IP Logging Best Practice

[crimsonmoon]

What is the best most full proof method of IP logging. I log IP's and can ban those but then someone can always just spoof that IP and change it going around my ban.

Any suggestions?

How do those of you who run sites get and manage your players IP's?

[joquius]

hmm... well I'd normally add a cookie, user specific and ip ban so that whenever they came in with any of the same of those the ban would insert itself again. dunno

[.josh]

there is no foolproof method. anybody can go through an anonymous surfing site or setup their own proxy server.

[joquius]

if you're talking about a forum or such just don't let anonymous users post and add a email verification for the registration.

[d_barszczak]

[!--quoteo(post=382846:date=Jun 12 2006, 03:40 PM:name=crimsonmoon)--][div class=\'quotetop\']QUOTE(crimsonmoon @ Jun 12 2006, 03:40 PM) [snapback]382846[/snapback][/div][div class=\'quotemain\'][!--quotec--]
What is the best most full proof method of IP logging. I log IP's and can ban those but then someone can always just spoof that IP and change it going around my ban.

Any suggestions?

How do those of you who run sites get and manage your players IP's?
[/quote]

Are cookies an option for you as you could leave a cookie on computer you are wanting to deny access and have you page check for banned cookies.

If not i have heard of scripts that grab the mac address for you.

[.josh]

all the user would have to do is disable cookies. if you rely on looking for a "banneduser" cookie and the user has it disabled, your script will not be able to make/read any cookie on the client.

also, even with an email registration system, email addresses are a joke to come by. any determined user can sign up with a new email address all day long.

[joquius]

Well it's just the case, beyond this stuff you're going into messing with the guy's computer.

[.josh]

the most effective way to make unwanted people go away is to require them to pay you money to access your site. That is, when they register, they must give you a credit card number or supply a paypal email to which they can pay you through that, or something.

i don't know a whole lot of people who are willing to go back and pay you some more money just to be a nuisance.

[joquius]

When dealing with weeds it will never avail you to cut them down, you have to root them out if you want to get anywhere

[.josh]

thank you confucious. now if you don't mind, why don't you explain how one would go about rooting them out rather than cutting them down.

[poirot]

For IP banning itself, there is no foolproof method.
But you can check for HTTP_X_FORWARDED_FOR, HTTP_X_VIA and other exotic variables sent by proxies. This will not work if the proxy is highly anonymous though.

You can also set a cookie ban, so if the user doesn't clean the cookies before using a proxy, you can catch them.

[swatisonee]

Umm...maybe confucious here meant "uprooting them " i/o rooting them out ??

[img src=\"style_emoticons/[#EMO_DIR#]/smile.gif\" style=\"vertical-align:middle\" emoid=\":smile:\" border=\"0\" alt=\"smile.gif\" /]

[joquius]

[!--quoteo(post=383166:date=Jun 13 2006, 10:16 AM:name=swatisonee)--][div class=\'quotetop\']QUOTE(swatisonee @ Jun 13 2006, 10:16 AM) [snapback]383166[/snapback][/div][div class=\'quotemain\'][!--quotec--]
Umm...maybe confucious here meant "uprooting them " i/o rooting them out ??

[img src=\"style_emoticons/[#EMO_DIR#]/smile.gif\" style=\"vertical-align:middle\" emoid=\":smile:\" border=\"0\" alt=\"smile.gif\" /]
[/quote]
hmm...I suppose with a strong arm and a mallet? [img src=\"style_emoticons/[#EMO_DIR#]/unsure.gif\" style=\"vertical-align:middle\" emoid=\":unsure:\" border=\"0\" alt=\"unsure.gif\" /]

The whole think needs to be redesigned...I think the future of security on the web is probably registration via mobile phone sms messages. Probably best alternative to CC