Tilted Forum Project Discussion Community  

Go Back   Tilted Forum Project Discussion Community > Interests > Tilted Technology


 
 
LinkBack Thread Tools
Old 04-19-2009, 08:02 AM   #1 (permalink)
Husband of Seamaiden
 
Lucifer's Avatar
 
Location: Nova Scotia
IP Blocking

I just learned how to do this, and I'm so pleased with myself that I thought I would share for all.

A little backstory: I discovered the other day that my fiancee's ex (in the immortal words of Al Pacino, "a large-type asshole") had visited our wedding website. I decided to try to block any future access of his, and stumbled across this elegant solution.

Notice, this needs an Apache server to work:

Create a file in your site root called .htaccess and in it place the following code:

order allow,deny
deny from 192.168.44.201
deny from 224.39.163.12
deny from 172.16.7.92
allow from all

The example above shows how to block 3 different IP addresses. Sometimes you might want to block a whole range of IP addresses:

order allow,deny
deny from 192.168.
deny from 10.0.0.
allow from all

The above code will block any IP address starting with "192.168." or "10.0.0." from accessing your site.

Finally, here's the code to block any specific ISP from getting access:

order allow,deny
deny from some-evil-isp.com
deny from subdomain.another-evil-isp.com
allow from all


so I blocked his home ip address, his company ip address, and just for good measure, I blocked his entire ISP from accessing the site.
__________________
I am a brother to dragons, and a companion to owls.
- Job 30:29

1123, 6536, 5321
Lucifer is offline  
Old 04-19-2009, 01:56 PM   #2 (permalink)
Sauce Puppet
 
kurty[B]'s Avatar
 
If using IIS on Windows you can go to the Directory Security tab under Properties of your domain. And select Deny Access and specify the IPs or domain names that you want to block also.

Good post Lucifer. Its an easy thing to do, but often overlooked.

One note, just make sure you enter the information correctly. I don't know how many times I've had to go digging through access lists and records to find out that one number was off, or a period was in the wrong spot which denied the wrong people from accessing the site.
__________________
In the Absence of Information People Make Things Up.
kurty[B] is offline  
Old 04-25-2009, 11:27 AM   #3 (permalink)
Psycho
 
Location: North America
I still don't see the reason to need to block it

That and IP blocks don't really work in this day and age where internet access is abundant and blocking single IP address is futile when the person your blocking has a dynamic IP address.

.htaccess works on apache WHEN enabled, which is not always the case. On IIS I dunno if it works at all since htaccess is an apache thing.

Yet again I don't see the issue with one person seeing some photos.
catback is offline  
Old 04-25-2009, 01:13 PM   #4 (permalink)
Young Crumudgeon
 
Martian's Avatar
 
Location: Canada
Network security is a key issue for many people. This falls under that umbrella.

I'll keep my snide opinions about IIS to myself and just point out that (as the OP noted) this can be used to block IP ranges as well as individual addresses, which counters the whole dynamic IP thing.
__________________
I wake up in the morning more tired than before I slept
I get through cryin' and I'm sadder than before I wept
I get through thinkin' now, and the thoughts have left my head
I get through speakin' and I can't remember, not a word that I said

- Ben Harper, Show Me A Little Shame
Martian is offline  
Old 04-25-2009, 06:41 PM   #5 (permalink)
Currently sour but formerly Dlishs
 
dlish's Avatar
 
Super Moderator
Location: Australia/UAE
i know this sounds stupid, but why not juts put a password on your wedding photos website?

and how did you know he visited the website in the first place?
__________________
An injustice anywhere, is an injustice everywhere

I always sign my facebook comments with ()()===========(}. Does that make me gay?
- Filthy
dlish is offline  
Old 04-25-2009, 08:40 PM   #6 (permalink)
Crazy
 
Seems like every time I do an IP check on myself, it's different and lists me in a different (local) town. (I'm on DSL btw)
denton is offline  
Old 04-26-2009, 03:27 AM   #7 (permalink)
Husband of Seamaiden
 
Lucifer's Avatar
 
Location: Nova Scotia
Quote:
Originally Posted by dlish View Post
i know this sounds stupid, but why not juts put a password on your wedding photos website?

and how did you know he visited the website in the first place?
Well, it may come to that eventually, but at the moment, the block seems to be working. I know he visited because the counter script I've got on the site picked up his ip address (he lives in another province - he's the only one we know that lives there) once from his home (I'm assuming - which is why I blocked his whole ISP) and a few more times from his company, whose gateway I've also blocked.
__________________
I am a brother to dragons, and a companion to owls.
- Job 30:29

1123, 6536, 5321
Lucifer is offline  
Old 04-27-2009, 02:32 PM   #8 (permalink)
Psycho
 
Location: North America
Quote:
Originally Posted by Martian View Post
Network security is a key issue for many people. This falls under that umbrella.

