contact form - check ip blacklist

General discussions related to php

Moderators: egami, macek, gesf

Post Reply
marchello
New php-forum User
New php-forum User
Posts: 6
Joined: Mon Oct 30, 2017 6:10 am

Sun Feb 03, 2019 2:26 pm

Hi all,
I'm still newbie in php. I'd like to connect ip blacklist so that my contact form is not spammed.

Found abuse ip service with rest api, it accepts GET request like this:
https://www.abuseipdb.com/check/[IP]/js ... days=[DAYS]

It returns
[]
if the IP is not blacklisted. Otherwise it returns more data. Hmm, it also returns probability percentage, so it would be nice to parse the response, but honestly, just to start, it would be great to consider only non-empty responses.

Well, free account allows only 1000 requests per day, it is much more than I expect, though for future it would be nice to know how do I handle this. I believe it would be correct to allow all contact form submissions when mentioned blacklist service is not responding or if I used my quota.

Below is part of code, so that you can see what I am able to do already.
Please advise where to start.

Code: Select all

<?php

function getUserIP()
{
    $client  = @$_SERVER['HTTP_CLIENT_IP'];
    $forward = @$_SERVER['HTTP_X_FORWARDED_FOR'];
    $remote  = $_SERVER['REMOTE_ADDR'];

    if(filter_var($client, FILTER_VALIDATE_IP))
    {
        $ip = $client;
    }
    elseif(filter_var($forward, FILTER_VALIDATE_IP))
    {
        $ip = $forward;
    }
    else
    {
        $ip = $remote;
    }

    return $ip;
}

        $user_ip = getUserIP();
        $user_agent = $_SERVER['HTTP_USER_AGENT'];
        $ref = @$_SERVER[HTTP_REFERER];
        $nl = nl2br("   |||||   ");
        $email_domain = substr($_REQUEST['email'], 0, strrpos($_REQUEST['email'], '@'));

        $headerFields = array(
            "MIME-Version: 1.0",
            "Content-Type: text/html;charset=utf-8"
        );

        if (!filter_var($_REQUEST['email'], FILTER_VALIDATE_EMAIL)) {
            $desc = $desc.'Email is not valid.';
            $host  = $_SERVER['HTTP_HOST'];
            $uri   = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
            $extra = 'error.php';
            header("HTTP/1.1 409 CONFLICT");
            header("Location: http://$host$uri/$extra");
        } else
        if (strpos($_REQUEST['message'], ' download ') !== false) {
            $desc = $desc.'Forbidden content.';
            $host  = $_SERVER['HTTP_HOST'];
            $uri   = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
            $extra = 'error3.php';
            header("HTTP/1.1 409 CONFLICT");
            header("Location: http://$host$uri/$extra");
        } else ...
chorn
php-forum GURU
php-forum GURU
Posts: 608
Joined: Fri Apr 01, 2016 2:18 am

Sun Feb 03, 2019 10:34 pm

At least i don't see you using the service anywhere. You can create simple GET request with file_get_contents() on an URL and get a string back. as it seems to be JSON, you can parse the result with json_decode().
marchello
New php-forum User
New php-forum User
Posts: 6
Joined: Mon Oct 30, 2017 6:10 am

Mon Feb 04, 2019 12:40 am

chorn,
At least i don't see you using the service anywhere.
Right, I did not start any attempt yet. Thanks for hints!
Post Reply