] = "No Reason"; } $ip = ip2long($vbulletin->GPC['ip']); $cidrmask = ((pow(2,$vbulletin->GPC['cidr']) -1) << (32 - $vbulletin->GPC['cidr'])); //nb only works with ipv4. for ipv6 changes need to be made. $ip = $ip & $cidrmask; if(isset($vbulletin->config['SpecialUsers']['unbannableips'])) { $unbannable = explode("|",$vbulletin->config['SpecialUsers']['unbannableips']); if(is_array($unbannable)) { foreach($unbannable as $unbannableip) { $unbannableip = ip2long($unbannableip); $unbannableip = $unbannableip & $cidrmask; if($unbannableip == $ip) { print_stop_message('unbannable_ip'); } } } } $db->query("INSERT INTO " . TABLE_PREFIX . "ipban (ip,cidr,registration,exempt,setby,reason,expires) VALUES ($ip,{$vbulletin->GPC['cidr']},{$vbulletin->GPC['registration']},{$vbulletin->GPC['exempt']}, {$vbulletin->userinfo['userid']},'{$vbulletin->GPC['reason']}',$liftdate)"); print_cp_message("Ip Ban added sucessfully","?",3); } if($_REQUEST['do'] == 'add') { $temporary_phrase = $vbphrase['temporary_ban_options']; $permanent_phrase = $vbphrase['permanent_ban_options']; // make a list of banning period options $periodoptions = array( $temporary_phrase => array( 'D_1' => "1 $vbphrase[day]", 'D_2' => "2 $vbphrase[days]", 'D_3' => "3 $vbphrase[days]", 'D_4' => "4 $vbphrase[days]", 'D_5' => "5 $vbphrase[days]", 'D_6' => "6 $vbphrase[days]", 'D_7' => "7 $vbphrase[days]", 'D_10' => "10 $vbphrase[days]", 'D_14' => "2 $vbphrase[weeks]", 'D_21' => "3 $vbphrase[weeks]", 'M_1' => "1 $vbphrase[month]", 'M_2' => "2 $vbphrase[months]", 'M_3' => "3 $vbphrase[months]", 'M_4' => "4 $vbphrase[months]", 'M_5' => "5 $vbphrase[months]", 'M_6' => "6 $vbphrase[months]", 'Y_1' => "1 $vbphrase[year]", 'Y_2' => "2 $vbphrase[years]", ), $permanent_phrase => array( 'PERMANENT' => "$vbphrase[permanent] - $vbphrase[never_lift_ban]" ) ); foreach ($periodoptions["$temporary_phrase"] AS $thisperiod => $text) { if ($liftdate = convert_date_to_timestamp($thisperiod)) { $periodoptions["$temporary_phrase"]["$thisperiod"] .= ' (' . vbdate($vbulletin->options['dateformat'] . ' ' . $vbulletin->options['timeformat'], $liftdate) . ')'; } } //add form print_form_header("ipbans","doadd"); print_table_header("Add ip ban"); print_input_row("IP Address","ip",""); print_input_row("CIDR Range (if you are unsure what this does, leave it as 32)","cidr",32); print_yes_no_row("Registrations only?","registrations",1); print_yes_no_row("Exempt IP? (not yet implemented)","exempt",0); print_select_row($vbphrase['lift_ban_after'], 'period', $periodoptions, $vbulletin->GPC['period']); print_input_row("Reason to ban ip", 'reason', '', true, 50, 250); print_submit_row(); } if($_REQUEST['do'] == 'delete') { $vbulletin->input->clean_array_gpc('g', array('ipbanid' => TYPE_INT)); //print confirm form print_delete_confirmation("ipban", $vbulletin->GPC['ipbanid'], "ipbans", "dodelete", 'ipban', 0,'','ip'); } if($_REQUEST['do'] == 'dodelete') { //do the delete $vbulletin->input->clean_array_gpc('p', array('ipbanid' => TYPE_INT)); $db->query("DELETE FROM " . TABLE_PREFIX . "ipban WHERE ipbanid = '{$vbulletin->GPC['ipbanid']}'"); print_cp_message("Ip Ban deleted sucessfully","?",3); } print_cp_footer();

That seems like a print out of the code... well; some of it anyway - my suggestion is to upload a fresh copy of ipbans.php to your admincp dir.

