SitePoint Sponsor

User Tag List

Results 1 to 12 of 12
  1. #1
    SitePoint Enthusiast
    Join Date
    Jan 2003
    Posts
    65
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Finding visitors real ip address

    I want to store the visitors real ip address in my db of anyone signing the guestbook. I want to do this as I have had several cases of people leaving links to porn sites in the guestbook. This is not a major problem as all messages have to be validated before they appear on the site. However, as I run my own apache web server on a windows box, I would like to track and ban the ip addresses of these folk leaving such messages. I've tried looking through my server log but as I get quite a few hits per day and alot of guestbook entries, butting ip addresses in the db will be easier for me trace them.

    I've tried using $ip = $_SERVER["REMOTE_ADDR"]; and also $ip = getenv("REMOTE_ADDR"); but if someone is behind a router then i don't get their true ip address.

    Any help would be most appreciated and I thank you for your time.

  2. #2
    SitePoint Guru MikeBigg's Avatar
    Join Date
    Jun 2004
    Location
    Reading, UK
    Posts
    970
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    There are 3 places the IP address can be found. The furst may return more than one separated by commas.

    PHP Code:
    $_SERVER["HTTP_X_FORWARDED_FOR"];
    $_SERVER["REMOTE_ADDR"];
    $_SERVER["HTTP_CLIENT_IP"]; 
    Your porn posters may be posting through anonymous proxys which don't forward the originsl IP address anyway.

    Mike

  3. #3
    SitePoint Enthusiast
    Join Date
    Jan 2003
    Posts
    65
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by MikeBigg
    There are 3 places the IP address can be found. The furst may return more than one separated by commas.

    PHP Code:
    $_SERVER["HTTP_X_FORWARDED_FOR"];
    $_SERVER["REMOTE_ADDR"];
    $_SERVER["HTTP_CLIENT_IP"]; 
    Your porn posters may be posting through anonymous proxys which don't forward the originsl IP address anyway.

    Mike
    Thanks for your reply Mike. After taking on board your info, would the following be acrude but effective way to log ip addresses.

    PHP Code:
     
    if ($_SERVER["HTTP_X_FORWARDED_FOR"])

    $ip=$_SERVER["HTTP_X_FORWARDED_FOR"]; 
    }
    else 
    if (
    $_SERVER["HTTP_CLIENT_IP"])
    {
    $ip=$_SERVER["HTTP_CLIENT_IP"];
    }
    else

    $ip=$_SERVER["REMOTE_ADDR"]; 

    i'll need to look into annonymous proxies though as i have no idea knoledge of these.

  4. #4
    SitePoint Guru worchyld's Avatar
    Join Date
    Jul 2003
    Location
    Newcastle upon Tyne
    Posts
    909
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I put it into a class;

    Code:
    class clsIP() {
    
    	/**
    	* IP Function	(constructor)
    	* @param	(none) N/A
    	* @return	$ip (string) IP
    	**/
    	
    	function clsIP() { 
    		/* 
    		This function checks if user is coming behind proxy server. Why is this important? 
    		If you have high traffic web site, it might happen that you receive lot of traffic 
    		from the same proxy server (like AOL). In that case, the script would count them all as 1 user. 
    		This function tryes to get real IP address. 
    		Note that getenv() function doesn't work when PHP is running as ISAPI module 
    		*/ 
    		if (getenv('HTTP_CLIENT_IP')) { 
    		    $ip = getenv('HTTP_CLIENT_IP'); 
    		} 
    		elseif (getenv('HTTP_X_FORWARDED_FOR')) { 
    		    $ip = getenv('HTTP_X_FORWARDED_FOR'); 
    		} 
    		elseif (getenv('HTTP_X_FORWARDED')) { 
    		    $ip = getenv('HTTP_X_FORWARDED'); 
    		} 
    		elseif (getenv('HTTP_FORWARDED_FOR')) { 
    		    $ip = getenv('HTTP_FORWARDED_FOR'); 
    		} 
    		elseif (getenv('HTTP_FORWARDED')) { 
    		    $ip = getenv('HTTP_FORWARDED'); 
    		} 
    		else { 
    		    $ip = $_SERVER['REMOTE_ADDR']; 
    		} 
    		return $ip; 
    	} // end function
    
    	/**
    	* Mask IP Function
    	* @param	$ip (string) IP address to mask
    	* @return	$concealed (string) the masked IP address
    	**/
    	
    	function maskIP($ip) {
    		$quads = split('\.', $ip); 
    		$quads[0] = ereg_replace("[0-9]", "x", $quads[0]); 
    		$concealed = join(".", $quads); 
    		return $concealed;
    	} // end function
    
    }; // end class

  5. #5
    Non-Member DaveMichaels's Avatar
    Join Date
    Nov 2004
    Location
    US
    Posts
    535
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What's the purpose of HTTP_CLIENT_IP?

  6. #6
    SitePoint Guru worchyld's Avatar
    Join Date
    Jul 2003
    Location
    Newcastle upon Tyne
    Posts
    909
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I dunno, it wasn't my class I never wrote it.

