Jump to content

Archived

This topic is now archived and is closed to further replies.

crimsonmoon

IP Logging Best Practice

Recommended Posts

What is the best most full proof method of IP logging. I log IP's and can ban those but then someone can always just spoof that IP and change it going around my ban.

Any suggestions?

How do those of you who run sites get and manage your players IP's?

Share this post


Link to post
Share on other sites
hmm... well I'd normally add a cookie, user specific and ip ban so that whenever they came in with any of the same of those the ban would insert itself again. dunno

Share this post


Link to post
Share on other sites
there is no foolproof method. anybody can go through an anonymous surfing site or setup their own proxy server.

Share this post


Link to post
Share on other sites
if you're talking about a forum or such just don't let anonymous users post and add a email verification for the registration.

Share this post


Link to post
Share on other sites
[!--quoteo(post=382846:date=Jun 12 2006, 03:40 PM:name=crimsonmoon)--][div class=\'quotetop\']QUOTE(crimsonmoon @ Jun 12 2006, 03:40 PM) [snapback]382846[/snapback][/div][div class=\'quotemain\'][!--quotec--]
What is the best most full proof method of IP logging. I log IP's and can ban those but then someone can always just spoof that IP and change it going around my ban.

Any suggestions?

How do those of you who run sites get and manage your players IP's?
[/quote]

Are cookies an option for you as you could leave a cookie on computer you are wanting to deny access and have you page check for banned cookies.

If not i have heard of scripts that grab the mac address for you.

Share this post


Link to post
Share on other sites
all the user would have to do is disable cookies. if you rely on looking for a "banneduser" cookie and the user has it disabled, your script will not be able to make/read any cookie on the client.

also, even with an email registration system, email addresses are a joke to come by. any determined user can sign up with a new email address all day long.

Share this post


Link to post
Share on other sites
Well it's just the case, beyond this stuff you're going into messing with the guy's computer.

Share this post


Link to post
Share on other sites
the most effective way to make unwanted people go away is to require them to pay you money to access your site. That is, when they register, they must give you a credit card number or supply a paypal email to which they can pay you through that, or something.

i don't know a whole lot of people who are willing to go back and pay you some more money just to be a nuisance.

Share this post


Link to post
Share on other sites
When dealing with weeds it will never avail you to cut them down, you have to root them out if you want to get anywhere

Share this post


Link to post
Share on other sites
thank you confucious. now if you don't mind, why don't you explain how one would go about rooting them out rather than cutting them down.

Share this post


Link to post
Share on other sites
For IP banning itself, there is no foolproof method.
But you can check for HTTP_X_FORWARDED_FOR, HTTP_X_VIA and other exotic variables sent by proxies. This will not work if the proxy is highly anonymous though.

You can also set a cookie ban, so if the user doesn't clean the cookies before using a proxy, you can catch them.

Share this post


Link to post
Share on other sites
Umm...maybe confucious here meant "uprooting them " i/o rooting them out ??

[img src=\"style_emoticons/[#EMO_DIR#]/smile.gif\" style=\"vertical-align:middle\" emoid=\":smile:\" border=\"0\" alt=\"smile.gif\" /]

Share this post


Link to post
Share on other sites
[!--quoteo(post=383166:date=Jun 13 2006, 10:16 AM:name=swatisonee)--][div class=\'quotetop\']QUOTE(swatisonee @ Jun 13 2006, 10:16 AM) [snapback]383166[/snapback][/div][div class=\'quotemain\'][!--quotec--]
Umm...maybe confucious here meant "uprooting them " i/o rooting them out ??

[img src=\"style_emoticons/[#EMO_DIR#]/smile.gif\" style=\"vertical-align:middle\" emoid=\":smile:\" border=\"0\" alt=\"smile.gif\" /]
[/quote]
hmm...I suppose with a strong arm and a mallet? [img src=\"style_emoticons/[#EMO_DIR#]/unsure.gif\" style=\"vertical-align:middle\" emoid=\":unsure:\" border=\"0\" alt=\"unsure.gif\" /]

The whole think needs to be redesigned...I think the future of security on the web is probably registration via mobile phone sms messages. Probably best alternative to CC

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.