Is it possible to block an IP address range?
I keep getting comment spam from 81.177.38.0/24 and 81.177.15.0/24

Is there an easy way to do a "blanket" block for these subnets, instead of manually adding the IPs one by one? If so, how/where?
If not... Can we reassign this as a feature request.

Thanks
jacauc

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

anonymous@temporaryinbox.com’s picture

Version: 5.x-1.1 » 4.6.x-1.x-dev
Component: Miscellaneous » Code
FileSize
884 bytes

Hi there!

I was missing this feature too. So I played a little with the PHP code (Troll Module for Drupal 4.6!) and it seems to work that way. Now I can simply add a shortened IP address to the ip ban table like "81.177.38" or "81.177.15". Note the IP address may not end with a dot!
The user account I'm currently using here at drupal.org isn't my own; I simply took one from bugmenot.com - hope thats okay! I've attached a patch file and you can find a diff at http://www.pastebin.ca/463277.

Regards
FrankZabbath (http://bembelbee.wordpress.com/)

anonymous@temporaryinbox.com’s picture

Doh! I swapped the original and modified versions in my diff/patch. Here is the right one.

Regards
FrankZabbath (http://bembelbee.wordpress.com/)

jacauc’s picture

Version: 4.6.x-1.x-dev » 5.x-1.x-dev

Thanks!
Unfortunately I am not a coder, so I would not even know where to start to convert this patch to a drupal 5 compatible patch.
Would someone be so friendly as to submitting a D5.1 patch please

thanks again
jacauc

jaydub’s picture

Status: Active » Needs review
FileSize
6.01 KB

I've rewritten to allow for setting an IP block as _either_ a whitelist or a blacklist.

Basically I just took the code already used to create whitelist IP blocks and generalized it to be used
for either white or blacklists.

See attached patch.

deekayen’s picture

Version: 5.x-1.x-dev » 6.x-1.x-dev
Status: Needs review » Fixed

I didn't use the patch, but I am adding a textarea to import IP blocks through a textarea.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

AppleBag’s picture

Was this ever added to the release? I have the latest 5.x version and just tried to add 208.53.133 to the IP blocking, and it just gave me an error saying invalid IP. I'm trying to block an anon proxy service who's IP always changes at the last octet. Not quite clear on how to use the blacklist to manually insert one range?

also, is it possible to use troll to automatically detect and block ALL proxies?

TIA

Francewhoa’s picture

Status: Closed (fixed) » Active

@deekayen & all: Could you confirm if the below steps are correct? If yes I'll add a new section to Troll INSTALL.txt file.
--------------------------------------------------------------------------------
Steps to block an IP address range.

  1. Navigate to admin/user/troll/ip_blacklist/import
  2. Into the field 'List:' type in all the IP address you want to block.
    One IP per line.
    The IP's format must be *.*.*.*/32
    Replace * by a number. You must add /32 at the end of each IP. Do not change this number.
    For example if I want to block all IP range from 204.11.52.0 to 204.11.52.255 then the list would be 256 lines long.
    204.11.52.0/32
    204.11.52.1/32
    204.11.52.2/32
    204.11.52.3/32
    [and so on until the below last line]
    204.11.52.255/32
  3. To view the full list of blacklisted IPs navigate to admin/user/troll/ip_blacklist/search

--------------------------------------------------------------------------------

Is there an easier way than type in 255 lines of IPs? Like Token support? Anything else?

greywolfsspirit’s picture

Has there been any patch for the current 6.x-1.x.dev version to allow the blocking of ip ranges yet? Like found in message #4?

Francewhoa’s picture

Title: Block an IP address range » Simplify blocking IP address range
Category: support » feature

Not that I know of. It's currently possible but you have to manually type in all lines. For example type in all 255 lines of IPs you want to block.

Changing to category to feature request. As this would be a new feature. Or simplification of an already existing feature. Any volunteer for a patch? I would be happy to contribute testing.

Francewhoa’s picture

Find below mockup to clarify expected result. What do you think? Is it easier to use? If not any easier idea?

Notice that for this to work I removed the red stars. So no field is mandatory.

greywolfsspirit’s picture

That looks like it would be easier...

Quick question.. what is the difference between ip ban ad blacklist? Sounds like they are both the same function.. How do you know which one to use? Sorry if this sounds dumb, just woke up and haven't had my 2nd cup of coffee yet.

deekayen’s picture

IP bans are just that, a list of IPs. The blacklisting works with realtime blacklist services to work against other lists of IPs similar to how mail servers do.

Francewhoa’s picture

deekayen is correct. They both have the same end result but they go there using different ways. They both have their use though. In my case I use blacklisting to automatically blacklist IPs listed in trusted blacklist servers. Then on top of that I use IP ban to manually block users with bad behaviours.

