Results 1 to 11 of 11
  1. #1
    Platinum Lounger
    Join Date
    Feb 2002
    Location
    A Magic Forest in Deepest, Darkest Kent
    Posts
    5,681
    Thanks
    0
    Thanked 1 Time in 1 Post

    Spotting a moody IP

    There has been discussion about the use of the .htaccess file recently that requires IP addresses to work. I am getting bugged by an address from the Phillipines (or purporting to be from there). Some of you will know there is no DNS listing of IP's from the Phillipines. This irritating site is spoofing my guestbook. My Guestbook is very basic and it is always this particular URL that is spoofing details.

    I have a cunning plan using the code in http://www.magicforest.co.uk/jezza.asp where I can ID incoming IP addresses. What I was planning to as an experiment was to place a hidden text box on the page and have the IP address of the incoming page placed in it. As a Phillipine address hits my site the text box would have null value.

    Using the some javascript I could then make a check...If an IP present go to guestbook, if not redirect to a dead link on my site. The code I use to see the IP address is:

    <%Response.Write(Request.ServerVariables("remote_a ddr"))%>

    Do you think this a workable solution, obviously not fool proof but I just wanted to limit the occurences?
    Jerry

  2. #2
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Spotting a moody IP

    I don't understand the part about looking up the IP. When I visit your page, my IP address is listed twice. You get a different result for the "bot" messing with your guest book? Actually, just using JavaScript might throw it off...

  3. #3
    Platinum Lounger
    Join Date
    Feb 2002
    Location
    A Magic Forest in Deepest, Darkest Kent
    Posts
    5,681
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Spotting a moody IP

    When you say "just using javascript to throw it off..." do you mean just have a javascript widget running on the entry page?

    Just for my deeper knowledge; when a bot visits, does it physically enter the site with an IP from the visiting server the same as us picking up our router or proxy server IP <img src=/S/shrug.gif border=0 alt=shrug width=39 height=15>
    Jerry

  4. #4
    Platinum Lounger
    Join Date
    Dec 2000
    Location
    Hornsby Heights, New South Wales, Australia
    Posts
    3,822
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Spotting a moody IP

    Why don't you just check for the IP address at the top of gb.asp thus:

    <%
    if Request.ServerVariables("REMOTE_ADDR") = "123.123.123.123" then response.redirect "http://disney.com" (or where ever else you wanna send them)
    %>

    Javascript can be overcome by bots, the above lines can't.
    Cheers, Claude.

  5. #5
    Platinum Lounger
    Join Date
    Feb 2002
    Location
    A Magic Forest in Deepest, Darkest Kent
    Posts
    5,681
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Spotting a moody IP

    Hi Claude thanks for this

    Must be a bad hair day, I tried it on my IP and I can't work it, it must be my syntax <img src=/S/shrug.gif border=0 alt=shrug width=39 height=15>

    <html>
    <head><title>Redirect</title>
    <script>
    <%
    if Request.ServerVariables("remote_addr") = "XX.XX.XX.XX" then response.redirect "http://disney.com" %>
    </script>
    </head>
    <body>


    Welcome to my page
    </body>
    </html>

    Other thing is I do not know the IP as it won't list on DNS
    Jerry

  6. #6
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Spotting a moody IP

    I meant that a bot usually does not look inside JavaScript to follow where your script might lead. However, Claude undoubtedly sees trickier agents than I do.

    You will get an IP addres, and it should show up in your logs. Your server cannot respond with a page (or another resource) without being given an IP address to send it back to. Now, the address may very well be one of hundreds within a huge block, with no way to track it back to any person or company, no way to differentiate the innocent from the guilty. But that's not your problem. <img src=/S/grin.gif border=0 alt=grin width=15 height=15>

  7. #7
    Platinum Lounger
    Join Date
    Dec 2000
    Location
    Hornsby Heights, New South Wales, Australia
    Posts
    3,822
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Spotting a moody IP

    That won't work, the redirect request has gotta come before the html header

    We're not talking javascript, we're talking VBScript in ASP, no need for the <script></script> stuff....

    REMOTE_ADDR has to be in caps. (I think, but, in any case, seeing that REMOTE_ADDR is a constant, it stands out in the code if it is in caps)


    <% if Request.ServerVariables("REMOTE_ADDR") = "XX.XX.XX.XX" then response.redirect "http://disney.com" %>
    <html>
    <head><title>Redirect</title>
    </head>
    <body

    hope this helps,
    Cheers, Claude.

  8. #8
    Platinum Lounger
    Join Date
    Feb 2002
    Location
    A Magic Forest in Deepest, Darkest Kent
    Posts
    5,681
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Spotting a moody IP

    <img src=/S/blush.gif border=0 alt=blush width=15 height=15>

    Yes, it works now in test <img src=/S/dizzy.gif border=0 alt=dizzy width=15 height=15>

    Now off to my log files and to search for this IP address <img src=/S/grin.gif border=0 alt=grin width=15 height=15>
    Jerry

  9. #9
    Platinum Lounger
    Join Date
    Feb 2002
    Location
    A Magic Forest in Deepest, Darkest Kent
    Posts
    5,681
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Spotting a moody IP

    Weeelll, that was worth the 30 minutes of searching. I did an Googlr on the domain and I have found that it is a well known open proxy used by hackers and spammers to do their dirty deeds. I even found the IP address of the server and a few other proxy IP. Searching my logs shows these numbers present.

    Can I assume that as I have 5 of the IP addresses I can just write the line of code 5 times each with a different IP address from my list?
    Jerry

  10. #10
    Platinum Lounger
    Join Date
    Dec 2000
    Location
    Hornsby Heights, New South Wales, Australia
    Posts
    3,822
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Spotting a moody IP

    Instead of sending them elsewhere, you could just issue a 403 error.

    If InStr("123.123.123.123 234.234.234.234" , Request.ServerVariables("REMOTE_ADDR") <> 0 Then
    Response.Status = "403 Access Forbidden"
    Response.Write Response.Status
    Response.End
    End If

    Just change 123.123.123.123 234.234.234.234 into a single string of the five IP addresses you've got and add new ones as needed.

    For detailed http header info see http://www.w3.org/pub/WWW/Protocols/rfc2068/rfc2068.txt
    Cheers, Claude.

  11. #11
    Platinum Lounger
    Join Date
    Feb 2002
    Location
    A Magic Forest in Deepest, Darkest Kent
    Posts
    5,681
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Spotting a moody IP

    Thank you very much, an area I have not really ventured into before, I will monitor my site and see what happens <img src=/S/hiding.gif border=0 alt=hiding width=70 height=24>
    Jerry

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •