Multiple IPs from same computer? [solved]

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Eric!
DevNet Resident
Posts: 1146
Joined: Sun Jun 14, 2009 3:13 pm

Multiple IPs from same computer? [solved]

Post by Eric! »

I have a download page with links to download script. I've been monitoring IP addresses of the remote_addr of people that log into the download page and comparing them to those who try to access the download script. Once in a rare while when someone logs in from say 65.100.105.22 then they click to download something which executes the download script it logs something different like 65.100.105.30. This only happens once in about 6 months and because the download script blocks requests from IP's that are not logged in the script fails. But I've found that these cases are legitmate users who are logged in and just trying to download something.

Does anyone know why a different IP would appear? Is this caused by a router firewall that is balancing loads or something? I don't get it.
Last edited by Eric! on Fri Nov 13, 2009 8:11 am, edited 1 time in total.
User avatar
Peter Anselmo
Forum Commoner
Posts: 58
Joined: Wed Feb 27, 2008 7:22 pm

Re: Multiple IPs from same computer?

Post by Peter Anselmo »

I would guess they are browsing from an ISP that uses revolving IP addresses (most do by default). Perhaps their IP address changed while on your site, but since they were using the same session/cookie, they stayed logged in.
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Re: Multiple IPs from same computer?

Post by superdezign »

Peter Anselmo wrote:their IP address changed while on your site, but since they were using the same session/cookie, they stayed logged in.
This.
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: Multiple IPs from same computer?

Post by VladSun »

Also, some users may have load balanced links to one or several ISPs (e.g. three ADSL modems connected to a load balancer).
This way while a single HTTP session is passed through a single link, it's not guaranteed that the next HTTP session will use the same link again.

We had a related discussion here : viewtopic.php?f=19&t=96910
There are 10 types of people in this world, those who understand binary and those who don't
Eric!
DevNet Resident
Posts: 1146
Joined: Sun Jun 14, 2009 3:13 pm

Re: Multiple IPs from same computer?

Post by Eric! »

VladSun wrote:Also, some users may have load balanced links to one or several ISPs (e.g. three ADSL modems connected to a load balancer).
I think this may be the case as the get request for the page and the download links are within 10's of seconds apart yet come from different ip addresses. It happened consistantly with this user while I tried to debug it. The locking of an IP seemed like a good idea but I guess it's back to sessions only.

Thanks for the link too. If only I had read it earlier...
User avatar
Apollo
Forum Regular
Posts: 794
Joined: Wed Apr 30, 2008 2:34 am

Re: Multiple IPs from same computer?

Post by Apollo »

Eric! wrote:I think this may be the case as the get request for the page and the download links are within 10's of seconds apart yet come from different ip addresses.
Do you know approximately how many different IP addresses were used by a single user, within a typical single-visit timeframe?

Did such users only jump between two or three different IPs, or between varying IPs within a limited network range (e.g. did they all look like 65.100.105.*) or were the IPs really completely random?
Eric!
DevNet Resident
Posts: 1146
Joined: Sun Jun 14, 2009 3:13 pm

Re: Multiple IPs from same computer? [solved]

Post by Eric! »

This user only had purchased one item so his session was limited to just logging on and downloading one item. I also know this guy is low tech and not running anything locally like a vpn. The download request seems to come from the same IP so perhaps there is a header type that the load-balancer detects and moves to another address...? They were all from the same network range. So you could just ignore the last set of numbers and still do some sort of IP lock that way. But it seems this idea has some fundamental flaws that I hadn't considered before.

Here's an example sesson:
Logged in: 64.xxx.yyy.202
HTTP GET for script: 64.xxx.yyy.136

Another time
Logged in: 64.xxx.yyy.130
HTTP Get for script: 64.xxx.yyy.136

Unless they are using TOR or something I wouldn't expect random IPs. But I've been wrong before.
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Re: Multiple IPs from same computer? [solved]

Post by superdezign »

Eric! wrote:Unless they are using TOR or something I wouldn't expect random IPs. But I've been wrong before.
Using TOR for downloading? That'd be... slow. I don't find my IP address to be important enough that slow download speeds are worth the privacy.
Eric!
DevNet Resident
Posts: 1146
Joined: Sun Jun 14, 2009 3:13 pm

Re: Multiple IPs from same computer? [solved]

Post by Eric! »

Just as a follow up to this. I've had some security code in place for about a year now that prevents logged in IPs from downloading files if the first 3 sets of numbers from their sub-net doesn't match. This has worked great because any load balancing networks usually only vary the last portion of the sub-net.

However I ran into one valid user who had this network setup:

Login IP (200.56.182.*)
Download IP (201.225.58.*)

I verified this multiple times that his http GET requests were from the login ip and each binary download was routing through the other IP. My program blocked this, so I had to go in and fix it just for him, and then put it back after he was finished. But it was really weird.... I still feel like he was trying to do something tricky, but he had paid and it was a valid user.
Post Reply