If you wait an hour or so before doing that - i'm putting the finishing touches to V 0.3

Edit:

V0.3 is out now, i suggest you upgrade to that and see if that solves the problem

Installed v 0.3 and get this error when I try to add an IP:

Parse error: syntax error, unexpected '(', expecting '}' in ipbans.php on line 121


Also note that when I try to add an IP that starts with '1' I get 0.0.0.0 showing up. ( i.e. 192.1.243.1 shows up as 0.0.0.0 )

Ok, got that resolved, but am now getting the following error:
I got the same error but quickly figuered out the problem.
The author has used the short hand <? instead of <?php in the beginning of the PHP files.

This mode is not supported by many installations, and one should always use <?php when programming in PHP.

So, to fix your problem. Go in to all PHP-files in this modification and change the first line to read
<?php
instead of
<?

It seems like the author has ommited the ?> at the end of the files as well. This is poor practise.

Otherwise, top ace! :)

It seems like the author has ommited the ?> at the end of the files as well. This is poor practise.


This is debatable. There are a good number of reasons for omitting it:
- Prevents excess white space at end of file; this can interfere with sending headers etc and cause xhtml validation errors.
- php.net dosn't use closing delimiters in its code eg http://www.php.net/source.php?url=/include/prepend.inc
- The closing tag is in fact optional.

Anyway, fixed file uploaded for those that dont have short tags enabled.

@caltek: what versions of php/mysql are you running? 32bit or 64 bit os?

thanks for the update. This does indeed enhance the IP banning functionality in vbulletin and could be useful to have as default. I have many banned IPs over the years, now I have no clue why any of them were banned.

Thats pretty much why i wrote this mod. It also allows me to give all admins ip ban privilages without them having access to the other options.

For anyone who was wondering; this does seem to work fine on vb 3.8.2 as i've just updated my own board to that version.

installed on 3.82

when I add an ip, it says added successfully, & the row is saved to the DB

BUT when I list banned ips, the list is blank.

not sure what is wrong

You checked the db and the ip is in there?

did you install the list of ip bans provided with the mod?

You checked the db and the ip is in there?

did you install the list of ip bans provided with the mod?

This is all I did

-------
Installation
Backup db.
Upload files from zip.
Import product.
Refresh admincp.
-------

yes, the ips are in the DB. I have 3 rows in the ipban table. I've attached an example. image 1 shows the row int he DB. image 2 is what I get when I click List "IP Bans"

Does this work on 3.8.2

When I ban a IP with an CIDR, it shows as 0.0.0.0 and /8 for example, instead of what I entered... In the case shown in the attached zip file, I was banning 194.8.0.0/8 which is spammer trying to spam my site... However, it all shows as 0.0.0.0 as you will see in the attachment...

What can I do about it, or is there a reason it wouldn't show the IP info?

Thanks,
kapii

I uploaded to my FTP and everything. But how do i access it?

I uploaded to my FTP and everything. But how do i access it?

It's in the left side of your ACP probably between the users and users groups...

re: ip ban against 194.8.0.0/8

I testeed this on my own board and it went through ok. (displaying a ban against 194.0.0.0 which is correct for /8)

can you tell me what versions of php/mysql you are running and if you are using 64 bit or 32 bit versions. I'm having issues tracking down the apparent random occurance of 0.0.0.0 bans...

Not Working
Mod Inutil

The same problem with 0.0.0.0

Please try
array('ip'=>'194.158.64.0','cidr'=>'19','description'=>'Country'),
array('ip'=>'217.147.112.0','cidr'=>'20','description'=>'Country'),

You will see 0 in 'ip' column in "ipban"-table

'ip'-column has attribute 'UNSIGNED'
I've changed attribute. Set it empty. Now in db:
194.158.64.0 -> -1029816320
217.147.112.0 -> -644648960

But in admin panel "List IP Bans" this ip-addresses are not shown.

Same problem here.. mad numbers for the duration, and new bans appear as 0.0.0.0 in the list.. this is new behaviour, there are bans in the list made on the .2a revision that are coherent..

this is ver 3.7.2, on a (shared) linux server..

edit: i should mention, this problem started BEFORE i upgraded from ver .2a, i imagined the upgrade would fix it, but it did not.

hmm. I will definitely hurt. thanks

re: ip ban against 194.8.0.0/8

I testeed this on my own board and it went through ok. (displaying a ban against 194.0.0.0 which is correct for /8)

can you tell me what versions of php/mysql you are running and if you are using 64 bit or 32 bit versions. I'm having issues tracking down the apparent random occurance of 0.0.0.0 bans...

