REMOTE_ADDR giving client or dynamic dail-up IP?

Forum Moderators: phranque

Message Too Old, No Replies

REMOTE_ADDR giving client or dynamic dail-up IP?

I need to block some troublemakers from viewing my website

T_Rex

6:25 pm on Aug 24, 2004 (gmt 0)

Hi: This newbie qiuestion is a result of not being able to find a definition for remote_addr

In a newly created website, I have been log-spammed already by a handful of competitive troublemakers making gossip-y posts to a poorly moderated list. Now I want to block those trouble makers for trolling my URL. My conccrn is with dial-up: Can Remote_addr define a condition where I can rewrite the troll from seeing my site as I want? Or just block that ISP's individual address that was assigned during a specific dail-up session.

In other words, does Remote_addr give the clients IP or one of the IP's from the block of IP's owned by the client's ISP? Should I be looking at HTTP_x_Forwarded_For instead?
/ Thanks in advance for any advice

jdMorgan

6:55 pm on Aug 24, 2004 (gmt 0)

> Does Remote_addr give the clients IP or one of the IP's from the block of IP's owned by the client's ISP? Should I be looking at HTTP_x_Forwarded_For instead?

REMOTE_ADDR gives the address of the agent issuing the request, which can be either the "user" or a caching proxy between the user and your server, as you've surmised. Dial-ups are problematic, because the IP address may be assigned to another user within a very short period of time. HTTP:Via and HTTP:Forwarded-For can be used to detect a proxy forwarding situation, but you still don't know if that IP has been recently reassigned to another dial-up session.

Take a look at their posting habits, words always used, sigs, etc. and see if you might patch your forum script to catch them by their *behaviour* and send their posts to the bit-bucket. Do it silently (as if your site is broken) rather than escalating the situation.

If that's not possible and you have to block by IP address, you'll need to carefully evaluate the possibility of another user getting that IP address, and set your IP blocking to expire after a relatively short time.

In the meantime, consistently nuke each of their irrelevant posts, delete their user accounts, and otherwise keep up with them. Eventually, they may tire of the game.

If you can manage to pin down their IP address, then you can either serve them alternate content, or serve a 403-Forbidden response. However, it's not really worth a lot of your time if you can just make them lose interest. Good moderating and strict terms of service will help to prevent your forum from becoming a low-budget advertiser's playground -- This is one of the main reasons for the strict rules here, BTW.

Jim

T_Rex

9:04 pm on Aug 24, 2004 (gmt 0)

Thanks Jim. It is a public-service, and product information website of mine that they are log spamming on a competitive groups forum that I can't nuke.
I took a look at their posting behavior and "header view source" of their posts and it looks like about 1/2 of them are consistanlty having the same remote-addr Some are apparently doing it from corporations while at work. while the other half are apparently changing remote-addr, probably on phone lines connected to the biggie ISP's so I can't touch them in terms of a ban.
Your response has been very helpful to this most unusual situation. Thanks the most.