IP Ranges blocking for voices.occupyboston.org
Jump to navigation
Jump to search
I've installed the ip_ranges module on voices.occupyboston.org. We keep getting these spam posts from Raul\d+, originating from a set of Chinese IP Addresses. No disrespect intended to Raul, but I'm going to start blocking entire non-us ARIN ranges.
In admin/config, there are two options for blocking ip addresses
- "IP address blocking". This is drupal's built-in facility for blocking single ip addresses.
- "IP range bans". This comes from the ip_ranges module.
ip_range stores its blocks in a table called ip_ranges. If you accidentally lock yourself out, you can delete the offending row.
I've also made a small code change to ip_ranges, so that we log blocks.
diff --git a/sites/all/modules/ip_ranges/ip_ranges.module b/sites/all/modules/ip_ranges/ip_ranges.module
index 7872de6..3129164 100644
--- a/sites/all/modules/ip_ranges/ip_ranges.module
+++ b/sites/all/modules/ip_ranges/ip_ranges.module
@@ -75,8 +75,10 @@ function ip_ranges_boot() {
* Prints a message and exits if access is denied.
*/
function ip_ranges_deny_access() {
+ $ip_addr = check_plain(ip_address());
+ watchdog('user', 'blocked by ip-ranges: %ip', array('%ip' => $ip_addr));
header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
- print 'Sorry, ' . check_plain(ip_address()) . ' has been banned.';
+ print 'Sorry, ' . $ip_addr . ' has been banned.';
exit();
}
That's a hack. If ip_ranges works well for us, I'll make the logging configurable, and submit the enhancement to the module maintainers.