As part of my online contact form I grabbed some pieces of code from various places for a number of purposes like string validation and IP blocking.

It's with the IP blocking that I hope I can get some help. Unfortunately I can't remember where I lifted important bits of this section from, so the first step is trying to understand the complete effect of the preg_split.

Currently I can have a list of IPs to block, comma delimited. I would very much like to enhance this to support specifying a range of IPs as well.

The last three attempted attacks on my contact form have all come from 81.177.*.* - today's specifically from 81.177.14.19

I want to block out all of 81.177.x.x and would be happy to specify that as 81.177.0.0 to 81.177.255.255

So who can help out in this effort? Below is the code I have now which contains 2 IPs. IPs are read from a data file and are declared in a 'blockIPs' var like so

Code:

---

blockIPs: 81.177.38.2, 81.177.14.19

---

Code:

---

	$IPsToBlock = preg_split('/,\\s*/',$contactDataFile['blockIPs']);

	foreach ($IPsToBlock as $ip)
	{
		if($_SERVER['REMOTE_ADDR'] == $ip) {
			include ("contact_header.php");
			print "<h1>We're sorry...</h1>";
			print "<p>This page has been configured to disallow submissions from the IP address $ip,
				from which you appear to be submitting.</p>
				<p>If this is incorrect, please contact us via the message forum linked above.</p>";
			die( include ("contact_footer.php") );
		}
	}

---

preg_split is a regex function that splits a string - in your case a comma.

You could substitute regular expressions for the ips and iterate through them using the same loop, but instead of:

if($_SERVER['REMOTE_ADDR'] == $ip) {

replace that if statement with a regex compare.

81.177.x.x would be 81\.177\..*

Block them with a firewall rather than trying to do it after they've already gotten to your web server (??).

Thanks Mark, blocking out the range in htaccess would be a lot faster than customizing the script. Don't know why I didn't think of that. Maybe because I was just thinking of the satisfaction of having them think their attempt was going to work only to be denied when they got to the page.

I think I'm going to give it a few weeks to see if I get any mroe hits after blocking out that one new additional IP. A company in Russia own the whole from 81.177.14.x - 81.177.15.255 - I'm sure they're a hosting company so I don't want to block out everything right now. It may be only a couple that are being misused.