4

On my website I try to block bad users and bots. After detecting bad behaviour (ignoring robots.txt, too many clicks etc) the users IP address is added to a MYSQL database.

When visiting the website the IP of the user will be checked against the MYSQL database containing bad IP's. If it's present an error message will be served.

This all works well with IPv4 but I'm unsure how to block IPv6 addresses, as they will change quite often for the same user.

For example how to block the user with the following IPs:

2a02:908:1a4:ff00:1943:5691:f11b:6ad8
2a02:908:1a4:ff00:b51b:7d3:e816:ff4e
2a02:908:1a4:ff00:e4f6:3f53:2efc:9ae2

Is it a good idea to subtract the first part which stays the same using: https://stackoverflow.com/a/7290676 so I end up blocking 2a02:908:1a4:ff00:: ?

I don't want to block an entire City / ISP just a single abusing user.

Update: With the situation above I don't want to block users completely, just display a message / restrict access to some pages and maybe eventually unblock after some time / action. I'm already using CSF (and iptables) to block unwanted visitors.

Thanks from Holland!

Community
  • 1
  • 1
Pieter
  • 115
  • 12
  • 2
    don't assume that IPs are constants, there many ways to ban an IP from sending any requests to your web server even if you check against the database take in account that the IP has already sent a request and an query is executed and resources are consumed, you might want to consider to go to lower level than that. You can work something out with your web server like how often can an IP send requests, you can also not allow an range of IP to even sent request to the server. also post what web server you are using . – Gntem Apr 15 '17 at 15:18
  • Use `ip6tables` and deny connections at a lower level. I use it to block any connections from china to my server. – Pedro Lobito Apr 15 '17 at 15:22
  • @Mr.Phoenix Thanks for your reply. With the situation above I don't want to block users completely, just display a message / restrict access to some pages and maybe eventually unblock after some time / action. I'm already using CSF (and iptables) to block unwanted visitors. – Pieter Apr 15 '17 at 15:39
  • @PedroLobito Thanks for your reply. With the situation above I don't want to block users completely, just display a message / restrict access to some pages and maybe eventually unblock after some time / action. I'm already using CSF (and iptables) to block unwanted visitors. – Pieter Apr 15 '17 at 15:40
  • You may want to take a look at https://www.ultratools.com/tools/rangeToipv6CIDR and other tools on the left side. – Pedro Lobito Apr 15 '17 at 15:52
  • @PedroLobito with the linked stackoverflow answer (http://stackoverflow.com/a/7290676) i'm already able to subtract the subnet from the given IPs. My question is: is blocking this subnet (2a02:908:1a4:ff00::) sufficient enough to block just this user? – Pieter Apr 15 '17 at 16:04

0 Answers0