Page 1 of 1
Multiple IPs from same computer? [solved]
Posted: Thu Nov 12, 2009 11:45 am
by Eric!
I have a download page with links to download script. I've been monitoring IP addresses of the remote_addr of people that log into the download page and comparing them to those who try to access the download script. Once in a rare while when someone logs in from say 65.100.105.22 then they click to download something which executes the download script it logs something different like 65.100.105.30. This only happens once in about 6 months and because the download script blocks requests from IP's that are not logged in the script fails. But I've found that these cases are legitmate users who are logged in and just trying to download something.
Does anyone know why a different IP would appear? Is this caused by a router firewall that is balancing loads or something? I don't get it.
Re: Multiple IPs from same computer?
Posted: Thu Nov 12, 2009 11:02 pm
by Peter Anselmo
I would guess they are browsing from an ISP that uses revolving IP addresses (most do by default). Perhaps their IP address changed while on your site, but since they were using the same session/cookie, they stayed logged in.
Re: Multiple IPs from same computer?
Posted: Thu Nov 12, 2009 11:06 pm
by superdezign
Peter Anselmo wrote:their IP address changed while on your site, but since they were using the same session/cookie, they stayed logged in.
This.
Re: Multiple IPs from same computer?
Posted: Fri Nov 13, 2009 4:36 am
by VladSun
Also, some users may have load balanced links to one or several ISPs (e.g. three ADSL modems connected to a load balancer).
This way while a single HTTP session is passed through a single link, it's not guaranteed that the next HTTP session will use the same link again.
We had a related discussion here :
viewtopic.php?f=19&t=96910
Re: Multiple IPs from same computer?
Posted: Fri Nov 13, 2009 8:04 am
by Eric!
VladSun wrote:Also, some users may have load balanced links to one or several ISPs (e.g. three ADSL modems connected to a load balancer).
I think this may be the case as the get request for the page and the download links are within 10's of seconds apart yet come from different ip addresses. It happened consistantly with this user while I tried to debug it. The locking of an IP seemed like a good idea but I guess it's back to sessions only.
Thanks for the link too. If only I had read it earlier...
Re: Multiple IPs from same computer?
Posted: Fri Nov 13, 2009 8:39 am
by Apollo
Eric! wrote:I think this may be the case as the get request for the page and the download links are within 10's of seconds apart yet come from different ip addresses.
Do you know approximately
how many different IP addresses were used by a single user, within a typical single-visit timeframe?
Did such users only jump between two or three different IPs, or between varying IPs within a limited network range (e.g. did they all look like 65.100.105.*) or were the IPs really completely random?
Re: Multiple IPs from same computer? [solved]
Posted: Fri Nov 13, 2009 3:06 pm
by Eric!
This user only had purchased one item so his session was limited to just logging on and downloading one item. I also know this guy is low tech and not running anything locally like a vpn. The download request seems to come from the same IP so perhaps there is a header type that the load-balancer detects and moves to another address...? They were all from the same network range. So you could just ignore the last set of numbers and still do some sort of IP lock that way. But it seems this idea has some fundamental flaws that I hadn't considered before.
Here's an example sesson:
Logged in: 64.xxx.yyy.202
HTTP GET for script: 64.xxx.yyy.136
Another time
Logged in: 64.xxx.yyy.130
HTTP Get for script: 64.xxx.yyy.136
Unless they are using TOR or something I wouldn't expect random IPs. But I've been wrong before.
Re: Multiple IPs from same computer? [solved]
Posted: Fri Nov 13, 2009 8:51 pm
by superdezign
Eric! wrote:Unless they are using TOR or something I wouldn't expect random IPs. But I've been wrong before.
Using TOR for downloading? That'd be... slow. I don't find my IP address to be important enough that slow download speeds are worth the privacy.
Re: Multiple IPs from same computer? [solved]
Posted: Mon Nov 08, 2010 10:29 am
by Eric!
Just as a follow up to this. I've had some security code in place for about a year now that prevents logged in IPs from downloading files if the first 3 sets of numbers from their sub-net doesn't match. This has worked great because any load balancing networks usually only vary the last portion of the sub-net.
However I ran into one valid user who had this network setup:
Login IP (200.56.182.*)
Download IP (201.225.58.*)
I verified this multiple times that his http GET requests were from the login ip and each binary download was routing through the other IP. My program blocked this, so I had to go in and fix it just for him, and then put it back after he was finished. But it was really weird.... I still feel like he was trying to do something tricky, but he had paid and it was a valid user.