I'll keep my snide opinions about IIS to myself and just point out that (as the OP noted) this can be used to block IP ranges as well as individual addresses, which counters the whole dynamic IP thing.
You'd think but some isp's have multiple classes that they allot in and a certain block may end up too narrow. It also doesn't address the wide availability of access to the net unless he's living in historical times where he can ONLY access the net at work or home. Personally I can access the net at home, work, any mcdonalds, any coffee shop, at the book store, at other peoples unsecured wi-fi, and other places without even resorting to friends and the IP will be different at all of them, on different blocks as well. IF and this is a BIG IF I was blocked by IP I can always proxy my way through.

Quote:
Originally Posted by Lucifer View Post
Well, it may come to that eventually, but at the moment, the block seems to be working. I know he visited because the counter script I've got on the site picked up his ip address (he lives in another province - he's the only one we know that lives there) once from his home (I'm assuming - which is why I blocked his whole ISP) and a few more times from his company, whose gateway I've also blocked.
A password would be best if you want to keep people out, IP blocks just aren't effective unless your trying to block everyone and only allow a particular range of addresses. The next time he visits you probably won't/didn't even know it. Again I reiterate why the need to block wedding photos from someone your SO knew? Jealousy of some sorta? From my experience, jealous partners don't last.
catback is offline  
Old 04-27-2009, 04:53 PM   #9 (permalink)
Young Crumudgeon
 
Martian's Avatar
 
Location: Canada
Quote:
Originally Posted by catback View Post
You'd think but some isp's have multiple classes that they allot in and a certain block may end up too narrow. It also doesn't address the wide availability of access to the net unless he's living in historical times where he can ONLY access the net at work or home. Personally I can access the net at home, work, any mcdonalds, any coffee shop, at the book store, at other peoples unsecured wi-fi, and other places without even resorting to friends and the IP will be different at all of them, on different blocks as well. IF and this is a BIG IF I was blocked by IP I can always proxy my way through.
Actually, nobody has any classes for anything. That's the whole point of CIDR.

Regarding the rest, any security measure can be circumvented by someone who has the necessary knowledge and determination. Doesn't make such measures useless. Security could more properly be deemed to be the practice of making access too difficult to be worth the reward.

Barring a creepy stalker scenario, I can't imagine his wife's ex is so determined to see a bunch of wedding photos that he'd go through the effort of accessing the site via a random wireless AP. Aside from that, there's no practical way to prevent that while keeping the site easy for the intended userbase to access.

Ultimately, the only foolproof security measure on the internet is to not put anything you don't want anyone to have access to online. However, that doesn't negate the usefulness of simple tricks like this one.
__________________
I wake up in the morning more tired than before I slept
I get through cryin' and I'm sadder than before I wept
I get through thinkin' now, and the thoughts have left my head
I get through speakin' and I can't remember, not a word that I said

- Ben Harper, Show Me A Little Shame
Martian is offline  
Old 05-23-2009, 06:00 PM   #10 (permalink)
Psycho
 
Location: North America
Quote:
Originally Posted by Martian View Post
Actually, nobody has any classes for anything. That's the whole point of CIDR.

Regarding the rest, any security measure can be circumvented by someone who has the necessary knowledge and determination. Doesn't make such measures useless. Security could more properly be deemed to be the practice of making access too difficult to be worth the reward.

Barring a creepy stalker scenario, I can't imagine his wife's ex is so determined to see a bunch of wedding photos that he'd go through the effort of accessing the site via a random wireless AP. Aside from that, there's no practical way to prevent that while keeping the site easy for the intended userbase to access.

Ultimately, the only foolproof security measure on the internet is to not put anything you don't want anyone to have access to online. However, that doesn't negate the usefulness of simple tricks like this one.
Actually there are corporations that have classes alotted to them, CIDR just allows them to divvy things more precisely than a class A, B, or C.

Yes the best security would be a complete lockdown where the permitted user would go though hell just to get access but IP blocking is false security. The disallowed party doesn't even have to attempt to circumvent security if he on a whim decides to check the page while visiting one of hundreds of possible internet access points. Really how secure is your house when you deadbolt and chain the front door but leave your side door wide open?

I'm not here to decide what others have to do for security but I'll just say this, you can lock the page down like fort knox, you can even remove the pictures and burn them but he already (supposedly) went to the site and saw the wedding photos so unless your having more weddings it's all really futile.
catback is offline  
Old 05-23-2009, 06:07 PM   #11 (permalink)
Junkie
 
Jozrael's Avatar
 
Has there been any mention of forging IP addresses and/or concealing them with proxies or other methods here?
Jozrael is offline  
Old 05-23-2009, 06:39 PM   #12 (permalink)
/nɑndəsˈkrɪpt/
 
Prince's Avatar
 
Location: LV-426
Can't you bypass that easily by using a proxy? If he knows his ass from his elbows he shouldn't have much trouble seeing those pics if he wants to. Regardless I do appreciate the tip, may come in handy sometime.
__________________
Who is John Galt?
Prince is offline  
 

Tags
blocking


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -8. The time now is 10:59 PM.

Tilted Forum Project

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0 PL2
© 2002-2012 Tilted Forum Project

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76