Mine is not random... It happens every time I try to ban anything from 190 and up on the prefix number...

I'm using :
MySQL Version 5.0.77-community
PHP 5.2.5
Web Server Apache v1.3.41 (cgi)

I hope there is a way to fix this as the spammers and hackers are driving me nuts...

Thanks,
kapii
:eek:

Hello!
I just remove UNSIGNED attribute in table and now everything is OK

The same problem with 0.0.0.0

Please try
array('ip'=>'194.158.64.0','cidr'=>'19','description'=>'Country'),
array('ip'=>'217.147.112.0','cidr'=>'20','description'=>'Country'),

You will see 0 in 'ip' column in "ipban"-table

'ip'-column has attribute 'UNSIGNED'
I've changed attribute. Set it empty. Now in db:
194.158.64.0 -> -1029816320
217.147.112.0 -> -644648960

But in admin panel "List IP Bans" this ip-addresses are not shown.
Thanks for this information, its very useful.

An ip address should be an unsigned int, however it would seem that some versions of php return a signed int instead hence the problem. I'll see if theres a better fix for this tommorow, however if not, changing the mysql field to signed will probably solve it.

But in admin panel "List IP Bans" this ip-addresses are not shown
That was because I loaded ip-addresses with userid=-1.
And in admin panel I can see only addresses loaded by myself.
So it's OK now.

ipbans made by a userid not found in the user table will not be shown, this was by design.

I have found a nicer fix for the -ve values returned by long2ip; it will be appended to the first post shortly

just updated but still having the same issue. when i add an ip to ban it gets written to the DB but does not dispaly when I click "list IP bans"

What userid is listed alongside the ban?

I have installed this plugin on a vbulletin 3.8.3 forum, but I'm having a bit of trouble. The install went fine, and I can add new IPs to the ban list, but I cannot list current bans.

Whenever I click on "List IP Bans", I am met with an empty table and this error message:

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in [path]/admincp/ipbans.php on line 36

Any ideas?

That suggests a mysql error in the preceeding query.

What version of mysql are you using?

That suggests a mysql error in the preceeding query.

What version of mysql are you using?

5.0.51a

For those who cannot see added bans, check if mysqli is running.
I was playing around with it a few days ago and left it enabled, yesterday
i saw that all saved ipbans were gone (not showing in list).

it took me quiet some time to find out that

config.php
$config['Database']['dbtype'] = 'mysqli';

caused it..

$config['Database']['dbtype'] = 'mysql';

.. and everything is fine

.

that fixed the vanishing IPs and the "Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in [path]/diaf/ipbans.php on line 36" error.

Its a pity because mysqli is the preferred and more efficient way to call in php 5x

For those running mySQLi - here's the fix

in ipbans.php

find
while ($row = mysql_fetch_array($q))

replace
while ($row = mysqli_fetch_array($q))

.. thanks for the pointer, gmerin

I should probably change that to use $db->fetch_array() will fix in the next version. (probably the vb4 compatible version)

My board has a very long list of banned ip's and we are interested in banning ranges of ip's.

I don't understand how CIDR improves upon just using the * wild card in a banned ip. e.g. 221.222.* or 221.222.0.0/16 look the same to me. Am I missing something?

We would like to be able to ban something like 221.222.131-255.* or even 221.222.131-155.*. I don't see any notation that supports this.

Currently I keep the bans in a spreadsheet so I can sort and annotate them. I then just copy the ip column into the ban list in AdminCp.

Maybe if I get used to the notation, I can figure out how to take out a large range and add back in the pieces that are OK to get to the examples above.

I wonder if there is a calculator somewhere that converts the kind of range I listed above to a set of CIDR's.

I will def install if you can add an option to ban from within posts and profiles. Cause searching for a user and then finding their IP is a pain in the butt.

I will def install if you can add an option to ban from within posts and profiles. Cause searching for a user and then finding their IP is a pain in the butt.

When looking at your home page... replace index.php with online.php and you can see the ip addresses quite quick that way.

My request is this...if possible.

I have some super mods that I would like to give the ability to. I want to avoid making them admins but ip banning is a feature they need. Is there someway to allow this?

I have tried to give them minimal admin permissions as a secondary group and turned on Can Administer Ipbans to yes but still nothing on their admin cp

Feature Requests:
Allow banned IPs to see how long they are banned for.
Add an option to ban from within posts and profiles. Cause searching for a user and then finding their IP is a pain in the butt.

I don't understand how CIDR improves upon just using the * wild card in a banned ip. e.g. 221.222.* or 221.222.0.0/16 look the same to me. Am I missing something?


yes. You don't have to use just /16 /24 /8 and /32 you could for example use /28 which would ban a range of 16 ips

We would like to be able to ban something like 221.222.131-255.* or even 221.222.131-155.*. I don't see any notation that supports this.

CIDRs aren't perfect, but the following ban 221.222.131.0/19 hits 221.222.128.0 - 221.222.159.255 You could leave it at that or add an exempt for 221.222.128.0/23 and 221.222.130.0/24 to protect the lower end and an exempt for 221.222.156.0/22 to protect the upper end.


I wonder if there is a calculator somewhere that converts the kind of range I listed above to a set of CIDR's.


The latest (vb 4 version) of this mod includes a calculator that goes from CIDR notation to range notation; in theory, if you upload the contents of the uploads folder to your 3.8 install, it should provide the extra features. (Don't import the vb4 product thou, as the mod will cease to work) I'll see how hard it would be to write a calculator to go the other way.


Allow banned IPs to see how long they are banned for.


This might be possible by just editing the phrase... I'll look into it.


Add an option to ban from within posts and profiles. Cause searching for a user and then finding their IP is a pain in the butt.


Its already on the planned feature list to allow banning from the delete as spam page; I see no reason not to include this; however the ip's will probably not be very efficiently banned. (eg it'll have to add a /32 ban for each and every ip the user uses. Trying to automatically work out a range would be VERY error prone.)

Sorry if I'm dense, but can this mod simply ban the IP address by clicking the IP address icon in the user postbit and making a selection from their? Seems like low-hanging fruit to add this feature from the beginning.

Thanks!

i'm afraid that isn't possible, but you are right, it is a fairly low hanging fruit. It'll probably be added along with the other front end integrations that i've got planned; however development time is currently going into the vb4 version of this mod; so I don't know how long it'll be until the new features i've added to that get into this version.

I've added several IPs but just noticed that in the IP ban manager page the list of IPs is all 0s

Is there a fix for this?
If you could email an answer as I'll find it hard to keep an eye on this; hallamwarriors(at)gmail.com
thanks

i have banned someone`s ip but i didnt ban him on the forum so he ca still come and post

what settings did you use for the ban?

this mod dosn't ban user accounts associated with a ban; only blocks that ip from accessing the site. If its the only ip the user uses, then they won't be able to post, if they have several ips then yes, they will still be able to post.

A handy little mod, had to tweak ipbans.php for mySWLi but besides that a pretty smooth install.

One issue I am having though is enabling the registration option doesn't work, the registration field in the IP ban list stays at "No" and still functions as a blanket ban for anyone in the specified IP range.

I can manually issue a SQL query to set the "registration" value to 1 which causes the Reg ban to function and sets "No" to "Yes" in the ipban list although I'd prefer avoiding that extra step every time I ban a range of spambots.

(vBulletin 3.8.4 Patch Level 2)

I really need this mod but for some reason it doesn't work for me or maybe it does but I don't understand it.

If I add the IP address:184.11.244.2

It bans the IP address: 126.255.255.255

Why is that?

(I altered those IP addresses just a little)

Thanks for this wonderful add-on.

A quickquestion if I may - what does a person from a blocked IP see? do they just get a "cannot display this page" type error or do they actually see the "Reason" if one is entered in admincp ?

Also, one suggestion for future versions - a feature enabling banning of a whole country using a two letter code (e.g PK)

I use a firewall (CSF) on our cpanel server which includes this feature, although it applies to all sites across the server which often isn't desireable.

Last but not least, I find this site really useful for finding CIDR ranges - http://software77.net/geo-ip/ (I am not associated with the site in any way, I just use it).

A handy little mod, had to tweak ipbans.php for mySWLi but besides that a pretty smooth install.

One issue I am having though is enabling the registration option doesn't work, the registration field in the IP ban list stays at "No" and still functions as a blanket ban for anyone in the specified IP range.

I can manually issue a SQL query to set the "registration" value to 1 which causes the Reg ban to function and sets "No" to "Yes" in the ipban list although I'd prefer avoiding that extra step every time I ban a range of spambots.

(vBulletin 3.8.4 Patch Level 2)

Same problem here. Can you tell me the sql query you use to change it?

never mind i figured it out
update ipban set registration = 1