Jump to content


Photo

IP Logging Best Practice


  • Please log in to reply
12 replies to this topic

#1 crimsonmoon

crimsonmoon
  • Members
  • PipPipPip
  • Advanced Member
  • 36 posts

Posted 12 June 2006 - 02:40 PM

What is the best most full proof method of IP logging. I log IP's and can ban those but then someone can always just spoof that IP and change it going around my ban.

Any suggestions?

How do those of you who run sites get and manage your players IP's?

#2 joquius

joquius
  • Members
  • PipPipPip
  • Advanced Member
  • 319 posts

Posted 12 June 2006 - 02:49 PM

hmm... well I'd normally add a cookie, user specific and ip ban so that whenever they came in with any of the same of those the ban would insert itself again. dunno
z..z..z..z..z..z..z..z..

#3 .josh

.josh
  • Staff Alumni
  • .josh
  • 14,871 posts

Posted 12 June 2006 - 02:50 PM

there is no foolproof method. anybody can go through an anonymous surfing site or setup their own proxy server.
Did I help you? Feeling generous? Buy me lunch! 
Please, take the time and do some research and find out how much it would have cost you to get your help from a decent paid-for source. A "roll-of-the-dice" freelancer will charge you $5-$15/hr. A decent entry level freelancer will charge you around $15-30/hr. A professional will charge you anywhere from $50-$100/hr. An agency will charge anywhere from $100-$250/hr. Think about all this when soliciting for help here. Think about how much money you are making from the work you are asking for help on. No, we do not expect you to pay for the help given here, but donating a few bucks is a fraction of the cost of what you would have paid, shows your appreciation, helps motivate people to keep offering help without the pricetag, and helps make this a higher quality free-help community :)

#4 joquius

joquius
  • Members
  • PipPipPip
  • Advanced Member
  • 319 posts

Posted 12 June 2006 - 02:53 PM

if you're talking about a forum or such just don't let anonymous users post and add a email verification for the registration.
z..z..z..z..z..z..z..z..

#5 d_barszczak

d_barszczak
  • Members
  • PipPipPip
  • Advanced Member
  • 188 posts
  • LocationBradford - UK

Posted 12 June 2006 - 02:53 PM

[!--quoteo(post=382846:date=Jun 12 2006, 03:40 PM:name=crimsonmoon)--][div class=\'quotetop\']QUOTE(crimsonmoon @ Jun 12 2006, 03:40 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
What is the best most full proof method of IP logging. I log IP's and can ban those but then someone can always just spoof that IP and change it going around my ban.

Any suggestions?

How do those of you who run sites get and manage your players IP's?
[/quote]

Are cookies an option for you as you could leave a cookie on computer you are wanting to deny access and have you page check for banned cookies.

If not i have heard of scripts that grab the mac address for you.

When all else fails - Try reading the manual.

Integrated IT Systems Ltd


#6 .josh

.josh
  • Staff Alumni
  • .josh
  • 14,871 posts

Posted 12 June 2006 - 02:59 PM

all the user would have to do is disable cookies. if you rely on looking for a "banneduser" cookie and the user has it disabled, your script will not be able to make/read any cookie on the client.

also, even with an email registration system, email addresses are a joke to come by. any determined user can sign up with a new email address all day long.
Did I help you? Feeling generous? Buy me lunch! 
Please, take the time and do some research and find out how much it would have cost you to get your help from a decent paid-for source. A "roll-of-the-dice" freelancer will charge you $5-$15/hr. A decent entry level freelancer will charge you around $15-30/hr. A professional will charge you anywhere from $50-$100/hr. An agency will charge anywhere from $100-$250/hr. Think about all this when soliciting for help here. Think about how much money you are making from the work you are asking for help on. No, we do not expect you to pay for the help given here, but donating a few bucks is a fraction of the cost of what you would have paid, shows your appreciation, helps motivate people to keep offering help without the pricetag, and helps make this a higher quality free-help community :)

#7 joquius

joquius
  • Members
  • PipPipPip
  • Advanced Member
  • 319 posts

Posted 12 June 2006 - 03:03 PM

Well it's just the case, beyond this stuff you're going into messing with the guy's computer.
z..z..z..z..z..z..z..z..

