1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.5 Attempted Login IPs

Discussion in 'XenForo Questions and Support' started by Gary, Sep 30, 2015.

  1. Gary

    Gary Active Member

    I am getting swamped with attempted logins for my new site, with over 100 different IPs constantly on my site. From the ones I have been able to identify by server logs, many are known spammers. With the xf_login_attempt table I can easily tell which ones are trying to force attempted logins, by the login being used, but the IPs are in varbinary(16) format. Is there a way anyone knows that I can export and easily convert these to the proper IP address, so that I can add them to my server ban? They haven't been able to access the site, but are burning through some bandwidth, so I want to block them at the server level. Thanks!
     
  2. Spiker400

    Spiker400 Member

    Not sure if it best way, but i have nearly same Problem and i solve this collecting these IP's try to Login/register too much or just spam requests in a txt file. This is fine because i may define the rules by any .php or other script anyway different for candidates placed to the blocking txt file. With a cron or event based read out that txt file line by line + put each to firewall block for a time x hours... This works fine and also over multiple Domains etc.

    Most firewall's have a shell based command for blocking a single ip, some have Options to include such a txt file as a blockfile directly. I use the first Option read out the txt file with bash script line by line for blocking...
     
    Last edited: Sep 30, 2015
  3. Mike

    Mike XenForo Developer Staff Member

    The IPs are stored a 4 bytes of binary (for IPv4). You can convert it with the following query:
    Code:
    SELECT INET_NTOA(CONV(HEX(ip_address),16,10)) FROM xf_login_attempt
     
  4. Gary

    Gary Active Member

    Thank you Mike!
     

Share This Page