  7. #7
    SitePoint Guru MikeBigg's Avatar
    Join Date
    Jun 2004
    Location
    Reading, UK
    Posts
    970
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by intrim
    Thanks for your reply Mike. After taking on board your info, would the following be acrude but effective way to log ip addresses.

    PHP Code:
     
    if ($_SERVER["HTTP_X_FORWARDED_FOR"])

    $ip=$_SERVER["HTTP_X_FORWARDED_FOR"]; 
    }
    else 
    if (
    $_SERVER["HTTP_CLIENT_IP"])
    {
    $ip=$_SERVER["HTTP_CLIENT_IP"];
    }
    else

    $ip=$_SERVER["REMOTE_ADDR"]; 

    Actually, I think that is too simple, given that at least on of the IP addresses can be a list. For example: $_SERVER["HTTP_X_FORWARDED_FOR"] could look like "11.22.33.44,55.66.77.88".

    If I were you, I'd store all three of them in a database along with the posts and see what results you get from your site visitors, then when you have some real data to look at, you might see how to filter the data to achieve what you want.

    i'll need to look into annonymous proxies though as i have no idea knoledge of these.
    Along with anonymous proxies, which may be used to hide a persons identity, there is the issue of routers that are becoming prevalent in homes and small businesses. Typically these don't populate the forwarded_for or client_ip fields, probably on security grounds.

    So, if you were to look at the IP addresses that you'd see if I were to visit your site, you'd only see the external IP address assigned to me by my ISP. Even though the router in my house had forwarded the request, it wouldn't pass on the IP address of my PC on my home network.

    Mike

  8. #8
    SitePoint Enthusiast
    Join Date
    Jan 2003
    Posts
    65
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I just want to thank everyone for their replies. After logging real ip addresses it does appear the poster is using an anonymous proxy as thier last 7 posts are all logging different ip addresses from all over the world. It's defo the same person posting as the posts are very similar and although the link they post is always slightly different, the end of the url is always the same (.6x.to). Is there a way using php I can check the text box content for this .6x.to and if a message contains this then just show message not allowed and not insert into database.

    This is really important to me as our website is a girls and ladies soccer team site and this scum is obviously attemping to show this porn link to our young players and visitors and I don't want any chance of stuff like this getting through.

    Thanks again for everyones time and help.

  9. #9
    SitePoint Guru MikeBigg's Avatar
    Join Date
    Jun 2004
    Location
    Reading, UK
    Posts
    970
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by intrim
    the end of the url is always the same (.6x.to). Is there a way using php I can check the text box content for this .6x.to and if a message contains this then just show message not allowed and not insert into database.
    Sure. It is difficult to supply specifics not knowing your code, but in php there is the strstr function which will check for an occurance of a string (.6x.to) within another string (the comment).

    Presumably somewhere in your code there is a SQL insert statement that inserts the text box content into the database. Just before the query is executed (mysql_query) put a test for .6x.to and if found simply skip over the insert query.

    Make any sense?

    Mike

  10. #10
    SitePoint Enthusiast
    Join Date
    Jan 2003
    Posts
    65
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by MikeBigg
    Sure. It is difficult to supply specifics not knowing your code, but in php there is the strstr function which will check for an occurance of a string (.6x.to) within another string (the comment).

    Presumably somewhere in your code there is a SQL insert statement that inserts the text box content into the database. Just before the query is executed (mysql_query) put a test for .6x.to and if found simply skip over the insert query.

    Make any sense?

    Mike
    Thanks for your help Mike. I've looked up strstr on the php manual website and think i need to do the following. I would appreciate if you could advice if this method is reliable (forgive me for keep questioning but my php skills aren't much above novice levelas you may well have guessed)

    PHP Code:
    $message=$HTTP_POST_VARS['Comments'];
    $check=strstr($message'.6x.to');
    if (
    $check !='.6x.to'){insert into..........;}
    else
    {echo 
    'you are banned from using our message board';} 
    Thanks again for your time.

  11. #11
    SitePoint Wizard Sillysoft's Avatar
    Join Date
    May 2002
    Location
    United States :)
    Posts
    1,691
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    [QUOTE=intrim]Thanks for your help Mike. I've looked up strstr on the php manual website and think i need to do the following. I would appreciate if you could advice if this method is reliable (forgive me for keep questioning but my php skills aren't much above novice levelas you may well have guessed)

    PHP Code:

    $message 
    trim($_POST['comments']);
    $check stristr($message,'6x.to');

    if(
    $check === FALSE)
    {

    //INSERT INTO DATABASE
    }else
    {

    //TRACK IP. BAN IP. DO NOT SHOW THEY HAVE BEEN BANNED


    Silly

  12. #12
    SitePoint Guru MikeBigg's Avatar
    Join Date
    Jun 2004
    Location
    Reading, UK
    Posts
    970
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Intrim,

    Silly has it right. The function he has suggested (which I didn't know about), stristr is a case-insensitive version of strstr.

    Also, I agree that you shouldn't tell the poster that he has been banned.

    Mike


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •