Blocking IP addresses

BigSlideHimself · Post by **BigSlideHimself** » Sun Nov 18, 2007 4:29 am

I run a php based ordering system. And I've been having certain IPS spamming, now I can block the single IP that spams the service, but I have some other questions.

If someone uses a dynamic IP provider, does that just mean the next day they can spam again?

If someone uses one of those city wide wireless carriers - we have one around here called Xanadoo, where they just give you a wireless card - will there IP always change? How does that work exactly, because I assume everyone in the city doesn't have the same IP.

Would I just have to block a whole range of IPs? I don't really want to do that becuase it would knock out a huge user base. Thanks alot.

heftig · Post by **heftig** » Sun Nov 18, 2007 7:18 am

If the spamming is bot-driven changing the ordering system a bit should work. A while, at least. Whether the bots adapt to your site depends on how important the spammers think your site is. You could try implementing a challenge-response system to determine if the user is human (CAPTCHAs, for example).

Dynamic IP means just that. They get another IP when they reconnect. Some ISPs force a disconnect every now and then to force an IP change.

I believe Xanadoo uses dynamic IPs.

BigSlideHimself · Post by **BigSlideHimself** » Sun Nov 18, 2007 7:09 pm

So on Dynamic IPs: I also run a message board that blocks IPs - not unlike this one- and I don't have a problem with those users coming back. And if memory serves, when I was blocked from the DBB, even with a dynamic IP I still couldn't post. So how do you go about blocking a dynamic IP?

Krom · Post by **Krom** » Sun Nov 18, 2007 7:52 pm

Rather than blocking a single IP, you would block a range of IPs (but this also results in unintended casualties).

MD-2389 · Post by **MD-2389** » Sun Nov 18, 2007 11:09 pm

heftig wrote:You could try implementing a challenge-response system to determine if the user is human (CAPTCHAs, for example).

I second that. Make sure that its a method that isn't easy to screen capture. A good example would be what's in use at SGW. (FYI, the code there changes ever half hour)

fliptw · Post by **fliptw** » Mon Nov 19, 2007 11:19 am

bots don't bother with parsing CSS at all.

If you are up to modifying the login page of whatever system you are using you can eliminate bots from signing up.

MD-2389 · Post by **MD-2389** » Mon Nov 19, 2007 11:35 am

fliptw wrote:bots don't bother with parsing CSS at all.

If you are up to modifying the login page of whatever system you are using you can eliminate bots from signing up.

Actually, thats not true anymore. Certain users were busted for using cheat bots in that game, which screengrabbed the login code and were able to login like a normal account. The admin found out about it and changed the captcha system so that instead of only text numbers being displayed (you know, 1 2 3) you get a mixture of either the numbers spelled out (ie: one, two, three) and dice. He even had them contrasted randomly so that you have a mixture of white on black, and black on white.

fliptw · Post by **fliptw** » Mon Nov 19, 2007 11:50 am

MD-2389 wrote:random MD gibberish

to clarify what I said, bots don't check to see if the field they are filling has "display:none"(or any other CSS style) set or not; they also leverage the fact that people use common-sense names for fields like the username and password fields(ie username and password, rather than roidburger and lotharbot). Due to the use of pretty common and identical login and registration pages they also never check the number of required fields needed to complete the given task.

BigSlideHimself · Post by **BigSlideHimself** » Mon Nov 19, 2007 2:16 pm

Thanks for the feedback
- there's no actual login page, the nature of the site/database is to allow immediate access by all users. I realize this is an open door for anyone to access the server. However, right now I have a limit of 10 accesses per IP per day, and it seems to work all right. I seem to have one little snake who tries to circumvent thing. So back to IPs, how easy is it to spoof IPs, like if someone got ahold of mine could they get on the server that way.

fliptw · Post by **fliptw** » Mon Nov 19, 2007 3:09 pm

easy enough.

and they already have the ip for your server - they wouldn't be able to get to it without it.

BigSlideHimself · Post by **BigSlideHimself** » Mon Nov 19, 2007 3:59 pm

I mean - my person wireless address IP - which is static - and is different then the one that accesses my server. I made an exception for my IP - there's no limit on how many times I can access in a day.

fliptw · Post by **fliptw** » Mon Nov 19, 2007 4:17 pm

there is a 1 in ~ 4,005,962,361 chance of someone randomly guessing it.

BigSlideHimself · Post by **BigSlideHimself** » Tue Nov 20, 2007 4:11 am

I mean - to be more specific, there probably won't be much guessing going on.

fliptw · Post by **fliptw** » Tue Nov 20, 2007 11:36 am

unless you display a list of visitors IP's anywhere on your site, or all the sites you visit are in cahoots with this annoyance, they'll have to guess it.

What is this IP doing anyways? it might be some poor soul with a worm.

Blocking IP addresses

Blocking IP addresses

Re:

Re:

Re: