Page 2 of 2
Posted: Thu Feb 02, 2006 6:31 am
by timvw
khaki_monster wrote:im actually thinking of making an IP blocker for my shoutbox, and im concern of
maybe im banning or blocking a wrong visitors because of having same IP's
though they belong from different Location A and B.
Ban them anyway. Their ISP should take more care of spammers.. If she doesn't, time for them to look for another ISP. Usually this is the moment where the ISP changes his attitude towards spammers on his network..
Posted: Thu Feb 02, 2006 10:03 am
by duk
its easy...
almost clients use dinamic IP that means each time they connect to the internet they receive a new IP...
you block 81.20.54.5 hosname - MYCOMPEUTER
later the same IP 81.20.54.5 but with other HOSTNAME - NADIA (this means that is not the same persone)
proxys have always the same HOSTNAME associated to their IP so its easy...
again you need to play with HOSTNAMES AND IP ADDRESS get the host from the ip, check the database by ip and hostname if is blocked...
Posted: Thu Feb 02, 2006 10:15 am
by Roja
duk wrote:its easy...
almost clients use dinamic IP that means each time they connect to the internet they receive a new IP...
Which makes IP blocking hard, and ineffective - not easy. Block one, they relog, and they get a new IP.. not blocked.
duk wrote:proxys have always the same HOSTNAME associated to their IP so its easy...
No, they do not. In fact, the majority of proxies do NOT pass the hostname. In six years, and thousands of users, I've only seen two that do.
IP blocking is very ineffective and difficult.
Posted: Thu Feb 02, 2006 11:41 am
by timvw
I'm aware that most annoying ppl will use proxies etc to get round their ban (But these proxies simply end up in my banlist too).
I'm aware that most ppl can simply request a new IP from their ISP's DHCP server, but when i notice that too much ip's from the same block are in my list, i simply block the complete block. Is it effective? As long as they don't change from ISP. Are there innocent people victim of their actions? Yes.
Posted: Thu Feb 02, 2006 12:14 pm
by Roja
timvw wrote:I'm aware that most annoying ppl will use proxies etc to get round their ban (But these proxies simply end up in my banlist too).
Unfortunately, for online games, a huge chunk of visitors are coming from work, or national proxies, or AOL, or.. you get the idea. In an online game (where I spend most of my spare-time coding), banning an IP is both ineffective, AND has a huge false-positive rate.
In one game, banning one IP would have banned over a dozen unique, fairly strongly verified individual players.
IP blocking is the Nuclear option for online filtering. Don't use it unless you have no other choice.

Posted: Thu Feb 02, 2006 5:03 pm
by duk
you will never get 100% ip block... but you can get closer...
creating a proxy list.. creating rules, as timvw with ip blocks... you can set a timer for the blocking.. anyway you have a lot of prespectives...
and about proxies public lists a lot of proxys pass the hostname and if dont have a dns record... maybe a whois can obtain information...
Posted: Thu Feb 02, 2006 5:27 pm
by timvw
I use whois.net, it has links to arin, ripe and apnic.. That way i lookup to whom those ips have been assigned... I use this approach because i don't think there is a high chance that someone that is really interested in my blog and wants to post something will end up being blocked..
As Roja already said: there are situations where the false positives can be rather high. I've been a server administrator for a game named tetrinet, and i dediced to block all users that had an ip that reverse-resolved to *.adsl.skynet.be. For that situation it meant there were about 30 players banned for 1 lamer... With an average of 100 players in total, this isn't a good solution...
Posted: Thu Feb 02, 2006 7:55 pm
by raghavan20
I did not read every one of your posts ....
as far as IP's are concerned, there are two IPs global and local IP.
Local IP's are
10.0.0.0 256.0.0.0
172.x.x.x I do not really remember this..
192.168.x.x 256.256.256.0
These IP's are assigned to local area networks and these local area networks would most probably be connected to a router which would have a global IP which does not fall inside any of the range quoted above. So global IP is unique for a network or for a set of computers that share an Internet connection through a router or for a single user who uses a dial-up.
all devices in a local area network has unique IP and there cannot be two networking devices having the same IP which is taken care of by DHCP.
It is not prudent to block an user by IP. A simple example would be there are two PHP developers at my home and if I start to spam a forum, then if the forum moderator decides to block me by IP then he/she would block the other PHP developer as well.
you can also know more about how computers share a common global IP by searching for NAT and PAT.
Posted: Fri Feb 03, 2006 7:42 am
by khaki_monster
raghavan20
I did not read every one of your posts ....
as far as IP's are concerned, there are two IPs global and local IP.
wew! i didn't know much about Global and Local IP's...
so how do you guyz block a certain user? coz my idea is to simply let the guest signup some "form"
before they can post to my "shoutbox/ blog"("though its kind'a annoying just to post

").
this way its easy for me to control("according to username") a user everytime a violation occurred.
many tanx again to all!
cheerz!
Posted: Fri Feb 03, 2006 8:13 am
by duk
but you can have 2 local IP's with the same address and in the "same network" connected by switchs or other devices... but in diferent domains...