Jump to content
MakeWebGames

Recommended Posts

Posted

Yes I know IPs can get messed with and you cannot tell for sure that people aren't using proxies and that dynamic ips aren't reissued to another one of your players...but here is one half of what I use to stop multies:

 

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

on any page where there is a user to user transaction: (I know there is a db way of doing this more efficient but this works)

 

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

obviously change the message to reflect the page that you are securing.

create a table called iplogs with 2 fields (if someone wants to make a query for it I will edit this section)

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

This will make your staff lazy but happy as all they now have to do is be watchful of middle man transactions and proxy multi transfers. Maybe if I feel generous I will release the second half of the automation i've written to stop both of those things.

Posted

Re: [mccode] Advanced IP Tracking

$ip = $_SERVER['REMOTE_ADDR'];

$ip = mysql_real_escape_string($ip);

An IP adress is a number, try setting it as an integer.

Posted

Re: [mccode] Advanced IP Tracking

 

$ip = $_SERVER['REMOTE_ADDR'];

$ip = mysql_real_escape_string($ip);

An IP adress is a number, try setting it as an integer.

actually its a string...not until you convert it using ip2long does it actually become a number.

Guest Anonymous
Posted

Re: [mccode] Advanced IP Tracking

ip2long converts it to a SIGNED integer -- be careful here - that's about as much use as a chocolate teapot.

Think about how IP's work -- Think about how masking works - in particular CIDR records and you see far better solutions.

Not to mention ... REMOTE_ADDR is on it's own pretty poor. Use the forum search facility - there are far better routines for picking up IP addresses.

There is also the issue that REMOTE_ADDR can contain a comma separated list of IP addresses..., not to mention rotating proxies like AOL.

 

... can of worms ...

Solvable, but it's not obvious.

Posted

Re: [mccode] Advanced IP Tracking

 

ip2long converts it to a SIGNED integer -- be careful here - that's about as much use as a chocolate teapot.

Think about how IP's work -- Think about how masking works - in particular CIDR records and you see far better solutions.

Not to mention ... REMOTE_ADDR is on it's own pretty poor. Use the forum search facility - there are far better routines for picking up IP addresses.

There is also the issue that REMOTE_ADDR can contain a comma separated list of IP addresses..., not to mention rotating proxies like AOL.

 

... can of worms ...

Solvable, but it's not obvious.

long2ip() brings it back to a normal format so not an issue, just more efficient to store a number than a string in mysql or any DB for that matter

CIDR can still be faked (cause you just pick up the location of the proxy) also it just shows a range of IPs as far as I know and therefore just as effective

As far as I know there is only one way to truly check using javascript

Remote_ADDR is the most secure of the ip functions built in (as far as I know) X_Forwarded_For can be changed by the user.

As to the commas I haven't had a problem doing it this way

If you know something why do you always have to be cryptic nyna?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...