Ipban_XH - a CMSimple_XH Plugin

Ipban_XH facilitates to block access to your site from individual IP addresses. If a user is banned this way, he'll receives an appropriate message. To make the selection of offending IPs somewhat easier, all POST requests to the site are logged.

If you're looking for a more general solution to the problem of spammers and request flooding have a look at GXSecurity.

Please do read this documentation before you encounter any problems!

Important Notice

Ipban_XH couldn't be tested so far in various environments. It is a so called BETA version. Use with caution!

back to top

Requirements

Ipban_XH is a plugin for CMSimple_XH. It requires a UTF-8 encoded version and jQuery4CMSimple.

back to top

Installation

The installation is done as with many other CMSimple_XH plugins. See the CMSimple_XH wiki for further details.

  1. Backup the data on your server.
  2. Unzip the distribution on your computer.
  3. Upload the whole directory ipban/ to your server into CMSimple_XH's plugins directory.
  4. Set write permissions to the subdirectories config/, css/, languages/ and the plugin's data folder.
  5. Protect Ipban_XH's data folder against direct access by any means your webserver provides. An appropriate .htaccess file for Apache servers is already contained in the default data folder.
  6. Switch to "Ipban" in the back-end to check if all requirements are fulfilled.
back to top

Settings

The plugin's configuration is done as with many other CMSimple_XH plugins in the website's back-end. Select "Ipban" from "Plugins".

You can change the default settings of Ipban_XH in "Plugin Config". Hints for the options will be displayed when hovering over the help icon with your mouse.

Localization is done in "Plugin Language". You can translate the character strings to your own language, or customize them according to your needs.

The look of the Ipban_XH can be customized in "Plugin Stylesheet".

back to top

Usage

Sometimes you might face spammers or trolls, who are targeting your website. If other measures fail or are not available at all, the last resort is banning the offending IPs. That's neither convenient for you, nor is it safe as IPs can change, but it might be the only viable solution instead of closing the site or at least removing some features, such as the mail form or a guestbook.

In the plugin's back-end you can manage the IP bans. In the second grid all POST requests to the site are shown. The column "POST variables" displays the names of the variables that were sent for this very request. This helps to identify the offending request. If for example a spammer repeatedly sends you mail via CMSimple_XH's built-in mailform, this column will contain the name "mailform". Use the filter functionality above the grid, to filter for "mailform", then sort by time (click on the appropriate column header), and find out, from which IP the request was made.

The first grid displays the existing ban records. The usage is pretty much self-explaining. So if you want to add a ban for the mentioned mail spammer, click "+ Add new record", select the IP from the list, enter a reason (say "because of email spam!") and select the date, when the ban ends. The checkbox allows you to choose, if the IP should be blocked completely, or if you deem a notice for the spammer sufficient. Please note that the usage of this checkbox is somewhat uncommon, as the label reflects, what you have chosen.

Tip: if you have many ban records and/or many POST requests, the grids will get very long. In this case you might prefer to enable paging for the grids in the plugin's configuration.

Finally you can test the result of the ban. Just append the following to the browsers address line:

&IPBAN_DEBUG=127.0.0.1

Of course you have to replace "127.0.0.1" with the IP address you have banned, and you will see, what is displayed if the site is called from the given IP address. Please note that this works only, when you're logged in as admin.

The ban warning can be styled in the plugin's stylesheet. The default is meant to overlay only a part of the page, so the warned user is able to use the site without restrictions. You might have to adapt it to your template. In the plugin's stylesheet there's an alternative styling of the warning, which will cover the complete page.

The ban ends on the given date, but the ban record is not removed, as it might be necessary to ban the offender again. Of course you can delete the ban record manually.

back to top

Limitations

Currently the log file (post.log) is never truncated, so over time it might become very large. In this case it is reasonable, to truncate it manually. Just remove whole lines from the beginning of the file.

The IP ban works for the complete site, not only for a single language, but it's not possible to enter localized versions of the individual ban reason. So enter the reason in the site's default language; if a second language is accessed, a default reason in the appropriate language will be displayed.

back to top

License

Ipban_XH is licensed under GPLv3.

© 2012 Christoph M. Becker

Russian translation © 2012 Lybomyr Kydray
Czech translation © 2012 Josef NÄ›mec

back to top

Credits

Ipban_XH was inspired by Old.

The plugin icon is designed by VistaICO.com. Many thanks for publishing this icon under CC-BY license.

This plugin uses free applications icons from Aha-Soft. Many thanks for making these icons freely available.

Many thanks to the community at the CMSimple forum for tips, suggestions and testing.

And last but not least many thanks to Peter Harteg, the "father" of CMSimple, and all developers of CMSimple_XH without whom this amazing CMS wouldn't exist.

back to top