Jump to content

IP Logging Best Practice


crimsonmoon

Recommended Posts

[!--quoteo(post=382846:date=Jun 12 2006, 03:40 PM:name=crimsonmoon)--][div class=\'quotetop\']QUOTE(crimsonmoon @ Jun 12 2006, 03:40 PM) [snapback]382846[/snapback][/div][div class=\'quotemain\'][!--quotec--]
What is the best most full proof method of IP logging. I log IP's and can ban those but then someone can always just spoof that IP and change it going around my ban.

Any suggestions?

How do those of you who run sites get and manage your players IP's?
[/quote]

Are cookies an option for you as you could leave a cookie on computer you are wanting to deny access and have you page check for banned cookies.

If not i have heard of scripts that grab the mac address for you.
Link to comment
Share on other sites

all the user would have to do is disable cookies. if you rely on looking for a "banneduser" cookie and the user has it disabled, your script will not be able to make/read any cookie on the client.

also, even with an email registration system, email addresses are a joke to come by. any determined user can sign up with a new email address all day long.
Link to comment
Share on other sites

the most effective way to make unwanted people go away is to require them to pay you money to access your site. That is, when they register, they must give you a credit card number or supply a paypal email to which they can pay you through that, or something.

i don't know a whole lot of people who are willing to go back and pay you some more money just to be a nuisance.

Link to comment
Share on other sites

For IP banning itself, there is no foolproof method.
But you can check for HTTP_X_FORWARDED_FOR, HTTP_X_VIA and other exotic variables sent by proxies. This will not work if the proxy is highly anonymous though.

You can also set a cookie ban, so if the user doesn't clean the cookies before using a proxy, you can catch them.
Link to comment
Share on other sites

[!--quoteo(post=383166:date=Jun 13 2006, 10:16 AM:name=swatisonee)--][div class=\'quotetop\']QUOTE(swatisonee @ Jun 13 2006, 10:16 AM) [snapback]383166[/snapback][/div][div class=\'quotemain\'][!--quotec--]
Umm...maybe confucious here meant "uprooting them " i/o rooting them out ??

[img src=\"style_emoticons/[#EMO_DIR#]/smile.gif\" style=\"vertical-align:middle\" emoid=\":smile:\" border=\"0\" alt=\"smile.gif\" /]
[/quote]
hmm...I suppose with a strong arm and a mallet? [img src=\"style_emoticons/[#EMO_DIR#]/unsure.gif\" style=\"vertical-align:middle\" emoid=\":unsure:\" border=\"0\" alt=\"unsure.gif\" /]

The whole think needs to be redesigned...I think the future of security on the web is probably registration via mobile phone sms messages. Probably best alternative to CC
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.