Checking visitors IP for open port 25 smtp and blocking this IP

u can use a database on httaccess or u block the ip direct over iptables. Do u need the check direct, or do u have some kind of time? for the last i would check the access log over cronjob and try making a connection over telnet/php later u can easy rewrite the httacces with. When u want direct response i would make fake image going to a php file who did the check for u

You mean I should not be able to browse your website if I accept mail on the same IP? What kind of website has that requirement?

Hi StefanBD, thank you for your answer. I really appreciate it. Your ideas - both - are fine! I like them. So, I need to write a bash script to do the logfile job. Yes, that's it! Then, the check via a fake image sounds interesting. Do you have some details about how it should work?

@anx - About your first question: Yep, you are a not wished visitor in that case (bye bye baby). Ok, let's be serious: My customer works in the valuable metals sector and is currently having massive problems with IP addresses, which on the one hand scrape certain content. 24/7 long. He doesn't want that. I can certainly understand why you don't want that in certain areas. Even if it's difficult to prevent. On the other hand (his main problem): fake orders are placed daily (for whatever reason) via residential proxies (G3/G4 mobile proxies).Hosting IP's can be blocked from 0 to 100 in seconds

U can generate images or output images with php so u can do with mode rewrite image.png goes to tool.php who does the check like connect to the visitor ip(u got from request variable) and if a login to the mailserver is possible u add the ip to the httaccess and give out a image with header png and code of 1 pixel, this method is used in tracking pixels for example

Btw why not use some service who blocks bots or use a capcha? Just a hint, when it's really bots then they probably don't load ur fake image then you should do the check direct in the page and do something like caching then this telnet stuff will take time which makes ur site slower https://stackoverflow.com/questions/2226374/test-if-port-open-and-forwarded-using-php

If i use the mod_rewrite rule `RewriteRule ^([_0-9a-zA-Z-]+/)?berliner-wurst.png /jetzt-schlagts-13.php [END]` the Browser will call the .php file, yes. The process of rewriting is made by the server. In the browser console I would be able to see the php file under the `Sources` Tab. Is there something magical I don't know, about calling first an harmlessly image file and than pumping the .php into the browser?

About external services... Yes, Cloudflare is used for bot blocking, rate limiting, and blocking via WAF ASNs. Most bad IPs are used by Vodafone and O2. I also notice an increased use of IPv6 from AS3320 DTAG - fixed network. Maybe because these guys are running out of hosting IPs and frontal blocking of G3/G4 IPs thins that out too. And banning those IPs is downright suicide for a platform. So no permanent solution. Anyway, using IPv6 is another thorny issue. Most reputable blacklist IP database providers do not have accurate IPv6 abuse information.

A scraping pro could easily load a captcha resolver library to solve the problem he would face after loading content (e.g. via scrapy and co). It's not really a problem - including the JavaScript challenges from our beloved Cloudflare. Caching is active for static content (not for dynamic routines like Ajax). Now I will carefully read the information from your link on stackoverflow.com - thanks for providing!

no the user will not see that ur image is served over a php file and i dont think they can crack all capchas

Let us [continue this discussion in chat](https://chat.stackexchange.com/rooms/140916/discussion-between-legion-and-stefanbd).

I sit in a Tesla and translated this thread with Ai: