Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion GroupsGeneralPHPASPPerlColdFusionFlashHTML, CSS, ScriptsBrowsers

Webmaster Forum / ASP / Database Access / August 2007


Tip: Looking for answers? Try searching our database.

trying to capture IP address of PC that submits data to Access db

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Larry D - 21 Aug 2007 23:19 GMT
I have a form on a site where users submit some data. I have had a problem
with someone submitting garbage data, I can delete it but would like to stop
it. I started capturing IP addresses using the code below to write the IP to
the access db where the other data goes. I have submitted the form from 2
different PCs and collected my IP address, but my nemisis has submitted
again and it did not collect his IP address. How did he prevent that and how
can I identify him. I do not actually want to find him but would just change
my code to ignore anything from his IP. TIA

Larry

<input type="hidden" name="captureIP" value="<%=
Request.ServerVariables("REMOTE_ADDR") %>">

 rs("captureIP") = IPAddress
Reply to this Message
Bob Barrows [MVP] - 22 Aug 2007 06:56 GMT
> I have a form on a site where users submit some data. I have had a
> problem with someone submitting garbage data, I can delete it but
[quoted text clipped - 11 lines]
>
>  rs("captureIP") = IPAddress

It cannot be done. There is no method that cannot be defeated by a
determined hacker. Concentrate instead on rejecting bad data.
Signature

Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"

Reply to this Message
Bob Milutinovic - 22 Aug 2007 07:30 GMT
>I have a form on a site where users submit some data. I have had a problem
>with someone submitting garbage data, I can delete it but would like to
[quoted text clipped - 11 lines]
>
>  rs("captureIP") = IPAddress

There're quite a few methods by which a site visitor can get to your site,
and REMOTE_ADDR won't necessarily be populated by all of those methods.

Here's a snippet from a site statistics gatherer I put together a few years
ago; it won't be successful 100% of the time, but it'll be a lot more
successful than your single-value check.

sIP = trim(Request.ServerVariables("REMOTE_ADDR"))
if not isIP(sIP) then
 sIP = trim(Request.ServerVariables("REMOTE_HOST"))
 if not isIP(sIP) then
   sIP = trim(Request.ServerVariables("HTTP_CLIENT_IP"))
   if not isIP(sIP) then
     sIP = trim(Request.ServerVariables("HTTP_X_FORWARDED_FOR"))
   end if
 end if
end if
if not isIP(sIP) then sIP = "(unknown)"

And the boolean isIP function, which simply checks for a valid IP address;

function isIP(sIP)
 if isNull(sIP) or len(sIP) < 7 then
   isIP = false
   exit function
 end if
 bOutput = true
 aQuads = split(sIP, ".")
 if uBound(aQuads) <> 3 then
   isIP = false
   exit function
 end if
 for i = 0 to 3
   if not isNumeric(aQuads(i)) then
     bOutput = false
     exit for
   end if
   if aQuads(i) < 0 or aQuads(i) > 255 then
     bOutput = false
     exit for
   end if
 next
 isIP = bOutput
end function

Signature

Bob Milutinovic
Cognicom - "Australia's Web Presence Specialists"
http://www.cognicom.net.au/
telephone (0417) 45-77-66
facsimile (02) 9824-2240

Reply to this Message
Evertjan. - 22 Aug 2007 08:25 GMT
Bob Milutinovic wrote on 22 aug 2007 in microsoft.public.inetserver.asp.db:

> function isIP(sIP)
>   if isNull(sIP) or len(sIP) < 7 then
[quoted text clipped - 19 lines]
>   isIP = bOutput
> end function

<%
function isIP(x)
  reTemp = "(\d|([1-9]\d)|(1\d\d)|(2[0-4]\d)|(25[0-5]))"
  Set regEx = New RegExp
  regEx.Pattern = "^(" & reTemp & "\.){3}" & reTemp & "$"
  isIP = regEx.Test(x)
End Function
%>

Signature

Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)

Reply to this Message
Bob Milutinovic - 23 Aug 2007 08:56 GMT
> Bob Milutinovic wrote on 22 aug 2007 in
> microsoft.public.inetserver.asp.db:
[quoted text clipped - 31 lines]
> End Function
> %>

Indeed.

In my defence, as I said, I'd written the routine several years ago.

But I'll thank you nonetheless; yours is a far more elegant solution.

Signature

Bob Milutinovic
Cognicom - "Australia's Web Presence Specialists"
http://www.cognicom.net.au/
telephone (0417) 45-77-66
facsimile (02) 9824-2240

Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.