admin管理员组文章数量:1326282
Unlike most of the spammer/spambot plugins out there, which stop registrations from a known list of spam IPs and email domains, I need to stop malicious users who may try and register more than one account from the same ip address. Their intentions may be to either harass people in the comments once they've been banned on other accounts, or they may try and play games with one of my submission forms and submit duplicate results to attempt to ruin the integrity of the output.
Is there a way that I can limit an ip address from registering accounts per a given time period? Since IP addresses change, I'd like to still allow some innocent who may end up with a previously blocked IP, to register.
Unlike most of the spammer/spambot plugins out there, which stop registrations from a known list of spam IPs and email domains, I need to stop malicious users who may try and register more than one account from the same ip address. Their intentions may be to either harass people in the comments once they've been banned on other accounts, or they may try and play games with one of my submission forms and submit duplicate results to attempt to ruin the integrity of the output.
Is there a way that I can limit an ip address from registering accounts per a given time period? Since IP addresses change, I'd like to still allow some innocent who may end up with a previously blocked IP, to register.
Share Improve this question asked Mar 21, 2015 at 1:22 KreationKreation 1472 silver badges9 bronze badges 3- This will not work. Not only that it is easy to overcome for dedicated trolls, it will also block whole organizations and the IP addresses for cellular network are probably changing every time you connect to the net which will make the whole thing pointless and will just force you to play smack a mole with the trolls. If you have problem with content it needs to be handles at content level. – Mark Kaplun Commented Mar 21, 2015 at 4:29
- I'm confused as to how it would block entire organizations and addresses if the block is temporary and lasts maybe a week or so? Maybe less time? – Kreation Commented Mar 21, 2015 at 4:56
- It is common for traffic to be routed through a gateway address, such as that of a cellular network or large organization and even regular ISP, therefore you may not actually be dealing with the specific device (or user). – Adam Commented Mar 21, 2015 at 5:02
2 Answers
Reset to default 2Despite that this approach may be flawed by the fact that it can be by-passed using proxies, here is a simplistic (yet untested) approach, which you would need to improve upon but would give you the foundation for achieving your desired goal.
The process as I see it:
- filter user registerations on the
pre_user_loginorpre_user_nicenamehooks - check database to see if IP exists in a time-limited blacklist
- if IP exists within range, reject registration with custom error message
- if IP does not exist within range, add the IP to the time-limited blacklist
- rinse and repeat for each registration attempt
Example:
function filter_user_registration_ip($user_nicename) {
$ip = $_SERVER['REMOTE_ADDR']; //get current IP address
$time = time(); //get current timestamp
$blacklist = get_option('user_ip_blacklist') ?: array(); //get IP blacklist
/*
* If IP is an array key found on the resulting $blacklist array
* run a differential of the
*
*/
if ( array_key_exists($ip, $blacklist) ) {
/*
* Find the difference between the current timestamp and the timestamp at which
* the IP was stored in the database converted into hours.
*/
$diff_in_hours = ($time - $blacklist[$ip]) / 60 / 60;
if ( $diff_in_hours < 24 ) {
/*
* If the difference is less than 24 hours, block the registration attempt
* and do not reset or overwrite the timestamp already stored against the
* current IP address.
*/
wp_die('Your IP is temporarily blocked from registering an account');
}
}
/*
* If the IP address does not exist, add it to the array of blacklisted IPs with
* the current timestamp (now).
*
* Or if the IP address exists but is greater than 24 hours in difference between
* the original stored timestamp and the current timestamp, add it to the array
* of blacklisted IPs.
*/
$blacklist[$ip] = $time;
update_option('user_ip_blacklist', $blacklist);
return $user_nicename;
}
add_filter('pre_user_nicename', 'filter_user_registration_ip', 10, 1);
Notes:
- The above code is untested and may contain errors.
- The approach to retrieving the current user IP is not fool proof.
- The array of IPs will grow exponentially overtime, you will need to prune the array periodically.
A better solution would be not to ban their IP from within Wordpress, but if you have root access to WHM then you can ban their IP from your server altogether. This is the real solution to the problem.
Also, usually IP addresses do not change. However, a person may go to another internet connection, a proxy server, or some other manner to use an alternate IP. However, it will still be a pain for them because once you ban their home IP, the only real solution for them is to get their ISP to change their IP, of which many ISPs will be reluctant to do or will flat out deny the request.
If you do not have access to WHM or the root of your server, then you can still ban their IP by adding it to the .htaccess file like so:
order allow,deny
deny from 123.45.67.89
allow from all
本文标签: Plugin for limiting user registration based on ip with expiry period
版权声明:本文标题:Plugin for limiting user registration based on ip with expiry period? 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1742211606a2433815.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论