I create website using php. and then I want to block VPN IP ADDRESS or hide ip Program. in my login.
I see ebay.com website can block VPN IP ADDRESS or hide ip Program.
How do write script php for block VPN IP ADDRESS or hide ip Program.
It's simple to implement:
if (in_array($_SERVER['REMOTE_ADDR'], $blocked_ips)) die("Go away!");
... but it requires a list of IPs you'd like to block. IP hiding works by using a proxy. There is no way to detect if a user is hiding their IP besides checking if traffic is coming from a known IP hiding service's IP. Where you might find such a list, I don't know, but that's the only way to go about this.
Related
So why am I need my own ip by using get content? I want to use some tv channels which is m3u8 file and using m3u8?wmsAuthSign=code
wmsAuthSign code is changing everytime the page refresh it self and they are getting ip adrress inside of that code.
So i can't play the tv channel by my servers ip !
the code i gave down below is just an example :D
<?php
$myURL = "https://whatismyipaddress.com/ip-lookup";
$lines = file($myURL);
echo $lines[145];
?>
Is there any way that i can change it to my one ip adresse?
If you mean the client (browsers) IP:
That code is being executed on your server, so the machine fetching that URL is your server. The response then has your server's IP address.
If you want to get the IP address of the user that's accessing the server, you could use some of the $_SERVER variables (like $_SERVER['REMOTE_ADDR']) but due to the way the internet works, that may not be the user's IP address.
Your best bet there is to use javascript that runs on the user's browser to identify the user's IP address - though, since that is really under the user's control, you can't be certain it's accurate either.
If you mean you're getting the IP of a different server, not your web server: the method you're using only determines the IP address of the server acting as a gateway to the greater internet. If your web server is behind a firewall, you'll be getting the IP of the firewall. You may want to identify the web server's local IP address instead.
Because the server is executing the PHP code and is requesting the website, if you want to get the IP address of the current user see How to get the client IP address in PHP?
I am working on a WordPress website and have the plugin WP Security installed. It tells me the current IP Address I am on when viewing the website. However the IP address it is producing isn't my correct IP address. I did the same thing on another WordPress website and it did produce the correct IP address.
The reason I'm trying to figure out the IP address is because someone entered their login credentials wrong 5 times. The website is set up so when that happens it locks that person out of website for an hour. Well when this happened it didn't just block their IP address, but blocked our IP address and the clients IP address. And the IP address it said it was blocking was neither of ours.
What could be the reasoning for this single website to be grabbing the incorrect IP address and believing it belongs to us and our client?
EDIT: after looking into it a little more the IP address that is showing up on this website is through Liquid Web, our hosting provider. So it is showing that IP address instead of our current/local IP address.
"All" traffic is routed to your webserver via another server (CDN, Firewall, Nginx etc). Following a failed login attempt the WP plugin is blacklisting this intermediate servers IP address locking everyone out.
Typically php scripts gets the visitors IP frome the REMOTE_ADDR environment variable: but depending on configuration with e.g. intermediate Nginx server REMOTE_ADDR may contain the nginx server IP; and the "real visitor" IP may be in HTTP_X_REAL_IP
You can use this script to: check which environment variable on your site contains the actual visitor IP.
It would be useful if you provided the link to the site from which you got the WP Security plugin.
Solution:
Ask your host provider to configure servers so REMOTE_ADDR on your web server will contain visitors IP; or
If you know which environment var is valid (above); then the security plugin may have a setting to configure accordingly; or
Report as a bug on plugins support forum.
I am trying to block my website's access by a particular router, but that router has a dynamic IP. It changes the IP dynamically, so even after blocking one IP of the router it can still access the website after it has changed its IP. How do I block that specific router from accessing my website?
You could block an IP range (if you see within which range the router gets its IP addresses)
120.120.0.0 - 120.120.255.255
I just wonder if Cloudflare is protecting only the domain name accesses ? Lets say I have a website mydomain.com and this domain has a dedicatedIP, 192.168.1.1 if someone uses 192.168.1.1 with the browser it is possible to access to the website. So the DDOS attack as well. In this case can writing a php code will prevent from direct ip access ddos attacks ? Like checking if the entered url is a domain or IP, if it is IP show 403 ?
%99.9 ddos attackers do not use domain name to attack, they first check the dns records of the domain and they attack to the website IP, especially if you have a dedicated IP assigned to the website, even if you hide the mainIP of the website by using Cloudflare nameservers, the mx and email IP dns records are listed again and they are your dedicatedIP where pointed to your website when you call that IP. This is the problem I'm trying to solve.
Cloudflare's DDOS protection is only useful if you hide the origin IP - the IP of your server. They have an article with tips on this. You'll want to point MX etc. records somewhere else and send mail from a different server, because you're right - it would reveal the IP of the server.
If your host supports it, you can also firewall off your server from any IP address that isn't in Cloudflare's range.
I'm using $_SERVER['REMOTE_ADDR']; to get the IP of the visitors. I don't care if they are behind a proxy, VPN, etc; I need a measure of IP that can't be manipulated by the end-user.
For some users, $_SERVER['REMOTE_ADDR']; is not returning the right IP -- it is returning one of Google's IPs instead, such as 64.233.173.164.
I confirmed this by asking one user to check their IP by checking here and their IP turned out to be different than what $_SERVER['REMOTE_ADDR']; showed.
How is that possible?
UPDATE: I've talked to the specific user in question and he said he is NOT using Google Translate. Why else would a Google IP show in REMOTE_ADDR?
I don't care if they are behind a proxy, VPN, etc;
You have to, if they are using a VPN, or a proxy, or NAT then $_SERVER['REMOTE_ADDR'] will contain that ip and not of the user, and that is what you're getting.
UPDATE: I've talked to the specific user in question and he said he is NOT using Google Translate. Why else would a Google IP show in REMOTE_ADDR?
That Google IP you have mentioned in your OP belongs to google-proxy-64-233-173-164.google.com which is the proxy that this visitor's computer or ISP is using
If you were to check HTTP_X_FORWARDED_FOR or HTTP_CLIENT_IP You would get that information