Francewhoa’s picture

Following my mockup in comment #11. There is similar code already existing under admin/user/troll/ip_blacklist/whitelist Maybe part of this code could be re-use for blocking IP range.

greywolfsspirit’s picture

okay that makes more sense.. thanks for the feedback on this.. So basically, just install the blacklists, then add suspicious or problem children in the ip ban section.. got it. Now to figure out how to solve the 404 error im getting when using 404 for all pages, even when using customerror module..get lots of php error log notices when trying to use this option.. so went and using the redirect to commonerror/403 instead.

greywolfsspirit’s picture

just discovered.. if you want to block a range of ips, say, 67.218.116.0 through 67.218.116.255, when you enter the blacklist info, instead of /32, use /24

info located at: http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing

Just thought I would share this in case it may help you.

Francewhoa’s picture

Thanks for sharing #17 greywolfsspirit :)

greywolfsspirit could you confirm if the below 3 steps are correct? If yes I'll add a new section to Troll INSTALL.txt file.
--------------------------------------------------------------------------------
Steps to block an IP address range.

  1. Navigate to admin/user/troll/ip_blacklist/import
  2. Into the field 'List:' type in the start of IP range to block.
    For example if you want to block 172.16.254.0 through 172.16.254.255 then type in 172.16.254.0/24
  3. To view the full list of blacklisted IPs navigate to admin/user/troll/ip_blacklist/search

--------------------------------------------------------------------------------

greywolfsspirit’s picture

That's exactly what I did..

Because then they make the blacklists in CIDR format, China/Korea I think it is (off top of my head), their texts show with a different /## than the 32..
So, when I looked the WIKI up and found the chart, I tried the /24 on a single ip, and it shows the range: x.x.x.0 - x.x.x.255 (if your last digit was a '0' that you entered of course.)

But, as you asked in step 2: the /24 DOES indeed do the 256 address locations.

then in step 3: you do the search, and enter any ip in that range, and it shows as blacklisted.

Francewhoa’s picture

Thanks greywolfsspirit :) I'll update the INSTALL.txt file or README.txt file something like that.

I'm leaving this issue active because solution in comment #11 is for advanced admins. This feature request is for a simplify way for blocking IP address range. That beginner admins could use. See comment #11 to clarify.

Francewhoa’s picture

I have updated the README.txt file at http://drupal.org/node/789550#comment-2926148 Thanks again greywolfsspirit.

greywolfsspirit’s picture

I would like the block ip modification set up like the whitelist/black list abilties though.. where we can enter a range of ip's to block.. I mean, yeah, I can always go under users/access rules and block them there.. just would have been nice to have all the routines working in the same module.

With user/access rules, we can actually enter a % key for the ip address settings.. ie: 66.249.%.% to block 66.249.0.0 - 66.249.255.255

having issues with users accessing my files section anonymously, without logging in, even though the file system is set to private, and access to the file browser is not given to anonymous users.. in the access log, I see their activity getting an http code 302 or 304.. instead of 403 or 404s.. so.. just trying to batten down the hatches a bit more.

Francewhoa’s picture

Another advantage of mockup in comment #11 is that user could block an IP address range and set an expiration date on it. To clarify see mockup in #11 the bottom section title 'Expires'. For example I found useful to set a 30 days expire date on a block to give a warning to a troublesome user. Once the block expired it gives them a chance to change their behaviour. If they choose to not change their behaviour I then set a permanent IP address block. Would be great to be able to do that with IP address range.

mantish’s picture

Version: 6.x-1.x-dev » 7.x-1.x-dev
Issue summary: View changes
Status: Active » Needs review
FileSize
11.53 KB

This patch adds the ability to add ranges from troll IP ban page (admin/people/troll/ip_ban). You can also add wild-cards for the IP addresses e.g- 106.51.*.*

Please note that before you make any changes to the code base to update the module follow the below instructions.
1. Go to troll settings page(admin/people/troll/settings)
2. Check 'Disable banning by IP address'
3. Click 'Save Configurations'
or
Instead of the above three steps, simply run the following drush command
drush vset troll_enable_ip_ban 0
4. Apply the patch
5. Update drupal by running /update.php or run the command drush updb
6. Go back to troll settings page(admin/people/troll/settings) and 'Enable banning by IP address'
or run the following drush command
drush vset troll_enable_ip_ban 1

Francewhoa’s picture

Thank you mantish :)

I would love to review but I'm currently full. Any volunteer to review that patch?

alansaviolobo’s picture

Status: Needs review » Needs work

One issue here is
applying the patch when the module is enabled causes sql query failures while accessing admin as well as running drush updb.

alansaviolobo’s picture

my bad: I didn't read the instructions to apply the patch.

The update instructions however wont work too well with the d.o module update release cycle.
If the patch is accepted and a new version is released, updating the site with a "drush up" will fail.