0

The php firewall is blocking thees ip ranges for spam. Thats ok, but where is the source for this information? 

$ip_array = array('24', '186', '189', '190', '200', '201', '202', '209', '212', '213', '217', '222' );

And why is this ip ranges blocked:

$ip_array = array('0', '1', '2', '5', '10', '14', '23', '27', '31', '36', '37', '39', '42', '46', '49', '50', '100', '101', '102', '103', '104', '105', '106', '107', '114', '172', '176', '177', '179', '181', '185', '223', '224' ); //'192',

I had to comment out 192 as i connect to my site locally.

And lastly why is this blocked:

ovh, kimsufi, dedibox, digicube ?

I am sure there is a good reason for blocking this ranges and isp's. What I am more interested in, is where the developer got this black list.

ganjan
  • 111
  • 1
  • 5
    This isn't really a development question. But, as a developer for a security software company: this script is useless. It contains arbitrary (hard coded) blocklists, is entirely munged into a single script (maintenance nightmare), and provides a false sense of security. And it has basically no documentation, so you don't realize what it's trying (or not trying) to do. – Joe Jul 22 '10 at 23:06
  • I would say it gives the site an extra layer of security to some extent. Not a false sense of security. The blacklist is hard coded, but it still block does unwanted ip's and host's doesn't it, plus some xss and sql injection attacks. No documentations doesn't really matter when it's just one 400 line long php file. –  Jul 22 '10 at 23:26

1 Answers1

3

This question is impossible to answer. How is $ip_array being decoded? 24 is not an IP address. Is that part of an address? Or is it blocking 24.x.x.x and 186.x.x.x etc? If so that's blocking over 17% of the entire internet.

And as for ovh, kimsufi, dedibox, digicube - that's totally out of context so we can't answer why they're blocked because we don't know what it's blocking. Hostnames? User-Agents? Domains?

I agree with Joe's comment - this script is not doing anything useful and is just giving you a false sense of security whilst blocking 17% of the internet.

OK to be fair it's more like 15.5% becuase 10.x.x.x,5.x.x.x aren't used in the wild and only part of 172.x.x.x is on the internet. And if that's the case, why not block 169.254.x.x while you're at it? It's also a bit rude to block 172 and 192 as well because parts of these ranges are internet-routable. All the more proof that this script isn't worth the time it took me to answer this question

Mark Henderson
  • 68,316
  • 31
  • 175
  • 255