Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: prevent csv entries from same IP?

  1. #11
    Join Date
    Jul 2007
    Posts
    15

    Default Re: prevent csv entries from same IP?

    No, if its a voting situation we want to avoid multiple entries from the same person....

  2. #12
    Join Date
    Feb 2007
    Posts
    162

    Default Re: prevent csv entries from same IP?

    By use of the X-Forwarded-For HTTP header, the IP can be easily spoofed, and since the attacker doesn't care if they get a response back, they will have circumnavigated your attempt to detect IPs using REMOTE_ADDR. Now, I am not so much a "hacker", but this kind of info (and more) is widely available online. So yes, IPs can be spoofed. Another way that an IP can be "spoofed" is for an attacker to relay their requests to your server via a open proxy server. Their request then shows that it is originating from a different IP. Then, the more probable way that an attacker would get different IPs is to use their bot army to hammer away at your site. All these things considered (and this is not all of the ways to change IPs), you should never rely on IP addresses for verification or authentication if the nature of what you are trying to protect is important to you.

    As far as authentication goes, this was in general referring to having user accounts and making somebody log-in before sending a message to you. This may or may not be a solution, but probably hinges on the fact that you may or may not require anonymous users or unknown people to send messages. If you are not savvy with php, then setting up effective and secure user authentication is probably way over your head. If you should require my services, my hourly rate is fairly reasonable. $50USD per hour.

  3. #13
    Join Date
    Mar 2004
    Posts
    2,224

    Default Re: prevent csv entries from same IP?

    By use of the X-Forwarded-For HTTP header, the IP can be easily spoofed
    i knew about the rest, but not that HTTP header

    just did some research and REMOTE_ADDR always contains the IP address of the machine making the connection to the server - it cannot be spoofed

    but wot ur saying is it's not much use 'coz of networks of bots or easy changes to ip addr or relaying thru open proxies, etc. etc.

    i don't think X-Forwarded-For bears any relationship to ip blocking because it can be spoofed, as u said

    btw, i never thought ip blocking was a good idea - i just answered the OP's question

    thx 4 the extra info

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Is there a way of banning IP adresses?
    By Hawkslayer in forum Community Support
    Replies: 12
    Last Post: 02-Jan-2007, 02:04 PM
  2. Using Image Verification to prevent spam - no autoresponder required
    By info@marcel.co.za in forum Community Support
    Replies: 2
    Last Post: 28-Jun-2006, 05:20 AM
  3. Can prevent fmbadhandler from appending...
    By CWD in forum FormMail Subscription Support
    Replies: 1
    Last Post: 27-Jul-2005, 05:22 AM
  4. How to show remote Host and IP on html form
    By James in forum FormMail Subscription Support
    Replies: 2
    Last Post: 19-Jun-2005, 10:45 AM
  5. Store IP in CSV
    By JohnB in forum FormMail Subscription Support
    Replies: 50
    Last Post: 22-Feb-2005, 11:15 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •