fast ip question

[asmith]

i want to save user ip when register directly to mysql table .

 

insert into table(ip) values ('$getenv(REMOTE_ADDR)')

 

is the ip coming from the user safe enough ? i don't know whether it can be change to something harmful or not .

should i validate that funcation first before inserting to sql ?

[cooldude832]

safe for what?

 

You don't ban by IP  cause of DDNS from ISPs

[asmith]

safe for sql injection.

 

 

You don't ban by IP  cause of DDNS from ISPs

 

 

what is DDNS ?

i can't ban someone by his ip ?

[cooldude832]

correct you can't ban someone by their ip becuse ISPs use whats called an IP pool they own ips

123.1.1.0 to 123.1.1.195 or what ever and everytime someone connections with their system they get assigned a free IP in the pool

so one day you might ban Joe Smith

but the next day its Margret brown's IP

[asmith]

what about giving account to each person only once?

i wanted to give each IP address one site account register .  now you mentioned it , and with the ones who use dynamic IP address, it will all messed up  ,

any better idea?

 

[cooldude832]

use their email address eventually they will stop making email accounts

[asmith]

the idea of IP  , can work only to people with static ip address , huh?

 

i want to ban some people , but if they could come again with another account...

i know it is not that perfect, people "can" change their ip address through ip changing programs, non proxy sites ...

 

e-mail idea is good , but i guess most of people usually have more than 1 e-mail account . so they already have chances before givin up from making e-mail addresses.

 

 

 

 

[sKunKbad]

use their email address eventually they will stop making email accounts

 

I don't know about that. I moderate for a forum where Russian spammers are creating accounts like crazy. I'm pretty sure they use bots for account creation, including the acquisition of new email accounts from gmail, yahoo, hotmail, etc. There are definitely some very sophisticated bots out there.

[asmith]

what ip bots use ?

these bots use the same ip address every time ?

[cooldude832]

if you find a pattern you can use regex to find people that match the pattern for hte account like

[email protected]

you can block all

[email protected]

 

they will eventually get bored or just report their ip to their ISP

[asmith]

if someone is serious he can open up another account no matter how many limits i set for him .

but i don't want to make it that much easy too .

 

regex way ....hm  thinking about it.. why people should use same pattern or something like e-mail ?

 

 

[sKunKbad]

Unfortunately I do not have the required forum permissions to ban by IP, or do anything creative with regex. The forum is a vBulletin forum, and I'm a "SuperModerator", but its really not that super! I can only ban manually.

[asmith]

so you do like the ip banning ?