Blocking IP addresses

For system help, all hardware / software topics NOTE: use Coders Corner for all coders topics.

Moderators: Krom, Grendel

Post Reply
User avatar
BigSlideHimself
DBB Ace
DBB Ace
Posts: 315
Joined: Tue Oct 26, 2004 4:25 pm

Blocking IP addresses

Post by BigSlideHimself »

I run a php based ordering system. And I've been having certain IPS spamming, now I can block the single IP that spams the service, but I have some other questions.

If someone uses a dynamic IP provider, does that just mean the next day they can spam again?

If someone uses one of those city wide wireless carriers - we have one around here called Xanadoo, where they just give you a wireless card - will there IP always change? How does that work exactly, because I assume everyone in the city doesn't have the same IP.

Would I just have to block a whole range of IPs? I don't really want to do that becuase it would knock out a huge user base. Thanks alot.
User avatar
heftig
DBB Ace
DBB Ace
Posts: 138
Joined: Mon Jun 05, 2006 9:55 pm
Location: Germany
Contact:

Post by heftig »

If the spamming is bot-driven changing the ordering system a bit should work. A while, at least. Whether the bots adapt to your site depends on how important the spammers think your site is. You could try implementing a challenge-response system to determine if the user is human (CAPTCHAs, for example).

Dynamic IP means just that. They get another IP when they reconnect. Some ISPs force a disconnect every now and then to force an IP change.

I believe Xanadoo uses dynamic IPs.
User avatar
BigSlideHimself
DBB Ace
DBB Ace
Posts: 315
Joined: Tue Oct 26, 2004 4:25 pm

Post by BigSlideHimself »

So on Dynamic IPs: I also run a message board that blocks IPs - not unlike this one- and I don't have a problem with those users coming back. And if memory serves, when I was blocked from the DBB, even with a dynamic IP I still couldn't post. So how do you go about blocking a dynamic IP?
User avatar
Krom
DBB Database Master
DBB Database Master
Posts: 16138
Joined: Sun Nov 29, 1998 3:01 am
Location: Camping the energy center. BTW, did you know you can have up to 100 characters in this location box?
Contact:

Post by Krom »

Rather than blocking a single IP, you would block a range of IPs (but this also results in unintended casualties).
MD-2389
Defender of the Night
Defender of the Night
Posts: 13477
Joined: Thu Nov 05, 1998 12:01 pm
Location: Olathe, KS
Contact:

Re:

Post by MD-2389 »

heftig wrote:You could try implementing a challenge-response system to determine if the user is human (CAPTCHAs, for example).
I second that. Make sure that its a method that isn't easy to screen capture. A good example would be what's in use at SGW. (FYI, the code there changes ever half hour)
User avatar
fliptw
DBB DemiGod
DBB DemiGod
Posts: 6459
Joined: Sat Oct 24, 1998 2:01 am
Location: Calgary Alberta Canada

Post by fliptw »

bots don't bother with parsing CSS at all.

If you are up to modifying the login page of whatever system you are using you can eliminate bots from signing up.
MD-2389
Defender of the Night
Defender of the Night
Posts: 13477
Joined: Thu Nov 05, 1998 12:01 pm
Location: Olathe, KS
Contact:

Re:

Post by MD-2389 »

fliptw wrote:bots don't bother with parsing CSS at all.

If you are up to modifying the login page of whatever system you are using you can eliminate bots from signing up.
Actually, thats not true anymore. Certain users were busted for using cheat bots in that game, which screengrabbed the login code and were able to login like a normal account. The admin found out about it and changed the captcha system so that instead of only text numbers being displayed (you know, 1 2 3) you get a mixture of either the numbers spelled out (ie: one, two, three) and dice. He even had them contrasted randomly so that you have a mixture of white on black, and black on white.
User avatar
fliptw
DBB DemiGod
DBB DemiGod
Posts: 6459
Joined: Sat Oct 24, 1998 2:01 am
Location: Calgary Alberta Canada

Re:

Post by fliptw »

MD-2389 wrote:random MD gibberish
to clarify what I said, bots don't check to see if the field they are filling has "display:none"(or any other CSS style) set or not; they also leverage the fact that people use common-sense names for fields like the username and password fields(ie username and password, rather than roidburger and lotharbot). Due to the use of pretty common and identical login and registration pages they also never check the number of required fields needed to complete the given task.
User avatar
BigSlideHimself
DBB Ace
DBB Ace
Posts: 315
Joined: Tue Oct 26, 2004 4:25 pm

Post by BigSlideHimself »

Thanks for the feedback
- there's no actual login page, the nature of the site/database is to allow immediate access by all users. I realize this is an open door for anyone to access the server. However, right now I have a limit of 10 accesses per IP per day, and it seems to work all right. I seem to have one little snake who tries to circumvent thing. So back to IPs, how easy is it to spoof IPs, like if someone got ahold of mine could they get on the server that way.
User avatar
fliptw
DBB DemiGod
DBB DemiGod
Posts: 6459
Joined: Sat Oct 24, 1998 2:01 am
Location: Calgary Alberta Canada

Post by fliptw »

easy enough.

and they already have the ip for your server - they wouldn't be able to get to it without it.
User avatar
BigSlideHimself
DBB Ace
DBB Ace
Posts: 315
Joined: Tue Oct 26, 2004 4:25 pm

Post by BigSlideHimself »

I mean - my person wireless address IP - which is static - and is different then the one that accesses my server. I made an exception for my IP - there's no limit on how many times I can access in a day.
User avatar
fliptw
DBB DemiGod
DBB DemiGod
Posts: 6459
Joined: Sat Oct 24, 1998 2:01 am
Location: Calgary Alberta Canada

Post by fliptw »

there is a 1 in ~ 4,005,962,361 chance of someone randomly guessing it.
User avatar
BigSlideHimself
DBB Ace
DBB Ace
Posts: 315
Joined: Tue Oct 26, 2004 4:25 pm

Post by BigSlideHimself »

I mean - to be more specific, there probably won't be much guessing going on.
User avatar
fliptw
DBB DemiGod
DBB DemiGod
Posts: 6459
Joined: Sat Oct 24, 1998 2:01 am
Location: Calgary Alberta Canada

Post by fliptw »

unless you display a list of visitors IP's anywhere on your site, or all the sites you visit are in cahoots with this annoyance, they'll have to guess it.

What is this IP doing anyways? it might be some poor soul with a worm.
Post Reply