could I make s suggestion … it would be helpful/great if the way Bad Behavior plug in was laid out in the admin section allowed easy copying of all the IP address so that one could add them to a .htaccess deny script.

(… or, indeed, be able to do so from the admin panel).

Is there anywhere else, eg log that I can do so except going to the database?

Thanks

if (!empty($bb2_whitelist_urls)) {
if (strpos($package['request_uri'], “?”) === FALSE) {
$request_uri = $package['request_uri'];
} else {
$request_uri = substr($package['request_uri'], 0, strpos($package['request_uri'], “?”));
}
foreach ($bb2_whitelist_urls as $url) {
if (!strcmp($request_uri, $url)) return true;
}
}

HTH.

*A tech support person at PayPal I spoke with assured me that they rotate the dns resolution fairly frequently; so it’s not changing (at least not frequently) the “real” four IP addresses used exclusively for IPN, and to which their server domain (notify.paypal.com) resolves. Then again, I do see your point about unlocking access to one’s own URI; that way, it’s that particular code’s problem to deal with the nasties out there, and frees up precious BB cycles. So, I’ll go ahead and do that instead of whitelisting physical IPs. See, I should’ve listened to you from the get-go.

In the case of PayPal IPN, you would probably do best to whitelist your URL rather than the IP addresses (which PayPal says might change someday).

I’m just making sure, because I can’t find that file named `bad-behavior-whitelist.php` you refer to above… (Unless of course I’m missing something i.e. having to make it or something like that).

Or alternatively, should I include the domain of the PayPal IPN server (i.e. “notify.paypal.com”) and whitelist that somewhere? I guess not, as whitelisting specific IPs should nip any external server access issues in the bud, but still… Just making sure I understand the philosophy. Thanks again for putting up with my dense head – and for the quick fix release!