Latest TweetsDifference between mod_alias and mod_rewrite perishablepress.com/difference…
Perishable Press

Block Multiple IP Addresses with PHP

[ Screenshot: The Legion of Doom ] Let’s face it. There’s just as much scum on the Internet as there is out there in the “real world.” Maybe even more, who knows. From scammers and spammers to scrapers and crackers, the Web is just crawling with all sorts of pathetic scumbags. As predictably random as much of the malicious activity happens to be, it is virtually guaranteed that you will be hounded by at least a few persistent IP addresses that, for whatever reason, have latched on and just won’t let go. Like evil parasites, they plague you night and day, haunting you and making your online life a living hell. Perhaps they leave endless spam comments; perhaps they are just mindless trolls giving you grief; or perhaps they continue to take flying stabs at the security of your website. Whatever the behavior, once you have determined that you need to block a collection of bad IPs, you have many ways to get the job done. Here is a simple way to blacklist multiple IP addresses with a little PHP magic..

Throw Down

Edit the following code with your blacklisted IPs and drop into the page or header file of your choice to enjoy immediate relief from relentless scumbags:

<?php $blacklist = array("123.456.789", "456.789.123", "789.123.456");

if(in_array($_SERVER['REMOTE_ADDR'], $blacklist)) {

	header("Location: http://domain.tld/path/custom.php");

	exit();

} ?>

Recap: edit the IPs in the first line to suit your needs. You will also want to edit the header path in the third line to reflect the location of your “special message” for the blocked IPs. This may be anything you wish: warm greetings, pictures of your bum, or even a virus unleashing the black death upon them. Whatever you do, have fun and be safe! ;) Alternately, if you don’t feel like taking the time to craft a loving page for your blocked frenz, replace the header URL in the third line with the viciously disturbing site of your choice. There are many great sites out there to choose from — so be creative!

Lastly, after you have carefully edited the PHP blacklist script according to your needs, place it into the top of your header.php file or web pages of your choice. Any page featuring this code will be inaccessible to the IP addresses blacklisted in the first line. So grab, gulp, and go! This code will keep those nasty chimps far away from your precious pages! ;)

Jeff Starr
About the Author Jeff Starr = Web Developer. Security Specialist. WordPress Buff.
Archives
26 responses
  1. Thanks for the great post! I’ve been using a massive .htaccess file to block everything thing from ‘nasty’ bots to hackers, etc.. (I’m using a scripted errora page that notifies me of any 404/403/500 errors so we can correct them, etc. Great for those old pages you may have missed redirecting that someone is trying to get at or a search engine is seeking… and this shows me who is trying to access what – like some yahoo overseas trying to access phpmyadmin!).

    But, after much trial and error, it seems to be catching some friendly IPs as well.. so, since the site is small, I implemented a pure PHP script that seems to be working great.. although only on the IPs, I haven’t implemented the bots yet. If you have any thoughts on implementing the bot detection through PHP, please let me know ;)

    Here it is, in case you want to take a look:
    http://pastebin.com/f126c494c

    As you can see from the script, I’m sending them to a nice, action packed page (be fore warned if you click the link, it’ll crack you up – family friendly though!)

    Cheers and thanks again for the great posts…

  2. Jeff Starr

    Awesome stuff, Revive – thanks for sharing. I’m going to check it out the next time I am working with my blacklists. Do you mind if I post an article on my findings, perhaps sharing the script with others in tutorial format?

  3. Hey Jeff,

    Absolutely ! Share anything you need.. everything I’ve learned has been gleaned from someone,.. and no knowledge is good knowledge unless it’s shared :D

    Looking forward to seeing what you put together.. always learn a lot from your articles !
    Thanks again for the consideration and compliments..

  4. Hey Jeff,
    Wasn’t sure if you had made any headway in adding the ‘bots’ to this blocking script..
    I’ve got a good ‘list’ of bots I block when using htaccess, but I haven’t yet implemented them into the php script. Here’s the list I has so far (formatted for htaccess:

    http://pastebin.com/f16180dd0

    Cheers and looking forward to your post on this ;)

    (Been too long that I’ve not kept up on my regular web readings, yours included,.. so getting back in the swing of things!)

  5. Hello from Germany! May i quote a post a translated part of your blog with a link to you? I’ve tried to contact you for the topic Block Multiple IP Addresses with PHP – Perishable Press, but i got no answer, please reply when you have a moment, thanks, Spruch

  6. Jeff Starr

    @Spruch: Certainly, help yourself. I appreciate the link :)

    If you could send the URL for your page, that would be awesome.

    Thanks,
    – Jeff

  7. Hi Jeff,

    Thanks for the code, it’s great stuff! I am trying to implement something that records IPs to a text log file, then blocks them if they try to perform a function on my site (like entering a comment in comment box) a second time within a certain timeframe. Would you know of a fast way to achieve time-limited blocking?

    Thanks.

    Best wishes,

    Mikey

  8. Bao Nguyen July 18, 2011 @ 10:24 pm

    Hi,

    Thanks for the great info. In fact what I want is a php script that do the redirection based on “range of IP”, say a subset of 123.4.x.y for example.

    With this aim, I have managed to have the script that does what I want. Here is the script:

    //////////nttranbao - redirect to URLabc if remote IP is not within range 192.168

    $allow = array("192.168.0.", "123.4.");
    $i=0;
    $remote_addr = $_SERVER['REMOTE_ADDR'];
    $allow_count = count($allow);
    while ((strpos($remote_addr, $allow[$i])=== false) &amp;&amp; ($i&lt;$allow_count)) {
         $i++;
    }

    if ($i === $allow_count) {// remote IP NOT found in allowed list
         header("location:URLabc);
         exit();
    }

    Regards,
    Bao

  9. Bryan Nelson February 5, 2012 @ 3:10 pm

    Thanks for providing this code. I wanted to know Is there a way to block all ips except few. Do I have to write long array to achieve that? Please help

  10. @Bryan Nelson –

    Just put the IP addresses you want in an array then run the same check as above essentially as:

    $goodips = array('192.168.0.1','192.168.0.2');

    if(!in_array($ipofvisitor, $goodips)) {
       //send the visitor an error message or new header location
    }

  11. nice way of blocking IP addresses, easily understandable and helped me a lot
    thanks for sharing

  12. Pol smythe May 30, 2012 @ 4:04 am

    Very nice way of blocking addresses. Just getting a bit concerned my blocking list is getting big.

    Is there anyway to block entire subnets? Say block the entire 24. range, but still allow somebody on 1.24.1.1 through?

    My understanding is the array compare will flag the 2 above as failures. Ideally I want a “Left” array compare

[ Comments are closed for this post ]