#8 .josh

.josh
  • Staff Alumni
  • .josh
  • 14,871 posts

Posted 12 June 2006 - 03:07 PM

the most effective way to make unwanted people go away is to require them to pay you money to access your site. That is, when they register, they must give you a credit card number or supply a paypal email to which they can pay you through that, or something.

i don't know a whole lot of people who are willing to go back and pay you some more money just to be a nuisance.


Did I help you? Feeling generous? Buy me lunch! 
Please, take the time and do some research and find out how much it would have cost you to get your help from a decent paid-for source. A "roll-of-the-dice" freelancer will charge you $5-$15/hr. A decent entry level freelancer will charge you around $15-30/hr. A professional will charge you anywhere from $50-$100/hr. An agency will charge anywhere from $100-$250/hr. Think about all this when soliciting for help here. Think about how much money you are making from the work you are asking for help on. No, we do not expect you to pay for the help given here, but donating a few bucks is a fraction of the cost of what you would have paid, shows your appreciation, helps motivate people to keep offering help without the pricetag, and helps make this a higher quality free-help community :)

#9 joquius

joquius
  • Members
  • PipPipPip
  • Advanced Member
  • 319 posts

Posted 12 June 2006 - 03:24 PM

When dealing with weeds it will never avail you to cut them down, you have to root them out if you want to get anywhere
z..z..z..z..z..z..z..z..

#10 .josh

.josh
  • Staff Alumni
  • .josh
  • 14,871 posts

Posted 12 June 2006 - 04:36 PM

thank you confucious. now if you don't mind, why don't you explain how one would go about rooting them out rather than cutting them down.
Did I help you? Feeling generous? Buy me lunch! 
Please, take the time and do some research and find out how much it would have cost you to get your help from a decent paid-for source. A "roll-of-the-dice" freelancer will charge you $5-$15/hr. A decent entry level freelancer will charge you around $15-30/hr. A professional will charge you anywhere from $50-$100/hr. An agency will charge anywhere from $100-$250/hr. Think about all this when soliciting for help here. Think about how much money you are making from the work you are asking for help on. No, we do not expect you to pay for the help given here, but donating a few bucks is a fraction of the cost of what you would have paid, shows your appreciation, helps motivate people to keep offering help without the pricetag, and helps make this a higher quality free-help community :)

#11 poirot

poirot
  • Members
  • PipPipPip
  • Advanced Member
  • 646 posts
  • LocationAustin, TX

Posted 12 June 2006 - 05:32 PM

For IP banning itself, there is no foolproof method.
But you can check for HTTP_X_FORWARDED_FOR, HTTP_X_VIA and other exotic variables sent by proxies. This will not work if the proxy is highly anonymous though.

You can also set a cookie ban, so if the user doesn't clean the cookies before using a proxy, you can catch them.
~ D Kuang

#12 swatisonee

swatisonee
  • Members
  • PipPipPip
  • Advanced Member
  • 253 posts

Posted 13 June 2006 - 09:16 AM

Umm...maybe confucious here meant "uprooting them " i/o rooting them out ??

[img src=\"style_emoticons/[#EMO_DIR#]/smile.gif\" style=\"vertical-align:middle\" emoid=\":smile:\" border=\"0\" alt=\"smile.gif\" /]
Shishya

#13 joquius

joquius
  • Members
  • PipPipPip
  • Advanced Member
  • 319 posts

Posted 13 June 2006 - 09:34 AM

[!--quoteo(post=383166:date=Jun 13 2006, 10:16 AM:name=swatisonee)--][div class=\'quotetop\']QUOTE(swatisonee @ Jun 13 2006, 10:16 AM) View Post[/div][div class=\'quotemain\'][!--quotec--]
Umm...maybe confucious here meant "uprooting them " i/o rooting them out ??

[img src=\"style_emoticons/[#EMO_DIR#]/smile.gif\" style=\"vertical-align:middle\" emoid=\":smile:\" border=\"0\" alt=\"smile.gif\" /]
[/quote]
hmm...I suppose with a strong arm and a mallet? [img src=\"style_emoticons/[#EMO_DIR#]/unsure.gif\" style=\"vertical-align:middle\" emoid=\":unsure:\" border=\"0\" alt=\"unsure.gif\" /]

The whole think needs to be redesigned...I think the future of security on the web is probably registration via mobile phone sms messages. Probably best alternative to CC
z..z..z..z..z..z..z..z..




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users