Mobile app version of vmapp.org
Login or Join
Eichhorn148

: How to block entire IPs of a VPN server by IP I have website that identifies users only by their IPs. That makes it very difficult to keep it secure against unwanted users/attackers. They

@Eichhorn148

Posted in: #IpAddress #Security #Vpn

I have website that identifies users only by their IPs. That makes it very difficult to keep it secure against unwanted users/attackers. They can simply change their IP by using VPN services that provides them numerous variety of IPs. So what I want is to not just blocking one IP but entire IPs under subnets of a VPN service, once attacker used one of them.

10.02% popularity Vote Up Vote Down


Login to follow query

More posts by @Eichhorn148

2 Comments

Sorted by latest first Latest Oldest Best

 

@Candy875

You can put this script into you're .htaccess file on root directory of you're website:


## block IP access ##
order allow,deny
deny from 81.17.31.162
deny from 81.17.31.164
allow from all
## block IP access ##


In this case make all IP Address unless 81.17.31.162 and 81.17.31.164 to access you're website

10% popularity Vote Up Vote Down


 

@Sherry384

As it so happens, I was writing a script to allow people to enter an IP address notation and get an .htaccess regex to block the IP address and IP address block. Much of the code was borrowed from other places and the script has to be secured so it is not ready for prime-time. I scrambled to cobble the code together to try and help you.

If I got it right, the following will help.

RewriteCond %{REMOTE_ADDR} ^81.17.31.162$ [NC]
RewriteRule .* - [F,L]

RewriteCond %{REMOTE_ADDR} ^81.17.31.163$ [NC]
RewriteRule .* - [F,L]

RewriteCond %{REMOTE_ADDR} ^81.17.31.164$ [NC]
RewriteRule .* - [F,L]

RewriteCond %{REMOTE_ADDR} ^84.200.68.66$ [NC]
RewriteRule .* - [F,L]

RewriteCond %{REMOTE_ADDR} ^84.200.68.69$ [NC]
RewriteRule .* - [F,L]

RewriteCond %{REMOTE_ADDR} ^81.17.(0*[1-3]*[6-1]*).([0-2]*[0-5]*[0-5]*)$ [NC]
RewriteRule .* - [F,L]

RewriteCond %{REMOTE_ADDR} ^84.(2*0*[0-1]*).(0*[0-6]*[0-3]*).([0-2]*[0-5]*[0-5]*)$ [NC]
RewriteRule .* - [F,L]


Pay particular attention the the last two RewriteCond and test them to make sure I got it right. (I am fairly sure I did.) If they do not work, let me know and I will try again. They are intended to block the IP address blocks you provided according to the IP address assignments I have in my GEOAS database.

And yes! Before people begin to scream, there are better regex's for this- but this is the best I found for my automation work.

As far as I know there are no tools for automatically blocking IP address blocks. I could be wrong. You may want to check out Mod_Security for Apache/Windows which may do a lot for you automatically. It appears to amongst the best. There are other tools. I have not researched this recently so I won't try and comment.

Again, let me know if I got the regex right. I am creating an HTML form based tool for everyone who wants to block IP addresses and IP address blocks. This will help others.

BTW- I also agree that generally, you do not want to block whole IP address blocks. I do understand your concerns. I have automation that allows me to dynamically block IP addresses and follow abusers around my site and stop them cold. But this too is a work in progress and I am busy writing several patents that I will share later. I do this for the security research I am doing so I cannot give away the store just yet. Just know it will be showing up in various tools eventually.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme