httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joey Hewitt" <j...@joeyhewitt.com>
Subject Re: [users@httpd] Blocking Visitors
Date Sat, 12 Jun 2004 13:21:25 GMT
Tim Burden <tim@burden.ca> wrote:
> I assume you have some kind of automated (free) registration system, and
> that's why you can't just ban by username. If you are banning people from
> your forums or whatever by IP address, they'll get back in the next time
> their IP address changes, which is the next time they dial up, or more
> rarely (but still regularly) if they are on DSL. So even non-geeks will
get
> in, without having to do anything special.
>
> A computer can also have more than one IP address at one time, too. And, a
> single IP address can have more than one computer behind it (think masq
> router or proxy). So really there is not much you can tell about the
> identity of a user by his IP address.

I just had an interesting idea.  Perhaps you could fetch NetBIOS usernames,
computer names, and workgroup names, and block based on them.  It's not very
nice to "exploit" this, but whatever they did to deserve being blocked
wasn't nice either. ;)  'Course, that's assuming that your users are silly
enough to run Windows with NetBIOS over TCP/IP and not have a decent
firewall in place.  Actually, I'd be interested in statistics for just how
many web site visitors to a fairly busy site are open to this.  Just my 2
cents...
==Joey

> ----- Original Message -----
> From: "David Blomstrom" <david_blomstrom@yahoo.com>
> To: <users@httpd.apache.org>
> Sent: Wednesday, June 09, 2004 12:54 PM
> Subject: Re: [users@httpd] Blocking Visitors
>
>
> > Thanks for all the tips and resources. I'm going to
> > check them out today.
> >
> > One more question. To put it in perspective, let's put
> > the situation in reverse. Suppose I'm the one who's
> > being blocked from a website or forum by an .htaccess
> > file.
> >
> > Aside from purchasing a second computer with a
> > different IP, is there a way for me to beat the system
> > and register with a new username and password?
> >
> > I imagine modifying the .htaccess file would
> > effectively screen 95% of the people I want to screen.
> > I just wondered if it's foolproof - or geekproof.
> >
> > Thanks.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message