Welcome to WebmasterWorld Guest from 54.198.179.85

Forum Moderators: Ocean10000 & incrediBILL & keyplyr

Message Too Old, No Replies

AOL changing IPs

Velocity and other traps

     
9:51 pm on Jun 4, 2008 (gmt 0)

Junior Member

5+ Year Member

joined:May 11, 2008
posts:55
votes: 0


Iíve known for a while that in the case of changing AOL IPs my velocity triggered events could be better implemented. I still trap some situations but things could be much better. Some time ago I also implemented an embedded IP trap in the web site logic of some functions. Today I realized that the multiple per session, ever changing, AOL IP ďfeatureĒ breaks that logic. Bugger. I need to address the AOL changing IP situation.

Looking back over the logs it appears that:

. gethostbyaddr - not all AOL IPs yield a host name; those that do resolve end in proxy.aol.com.
. UA always seem to contain AOL
. The first three IP octets appear to be constant.

To address the the AOL problem Iím currently thinking about changing to a technique where I identify AOL visitors based on UA (and maybe host name), use only the first three octets of AOL visitors IPs and possibly appended with a hash of some sort per session. That would restore velocity traps to full function and I could re-implement the IP logic trap.

Any suggestions? Help would be much appreciated.

Cheers,
Phred

10:23 pm on June 5, 2008 (gmt 0)

Administrator from US 

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 25, 2005
posts:14650
votes: 94


When dealing with shared IP pools such as AOL and others you need to put special time limits on the quarantine period, such as an hour instead of 24 hours.

Amazingly, many bad bots accept cookies because some sites won't work unless you accept cookies, so I feed them a session cookie and it tracks them across multiple IP addresses on AOL so once I flag the session as bad, you can run, hop IPs, whatever, but until you toss that cookie, you're still blocked ;)

Hope that helps.