xoligy Posted September 9, 2008 Share Posted September 9, 2008 Ok, so i have a script that checks to see if the user is using a proxy and if they are displays there real ip then the proxy one (well i hope it does other wise i dunno how im going achieve my question!). Anyhow what i was thinking was maybe adding some kind of ip check to it where it alerts the admin if someone is using the same ip/proxy that way passwords could be checked and the admin could keep an eye on suspicious accounts Thing is im not exactly sure where to start at the moment, i was thinking that maybe i need to do a mysql query on user accounts and then the banned accounts and if an ip matches it alerts the admin but doing that could mean alot of false readings so do you think that a password and ip check would be better? example: I logon with 127.0.0.1 the script checks other users ips, proxys and then banned and see's if someone had that ip and password the same and if so alerts the admin that a banned player/someone "could" be making multiple accounts. Can anyone else think of another way of doing this? Also if i was to do it as i said above would i have to make 3/4 seperate functions or could they be combined into one? the proxy script so far, advance i know if ($HTTP_X_FORWARDED_FOR) { echo "Warning: proxy server detected!! Admin have been notified, if your account is suspended it will not be unlocked!!<br><br>"; echo "Connected Via: " . $HTTP_VIA . " - " . $REMOTE_ADDR; echo "<br>Your real IP: " . $HTTP_X_FORWARDED_FOR; } else { echo "Proxy detection clear: Enjoy the game.<br>"; echo "Your IP: " . $REMOTE_ADDR; Link to comment https://forums.phpfreaks.com/topic/123526-phpmysql-advice/ Share on other sites More sharing options...
lisa71283 Posted September 9, 2008 Share Posted September 9, 2008 You may want to reconsider how effective that script can actually be. There are so many proxies these days that do not forward the originating address, or even give any indication that the request is being proxified. These are the proxies you have to be worried about, and they are everywhere. That being said, I would still recommend that your proposal be implemented. In each user entry (and, preferably, a login history table) include both REMOTE_ADDR and HTTP_X_FORWARDED_FOR. When a new user account is created, is the HTTP_X_FORWARDED_FOR is present and anything but a null, quad zero, or private network address, then execute a quick comparison to see what other accounts match that address, both based on your user table, and your access history log. If a match is found, you can have the script send a quick email alert to admins/mods to keep an eye on the new account for potential abusive behavior. Also, password comparison should not be possible, because you should be using salted hashes - right? Link to comment https://forums.phpfreaks.com/topic/123526-phpmysql-advice/#findComment-637940 Share on other sites More sharing options...
xoligy Posted September 9, 2008 Author Share Posted September 9, 2008 Thats what i was thinking, so if a user did want to cheat an admin would be alerted plus if there account is hacked i have a log of what ips have been in there account. As for the passwords there just md5'd i know thats not the best way but i think its good enough for now tbh plus it wouldnt be hard to sort out in the future when i made another update Link to comment https://forums.phpfreaks.com/topic/123526-phpmysql-advice/#findComment-637956 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.